Olimpo Informatico

[emanuelagenova]

SONO DISPERATA
non riesco ad eliminare il virus SPOOLSV.EXE
capisco poco di computer
facendo scan con antivirus mcafee mi sono stati segnalati diversi virus ma questi 5 non riesco ad eliminarli in quanto penso siano protetti da scrittura:
- windows\system32\spoolsvc.exe
- document&settings\dati applicazione\rator..\system.exe
- document&settings\dati applicazione\tack.exe
- windows\appunti.exe

ho provato con KILLBOX ma riavviando con nessun risultato

ecco il log di hijackthis_199:

Logfile of HijackThis v1.99.1
Scan saved at 19.25.37, on 27/09/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
c:\programmi\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Java\j2re1.4.2_04\bin\jusched.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\iPod\bin\iPodService.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\TEMP\qisb1.exe
C:\Programmi\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\DOCUME~1\alessio\IMPOST~1\Temp\Directory temporanea 3 per hijackthis_199.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=IT&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.1987324.com?301
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\it.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://format.packardbell.com/cgi-bin/redirect/?country=IT&range=AD&phase=6&key=OEM2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: m1a2 - {521693AA-7453-47ED-9959-3BD47DAA1B1A} - C:\WINDOWS\system32\msx.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: (no name) - {AB4EF161-63CE-9AF6-C20F-2B7EAEBA3DBC} - C:\DOCUME~1\alessio\DATIAP~1\INTRAT~1\AboutByte.exe
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O2 - BHO: ComCap - {E1B2E864-8BFC-4072-AE11-924E0F8BBA96} - C:\WINDOWS\system32\comcap16.dll
O2 - BHO: Dredge - {EB870508-E2B7-4169-8120-760F69703776} - C:\WINDOWS\system32\kaboom.dll
O2 - BHO: Intense - {FB47056B-B34D-410E-819A-E8A51CC8E2EB} - C:\WINDOWS\system32\Kaboom.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmi\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Wxp4] C:\WINDOWS\System32\Norton Update.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\mauro\Dati applicazioni\sgrunt\IE4321.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [that manager 4 mfcd] C:\Documents and Settings\All Users\Dati applicazioni\SLOWHOPETHATMANAGER\copywin.exe
O4 - HKLM\..\Run: [NI.UERST_0001_N86M1107] "c:\documents and settings\emanuela\dati applicazioni\errorsafescannerinstall_it[1].exe" -nag
O4 - HKLM\..\Run: [aouei] C:\Documents and Settings\alessio\Dati applicazioni\ratorefaci\sysrtmvs.exe
O4 - HKLM\..\Run: [qisb1.exe] C:\WINDOWS\TEMP\qisb1.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Programmi\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Programmi\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DriveLogo] C:\DOCUME~1\alessio\DATIAP~1\BIKEDV~1\VGA NOUN.exe
O4 - HKCU\..\Run: [Shellapi32] svcnet.exe
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\microsoft office\Office\OSA9.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\it.htm
O15 - Trusted Zone: www.1987324.com
O15 - Trusted Zone: *.3
O15 - Trusted Zone: www.adslconnection.name
O15 - Trusted Zone: *.aflashcounter.com
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.sgrunt.biz
O15 - Trusted Zone: www.skymasters.biz
O15 - Trusted Zone: www.softlab.name
O15 - Trusted Zone: www.xbeta69.com
O15 - Trusted Zone: www.xxx-content.name
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bokkadasse.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://www.softlab.name/closer/close.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programmi\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SecJez - Unknown owner - \\?\C:\Programmi\File comuni\Services\lpt3.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SrvImj - Unknown owner - \\?\C:\Programmi\File comuni\Services\con.exe (file missing)

------------


SONO DISPERATA HO DATI IMPORTANTISSIMI NEL PC .... VI PREGO AIUTATEMI !!!!

