Olimpo Informatico

filippom82 · Mortale devoto Registrato: 12/01/08 19:37 Messaggi: 5

Buonasera a tutti, ho anche io il problema di doginhispen.

posto subito il file ottenuto con la scansione AWF, spero potrete aiutarmi con le contromisure.

GRAZIE

Find AWF report by noahdfear ©2006
Version 1.40

bak folders found
~~~~~~~~~~~

Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: CC18-4459

Directory di C:\PROGRA~1\ITUNES\BAK

27/04/2007 10.25 257.088 iTunesHelper.exe
1 File 257.088 byte
2 Directory 56.727.138.304 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: CC18-4459

Directory di C:\PROGRA~1\MESSEN~1\BAK

0 File 0 byte
2 Directory 56.727.138.304 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: CC18-4459

Directory di C:\PROGRA~1\QUICKT~1\BAK

02/05/2007 10.32 282.624 qttask.exe
1 File 282.624 byte
2 Directory 56.727.134.208 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: CC18-4459

Directory di C:\WINDOWS\EHOME\BAK

17/08/2005 21.40 64.512 ehtray.exe
1 File 64.512 byte
2 Directory 56.727.134.208 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: CC18-4459

Directory di C:\WINDOWS\SYSTEM32\BAK

07/09/2004 13.00 15.360 ctfmon.exe
1 File 15.360 byte
2 Directory 56.727.134.208 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: CC18-4459

Directory di C:\PROGRA~1\ALWILS~1\AVAST4\BAK

04/12/2007 14.00 79.224 ashDisp.exe
1 File 79.224 byte
2 Directory 56.727.134.208 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: CC18-4459

Directory di C:\PROGRA~1\SKYPE\PHONE\BAK

0 File 0 byte
2 Directory 56.727.134.208 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: CC18-4459

Directory di C:\PROGRA~1\SYNAPT~1\SYNTP\BAK

03/03/2006 00.02 761.948 SynTPEnh.exe
1 File 761.948 byte
2 Directory 56.727.134.208 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: CC18-4459

Directory di C:\PROGRA~1\TOSHIBA\TOSCDSPD\BAK

12/04/2005 09.14 65.536 toscdspd.exe
1 File 65.536 byte
2 Directory 56.727.134.208 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: CC18-4459

Directory di C:\PROGRA~1\TOSHIBA\TOSHIB~1\BAK

25/08/2006 12.47 356.352 thotkey.exe
1 File 356.352 byte
2 Directory 56.727.134.208 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: CC18-4459

Directory di C:\PROGRA~1\TOSHIBA\TOSHIB~3\BAK

12/05/2005 12.33 118.784 SmoothView.exe
1 File 118.784 byte
2 Directory 56.727.134.208 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: CC18-4459

Directory di C:\PROGRA~1\TOSHIBA\TVS\BAK

02/02/2006 12.11 73.728 TvsTray.exe
1 File 73.728 byte
2 Directory 56.727.130.112 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: CC18-4459

Directory di C:\PROGRA~1\ULEADS~1\ULEADV~1\BAK

06/03/2006 23.52 36.864 uvPL.exe
1 File 36.864 byte
2 Directory 56.727.130.112 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: CC18-4459

Directory di C:\WINDOWS\IME\IMJP8_1\BAK

07/09/2004 13.00 208.952 IMJPMIG.EXE
1 File 208.952 byte
2 Directory 56.727.130.112 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: CC18-4459

Directory di C:\WINDOWS\IME\IMKR6_1\BAK

07/09/2004 13.00 44.032 IMEKRMIG.EXE
1 File 44.032 byte
2 Directory 56.727.130.112 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: CC18-4459

Directory di C:\WINDOWS\SAMSUNG\COMSMMGR\BAK

03/07/2005 08.20 372.736 ssmmgr.exe
1 File 372.736 byte
2 Directory 56.727.130.112 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: CC18-4459

Directory di C:\WINDOWS\SYSTEM32\DLA\BAK

06/10/2005 04.20 122.940 DLACTRLW.EXE
1 File 122.940 byte
2 Directory 56.727.130.112 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: CC18-4459

Directory di C:\PROGRA~1\FILECO~1\AHEAD\LIB\BAK

12/01/2006 15.40 155.648 NeroCheck.exe
01/06/2006 12.32 94.208 NMBgMonitor.exe
2 File 249.856 byte
2 Directory 56.727.130.112 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: CC18-4459

Directory di C:\PROGRA~1\FILECO~1\REAL\UPDATE~1\BAK

16/04/2007 16.20 185.896 realsched.exe
1 File 185.896 byte
2 Directory 56.727.130.112 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: CC18-4459