emanuela

[Typhoon90]

chiavi sicuramente da eliminare

O15 - Trusted Zone: www.1987324.com
O15 - Trusted Zone: *.3
O15 - Trusted Zone: www.adslconnection.name
O15 - Trusted Zone: *.aflashcounter.com
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.sgrunt.biz
O15 - Trusted Zone: www.skymasters.biz
O15 - Trusted Zone: www.softlab.name
O15 - Trusted Zone: www.xbeta69.com
O15 - Trusted Zone: www.xxx-content.name

poi aspetta i pareri delgli esperotni

[Smjert]

Credo che ti sia presa, oltre a spoolsvc.exe, un worm che si può chiamare Zafi.D, W32/Zafi.D, W32/Zafi.D@mm, Email-Worm.Win32.Zafi.d, W32/Zafi-D, W32/Zafi.d@MM.
Quindi procediamo alla sua rimozione:
Scarica questo programma, scompatta l'archivio e fai fare la scansione di tutti i drive al programmino, cancella tutto quello che trova di infetto.
Dopodichè riposta un log di hijackthis così vediamo cosa è rimasto (per semplificare la lettura del log chiudi tutti i programmi che puoi).

[holifay]

Ciao e benvenuta.

sarò diretta: il tuo PC è un vero ricettacolo di schifezze
Hai diversi trojan e almeno un paio di rootkit. Non so se fai prima a formattare, la cura sarà un po´ lunga. Te la posto tutta intera, perchè fatta a pezzi potrebbe non risolvere (si reinstallano da internet).

Allora, dopo che hai fatto quanto ti hanno suggerito prima, fai questo:

Scarica avenger ed estrai l´eseguibile sul desktop. Per ora lascialo lì
http://swandog46.geekstogo.com/avenger.zip

Scarica questo e avvialo. Premi Start e aspetta che abbia finito
http://smallbiz.symantec.com/security_response/writeup.jsp?docid=2006-092316-4153-99

Al termine, apri HijackThis, chiudi tutte le altre applicazioni e le finestre, premi Do a system scan only. Fatto il log, metti un segno di spunta accanto a queste voci e poi premi fix checked

[chemicalbit]

[emanuelagenova]

grazie mille a tutti !!
siamo sulla buona strada !!
facendo la scansione con mcafee non rileva virus

il sitema è rimasto cmq molto lento
ed in fase di riavvio devo aspetare almeno 5 minuti prima di poter lavorare

ecco i log:

il log di Ewido

[holifay]

OK, andiamo molto meglio

Adesso usa di nuovo Avenger, con questo script:

[emanuelagenova]

operazioni effettuate !!! GRAZIE MILLE PER LE DRITTE !!!
sembrano esserci ancora alcuni virus ...
ecco i log ...

HIJACKTHIS_________________________________________________
__________________________________________________________________________________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 10.16.21, on 29/09/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\apps\ABoard\AOSD.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\Programmi\McAfee.com\VSO\mcvsshld.exe
C:\Programmi\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
c:\programmi\mcafee.com\agent\mcdetect.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\DOCUME~1\alessio\IMPOST~1\Temp\Directory temporanea 6 per hijackthis_199.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=IT&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://format.packardbell.com/cgi-bin/redirect/?country=IT&range=AD&phase=6&key=OEM2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmi\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NI.UERST_0001_N86M1107] "c:\documents and settings\emanuela\dati applicazioni\errorsafescannerinstall_it[1].exe" -nag
O4 - HKLM\..\Run: [aouei] C:\Documents and Settings\alessio\Dati applicazioni\ratorefaci\sysrtmvs.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Programmi\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Programmi\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [!ewido] "C:\Programmi\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DriveLogo] C:\DOCUME~1\alessio\DATIAP~1\BIKEDV~1\VGA NOUN.exe
O4 - HKCU\..\Run: [Shellapi32] svcnet.exe
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\microsoft office\Office\OSA9.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\it.htm
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bokkadasse.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programmi\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe




PANDA______________________________________________________
__________________________________________________________________________________________________________________________


Incidente Stato Percorso

Dialer:dialer.cos Non Disinfettato C:\Documents and Settings\alessio\Dati applicazioni\microsoft\internet explorer\quick launch\exsplorer.lnk
Dialer:dialer.akd Non Disinfettato C:\Documents and Settings\alessio\Dati applicazioni\microsoft\internet explorer\quick launch\W1inMoviePlugIn.lnk
Strumenti indesiderati:application/errorsafe Non Disinfettato hkey_local_machine\software\Error Safe Free
Adware:adware/ready2wear Non Disinfettato Registro di sistema di Windows
Virus:Trj/Downloader.JZJ Disinfettato C:\boot32.exe
Spyware:Cookie/2o7 Non Disinfettato C:\Documents and Settings\alessio\Cookies\alessio@2o7[1].txt
Spyware:Cookie/Atlas DMT Non Disinfettato C:\Documents and Settings\alessio\Cookies\alessio@atdmt[2].txt
Spyware:Cookie/Doubleclick Non Disinfettato C:\Documents and Settings\alessio\Cookies\alessio@doubleclick[1].txt
Spyware:Cookie/Hitbox Non Disinfettato C:\Documents and Settings\alessio\Cookies\alessio@hitbox[2].txt
Spyware:Cookie/Serving-sys Non Disinfettato C:\Documents and Settings\alessio\Cookies\alessio@serving-sys[2].txt
Spyware:Cookie/Cgi-bin Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\Cookies\alessio@cgi-bin[3].txt
Virus:Trj/Downloader.JZJ Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\s2fc.1.exe[²òÇ\boot32.dat]
Dialer:Dialer.HZH Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\s34g.2.exe
Virus:Trj/Clicker.QG Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\s3c4.1.exe[²èÇ]
Adware:Adware/RazeSpyware Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\s3dc.2.exe
Adware:Adware/ATNetwork Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\s3g8.1.exe[¦%%\comcap16.dll]
Adware:Adware/RazeSpyware Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\s3r8.1.exe
Dialer:Dialer.HZH Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\saj8.1.exe
Virus:Trj/Clicker.RV Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\sak8.2.exe[¦%%\kaboom.dll]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx10.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx101.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx102.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx107.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx108.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx109.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx111.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx12.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx124.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx125.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx127.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx13.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx139.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx14.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx142.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx153.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx154.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx158.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx159.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx162.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx164.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx168.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx17.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx170.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx177.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx18.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx185.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx188.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx190.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx2.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx228.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx23.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx233.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx240.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx245.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx248.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx253.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx26.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx3.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx34.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx35.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx41.