Directory di C:\PROGRA~1\INTEL\WIRELESS\BIN\BAK

01/08/2006 23.32 696.320 ifrmewrk.exe
01/08/2006 23.38 802.816 ZCfgSvc.exe
2 File 1.499.136 byte
2 Directory 56.727.130.112 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: CC18-4459

Directory di C:\WINDOWS\SYSTEM32\IME\PINTLGNT\BAK

07/09/2004 13.00 59.392 ImScInst.exe
1 File 59.392 byte
2 Directory 56.727.130.112 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: CC18-4459

Directory di C:\WINDOWS\SYSTEM32\IME\TINTLGNT\BAK

07/09/2004 13.00 455.168 TINTSETP.EXE
1 File 455.168 byte
2 Directory 56.727.130.112 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: CC18-4459

Directory di C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

25/01/2005 05.00 98.304 E_FATIAAE.EXE
1 File 98.304 byte
2 Directory 56.727.126.016 byte disponibili

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

14348 4 Jan 2008 "C:\Programmi\iTunes\iTunesHelper.exe"
257088 27 Apr 2007 "C:\Programmi\iTunes\bak\iTunesHelper.exe"
102400 29 Oct 2007 "C:\WINDOWS\Installer\{3592F5CB-B524-43AA-92F2-2377268199CC}\iTunesIco.exe"
116288 27 Apr 2007 "C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 7.1.1.5\iTunesSetupAdmin.exe"
14348 4 Jan 2008 "C:\Programmi\QuickTime\qttask.exe"
282624 2 May 2007 "C:\Programmi\QuickTime\bak\qttask.exe"
59392 10 Aug 2004 "C:\WINDOWS\$NtUninstallKB900325$\ehtray.exe"
59392 10 Aug 2004 "C:\WINDOWS\ehome\ehtray.exe"
64512 17 Aug 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
15360 7 Sep 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 7 Sep 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
79224 4 Dec 2007 "C:\Programmi\Alwil Software\Avast4\ashDisp.exe"
79224 4 Dec 2007 "C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe"
761948 3 Mar 2006 "C:\TOOLSCD\Touch pad Driver\SynTPEnh.exe"
14348 4 Jan 2008 "C:\Programmi\Synaptics\SynTP\SynTPEnh.exe"
761948 3 Mar 2006 "C:\Programmi\Synaptics\SynTP\bak\SynTPEnh.exe"
761948 3 Mar 2006 "C:\Programmi\Synaptics\SynTP\Media\SynTPEnh.exe"
14348 4 Jan 2008 "C:\Programmi\Toshiba\TOSCDSPD\toscdspd.exe"
65536 12 Apr 2005 "C:\Programmi\Toshiba\TOSCDSPD\bak\toscdspd.exe"
14348 4 Jan 2008 "C:\Programmi\Toshiba\TOSHIBA Applet\thotkey.exe"
356352 25 Aug 2006 "C:\Programmi\Toshiba\TOSHIBA Applet\bak\thotkey.exe"
14348 4 Jan 2008 "C:\Programmi\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe"
118784 12 May 2005 "C:\Programmi\Toshiba\TOSHIBA Zooming Utility\bak\SmoothView.exe"
14348 4 Jan 2008 "C:\Programmi\Toshiba\Tvs\TvsTray.exe"
73728 2 Feb 2006 "C:\Programmi\Toshiba\Tvs\bak\TvsTray.exe"
14348 4 Jan 2008 "C:\Programmi\Ulead Systems\Ulead VideoStudio 10\uvPL.exe"
36864 6 Mar 2006 "C:\Programmi\Ulead Systems\Ulead VideoStudio 10\bak\uvPL.exe"
208952 7 Sep 2004 "C:\WINDOWS\ime\imjp8_1\imjpmig.exe"
208952 7 Sep 2004 "C:\WINDOWS\ime\imjp8_1\bak\IMJPMIG.EXE"
44032 7 Sep 2004 "C:\WINDOWS\ime\imkr6_1\imekrmig.exe"
44032 7 Sep 2004 "C:\WINDOWS\ime\imkr6_1\bak\IMEKRMIG.EXE"
14348 4 Jan 2008 "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe"
372736 3 Jul 2005 "C:\WINDOWS\Samsung\ComSMMgr\bak\ssmmgr.exe"
372736 3 Jul 2005 "C:\WINDOWS\Samsung\ML-1610\ML-1610\SM\ComSMMgr\SSMMgr.exe"
14348 4 Jan 2008 "C:\WINDOWS\system32\DLA\DLACTRLW.EXE"
122940 6 Oct 2005 "C:\Programmi\Sonic\DLA\install\dlactrlw.exe"
122940 6 Oct 2005 "C:\WINDOWS\system32\DLA\bak\DLACTRLW.EXE"
14348 4 Jan 2008 "C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe"
155648 12 Jan 2006 "C:\Programmi\File comuni\Ahead\Lib\bak\NeroCheck.exe"
14348 4 Jan 2008 "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
94208 1 Jun 2006 "C:\Programmi\File comuni\Ahead\Lib\bak\NMBgMonitor.exe"
14348 4 Jan 2008 "C:\Programmi\File comuni\Real\Update_OB\realsched.exe"
185896 16 Apr 2007 "C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe"
14348 4 Jan 2008 "C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe"
696320 1 Aug 2006 "C:\Programmi\Intel\Wireless\Bin\bak\ifrmewrk.exe"
14348 4 Jan 2008 "C:\Programmi\Intel\Wireless\Bin\ZCfgSvc.exe"