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx42.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx44.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx45.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx5.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx53.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx54.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx6.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx61.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx62.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx65.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx7.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx70.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx75.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx76.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx84.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\tmpx87.exe[²èÇ]
Virus:Trj/Clicker.MQ Non Disinfettato C:\Documents and Settings\alessio\Impostazioni locali\Temp\wsx6C.tmp[²èÇ]
Spyware:Cookie/adultfriendfinder Non Disinfettato C:\Documents and Settings\emanuela\Cookies\emanuela@adultfriendfinder[2].txt
Spyware:Cookie/Atlas DMT Non Disinfettato C:\Documents and Settings\emanuela\Cookies\emanuela@atdmt[2].txt
Spyware:Cookie/Cgi-bin Non Disinfettato C:\Documents and Settings\emanuela\Cookies\emanuela@cgi-bin[1].txt
Spyware:Cookie/Cgi-bin Non Disinfettato C:\Documents and Settings\emanuela\Cookies\emanuela@cgi-bin[7].txt
Spyware:Cookie/Cgi-bin Non Disinfettato C:\Documents and Settings\emanuela\Cookies\emanuela@cgi-bin[9].txt
Spyware:Cookie/Doubleclick Non Disinfettato C:\Documents and Settings\emanuela\Cookies\emanuela@doubleclick[1].txt
Spyware:Cookie/ErrorSafe Non Disinfettato C:\Documents and Settings\emanuela\Cookies\emanuela@errorsafe[2].txt
Spyware:Cookie/OfferOptimizer Non Disinfettato C:\Documents and Settings\emanuela\Cookies\emanuela@offeroptimizer[1].txt
Spyware:Cookie/Xiti Non Disinfettato C:\Documents and Settings\emanuela\Cookies\emanuela@xiti[1].txt
Adware:Adware/RazeSpyware Non Disinfettato C:\Documents and Settings\emanuela\Impostazioni locali\Temp\s140.1.exe
Adware:Adware/RazeSpyware Non Disinfettato C:\Documents and Settings\emanuela\Impostazioni locali\Temp\s33s.1.exe
Adware:Adware/RazeSpyware Non Disinfettato C:\Documents and Settings\emanuela\Impostazioni locali\Temp\s3j0.1.exe
Adware:Adware/RazeSpyware Non Disinfettato C:\Documents and Settings\emanuela\Impostazioni locali\Temp\s3vo.1.exe
Adware:Adware/RazeSpyware Non Disinfettato C:\Documents and Settings\emanuela\Impostazioni locali\Temp\s84.1.exe
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\emanuela\Impostazioni locali\Temp\tmpx147.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\emanuela\Impostazioni locali\Temp\tmpx162.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\emanuela\Impostazioni locali\Temp\tmpx196.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\emanuela\Impostazioni locali\Temp\tmpx198.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\emanuela\Impostazioni locali\Temp\tmpx219.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\emanuela\Impostazioni locali\Temp\tmpx42.exe[²èÇ]
Virus:Trj/Kaboom.G Non Disinfettato C:\Documents and Settings\emanuela\Impostazioni locali\Temp\tmpx51.exe[²èÇ]
Virus:Trj/Clicker.MQ Non Disinfettato C:\Documents and Settings\emanuela\Impostazioni locali\Temp\wsx1.tmp[²èÇ]
Virus:Trj/Clicker.MQ Non Disinfettato C:\Documents and Settings\emanuela\Impostazioni locali\Temp\wsx4.tmp[²èÇ]
Virus:Trj/Clicker.MQ Non Disinfettato C:\Documents and Settings\emanuela\Impostazioni locali\Temp\wsxB.tmp[²èÇ]
Possibile Virus. Non Disinfettato C:\Documents and Settings\emanuela\Impostazioni locali\Temporary Internet Files\Content.IE5\0TUNOX6N\img_005v7_turbo[1].png
Possibile Virus. Non Disinfettato C:\Documents and Settings\emanuela\Impostazioni locali\Temporary Internet Files\Content.IE5\CDUNWHU7\pn005v2_turbo[1].png
Adware:Adware/RazeSpyware Non Disinfettato C:\Documents and Settings\emanuela\Impostazioni locali\Temporary Internet Files\Content.IE5\G5IN0DIV\0199[1].png
Spyware:Cookie/Xiti Non Disinfettato C:\Documents and Settings\mauro\Cookies\mauro@xiti[1].txt
Virus:Trj/Lowzones.BV Disinfettato C:\Documents and Settings\mauro\Dati applicazioni\sgrunt\disinstalla.htm
Dialer:Dialer.HEF Non Disinfettato C:\WINDOWS\Uninstall Plasma.exe




AVENGER ____________________________________________________
__________________________________________________________________________________________________________________________


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\DriveLogo


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Shellapi32


Error: could not create zip file.
Error code: 0


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\blwfcpvt

*******************

Script file located at: \??\C:\uqtqg^rq.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run\NI.UERST_0001_N86M1107 not found!
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run\NI.UERST_0001_N86M1107 failed!
Status: 0xc0000034



Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run\aouei not found!
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run\aouei failed!
Status: 0xc0000034

Registry key HKLM\Software\Classes\*\shellex\ContextMenuHandlers\Resurrector deleted successfully.
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{521693AA-7453-47ED-9959-3BD47DAA1B1A} deleted successfully.
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB4EF161-63CE-9AF6-C20F-2B7EAEBA3DBC} deleted successfully.

Completed script processing.

*******************

Finished! Terminate.//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\hradnjsm

*******************

Script file located at: \??\C:\WINDOWS\system32\evmdysxi.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run\NI.UERST_0001_N86M1107 not found!
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run\NI.UERST_0001_N86M1107 failed!
Status: 0xc0000034



Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run\aouei not found!
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run\aouei failed!
Status: 0xc0000034



Registry key HKLM\Software\Classes\*\shellex\ContextMenuHandlers\Resurrector not found!
Deletion of registry key HKLM\Software\Classes\*\shellex\ContextMenuHandlers\Resurrector failed!
Status: 0xc0000034



Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{521693AA-7453-47ED-9959-3BD47DAA1B1A} not found!
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{521693AA-7453-47ED-9959-3BD47DAA1B1A} failed!
Status: 0xc0000034



Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB4EF161-63CE-9AF6-C20F-2B7EAEBA3DBC} not found!
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB4EF161-63CE-9AF6-C20F-2B7EAEBA3DBC} failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

[holifay]

Bene, abbiamo quasi finito

Elimina da HijackThis queste voci:

[emanuelagenova]

grazie mille come sempre !!!

ecco i log ... e speriamo in bene !!!!!!!


- nuovo log di Avenger ___________________________________
_______________________________________________________
_______________________________________________________

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\clbdytix

*******************

Script file located at: \??\C:\bsbdupip.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Folder C:\Documents and Settings\alessio\Impostazioni locali\Temp deleted successfully.
Folder C:\Documents and Settings\emanuela\Impostazioni locali\Temp deleted successfully.
Folder C:\Documents and Settings\mauro\Dati applicazioni\sgrunt deleted successfully.
File C:\Documents and Settings\alessio\Dati applicazioni\microsoft\internet explorer\quick launch\exsplorer.lnk deleted successfully.
File C:\Documents and Settings\alessio\Dati applicazioni\microsoft\internet explorer\quick launch\W1inMoviePlugIn.lnk deleted successfully.


File C:\boot32.exe not found!
Deletion of file C:\boot32.exe failed!

Could not process line:
C:\boot32.exe
Status: 0xc0000034



- nuovo log di HijackThis ___________________________________
________________________________________________________
________________________________________________________

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\clbdytix

*******************

Script file located at: \??\C:\bsbdupip.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Folder C:\Documents and Settings\alessio\Impostazioni locali\Temp deleted successfully.
Folder C:\Documents and Settings\emanuela\Impostazioni locali\Temp deleted successfully.
Folder C:\Documents and Settings\mauro\Dati applicazioni\sgrunt deleted successfully.
File C:\Documents and Settings\alessio\Dati applicazioni\microsoft\internet explorer\quick launch\exsplorer.lnk deleted successfully.
File C:\Documents and Settings\alessio\Dati applicazioni\microsoft\internet explorer\quick launch\W1inMoviePlugIn.lnk deleted successfully.


File C:\boot32.exe not found!
Deletion of file C:\boot32.exe failed!

Could not process line:
C:\boot32.exe
Status: 0xc0000034





- log di regsrch.vbs ________________________________________
_________________________________________________________
_________________________________________________________
REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "ready2wear" 29/09/2004 18.00.59

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{521693AA-7453-47ED-9959-3BD47DAA1B1A}\ProgID]
@="xsmx.ready2wear.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{521693AA-7453-47ED-9959-3BD47DAA1B1A}\VersionIndependentProgID]
@="xsmx.ready2wear"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A25166AB-84F1-4636-B8C2-1D0366E8BB7B}]
@="Iready2wear"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\xsmx.ready2wear]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\xsmx.ready2wear\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\xsmx.ready2wear\CurVer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\xsmx.ready2wear\CurVer]
@="xsmx.ready2wear.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\xsmx.ready2wear.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\xsmx.ready2wear.1\CLSID]

[Smjert]

Attenzione!! vorrei far notare che Spoolsv.exe non è un virus.. è Spoolsvc.exe il virus quindi per non creare confusioni (ed errori) bisogna cambiare il titolo del topic.

[chemicalbit]

[Smjert]

[holifay]

Copia il contenuto qui sotto in grassetto in un file di testo che chiamerai fix.reg. Salva il file sul desktop, poi avvialo cliccandoci sopra due volte e rispondi OK

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{521693AA-7453-47ED-9959-3BD47DAA1B1A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A25166AB-84F1-4636-B8C2-1D0366E8BB7B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\xsmx.ready2wear]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\xsmx.ready2wear.1]

Dovrebbe dirti che le informazioni sono state aggiunte nel registro.

Dopo di che cerca ed elimina questo file: C:\WINDOWS\Uninstall Plasma.exe

Poi per me sei a posto, come va il PC? Occhio a non infettarti più, segliendo con attenzione cosa installare e su quali link cliccare!

[emanuelagenova]

fatto tutto ... ma non sono riuscita a trovare il file C:\WINDOWS\Uninstall Plasma.exe per cancellarlo ...

il pc va molto molto molto meglio ... adesso riesco ad usarlo !!!

ho solo problemini in fase di avvio e qualche altra volta che mi si ferma senza motivo, per poi sbloccarsi dopo 4 o 5 minuti ....
centra mica qualcosa l'antivirus?

cmq questo è il mio log attuale :

Logfile of HijackThis v1.99.1
Scan saved at 17.56.53, on 04/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
c:\programmi\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programmi\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\iTunes\iTunes.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\DOCUME~1\alessio\IMPOST~1\Temp\Directory temporanea 2 per hijackthis_199.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=IT&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://format.packardbell.com/cgi-bin/redirect/?country=IT&range=AD&phase=6&key=OEM2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmi\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NI.UERST_0001_N86M1107] "c:\documents and settings\emanuela\dati applicazioni\errorsafescannerinstall_it[1].exe" -nag
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Programmi\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Programmi\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\microsoft office\Office\OSA9.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\it.htm
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bokkadasse.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programmi\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe

_____________________________________________________

GRAZIE MILLE ... SEI STATA SPLENDIDA COME SEMPRE !!!!

[Smjert]

Hai ancora una voce che rischia di ripristinare/aggiungere altri malware..
Apri HijackThis e premi Do a system scan only poi spunta questa voce e clicca Fix Checked:

[emanuelagenova]

ecco fatto ...
speriamo in bene !!


__________________________________________________________

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\bodpdogy

*******************

Script file located at: \??\C:\enejtqoc.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File c:\documents and settings\emanuela\dati applicazioni\errorsafescannerinstall_it[1].exe not found!
Deletion of file c:\documents and settings\emanuela\dati applicazioni\errorsafescannerinstall_it[1].exe failed!

Could not process line:
c:\documents and settings\emanuela\dati applicazioni\errorsafescannerinstall_it[1].exe
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.




__________________________________________________________-

Logfile of HijackThis v1.99.1
Scan saved at 1.51.24, on 05/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
c:\programmi\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\apps\ABoard\AOSD.exe
C:\Programmi\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Programmi\Messenger\msmsgs.exe
C:\DOCUME~1\alessio\IMPOST~1\Temp\Directory temporanea 3 per hijackthis_199.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=IT&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://format.packardbell.com/cgi-bin/redirect/?country=IT&range=AD&phase=6&key=OEM2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmi\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NI.UERST_0001_N86M1107] "c:\documents and settings\emanuela\dati applicazioni\errorsafescannerinstall_it[1].exe" -nag
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Programmi\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Programmi\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\microsoft office\Office\OSA9.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\it.htm
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bokkadasse.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programmi\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe

[Smjert]

Ecco lo sapevo... non si è levata allora rifixa quella voce con HijackThis e poi riavvia il pc in Modalità Provvisoria.

[holifay]

il file errorsafescannerinstall_it[1].exe è già stato cancellato da Avenger, qualche post fa

Non riesci a fixare quella voce da HijackThis?

[Smjert]

Cmq quel file appartiene al trojan Rogue.ErrorSafe o + semplicemente ErrorSafe ma non trovo un tool automatico per fare la pulizia (dato che ci sarebbero da controllare e, se ci sono, rimuovere tipo 30 chiavi di registro e una decina di file...)