802816 1 Aug 2006 "C:\Programmi\Intel\Wireless\Bin\bak\ZCfgSvc.exe"
59392 7 Sep 2004 "C:\WINDOWS\system32\IME\PINTLGNT\imscinst.exe"
59392 7 Sep 2004 "C:\WINDOWS\system32\IME\PINTLGNT\bak\ImScInst.exe"
455168 7 Sep 2004 "C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe"
455168 7 Sep 2004 "C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE"
14348 4 Jan 2008 "C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAAE.EXE"
98304 25 Jan 2005 "C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_d68fff8\E_FATIAAE.EXE"
139264 19 May 2006 "C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r26603\E_FATIBNE.EXE"
98304 25 Jan 2005 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\E_FATIAAE.EXE"

end of report

bdoriano

Ciao filippom82, Ciao

Scarica avenger e scompattalo in una sua cartella non temporanea e non sul desktop

Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:

filippom82 · Mortale devoto Registrato: 12/01/08 19:37 Messaggi: 5

ciao,

grazie mille per la risposta! ho fatto tutto ed ecco il risultato.

spero si sia sistemato tutto...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.08.34, on 12/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Programmi\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
c:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\WINDOWS\system32\wuauclt.exe
c:\Programmi\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\Programmi\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\USER\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Programmi\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Toolbar Suite\msntb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Toolbar Suite\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Tvs] C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [UVS10 Preload] C:\Programmi\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [EPSON Stylus Photo R265 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNE.EXE /FU "C:\WINDOWS\TEMP\E_S110.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Programmi\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Programmi\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Programmi\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Programmi\MSN Toolbar Suite\msntb.dll/search.htm
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\MSN Toolbar Suite\it-it\msntabres.dll.mui/230?f50c01e484784d0cb9f752d118c384fd
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\MSN Toolbar Suite\it-it\msntabres.dll.mui/229?f50c01e484784d0cb9f752d118c384fd
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3BEFC97C-AA9D-442D-80A7-6FE676DD6538}: NameServer = 151.99.125.3,194.243.154.62
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A60ACA5-AD12-424D-B637-DAD5CE7A1279}: NameServer = 85.37.17.43 85.38.28.96
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programmi\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 12417 bytes

bdoriano

Manca il log di avenger, che trovi in C:\avenger.txt. Appena puoi, postalo.

filippom82 · Mortale devoto Registrato: 12/01/08 19:37 Messaggi: 5

eccolo scusa

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\iyxqwpdb

*******************

Script file located at: \??\C:\WINDOWS\vgaebmbr.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Programmi\iTunes\iTunesHelper.exe deleted successfully.
File C:\Programmi\QuickTime\qttask.exe deleted successfully.
File C:\Programmi\Synaptics\SynTP\SynTPEnh.exe deleted successfully.
File C:\Programmi\Toshiba\TOSCDSPD\toscdspd.exe deleted successfully.
File C:\Programmi\Toshiba\TOSHIBA Applet\thotkey.exe deleted successfully.
File C:\Programmi\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe deleted successfully.
File C:\Programmi\Toshiba\Tvs\TvsTray.exe deleted successfully.
File C:\Programmi\Ulead Systems\Ulead VideoStudio 10\uvPL.exe deleted successfully.
File C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe deleted successfully.
File C:\WINDOWS\system32\DLA\DLACTRLW.EXE deleted successfully.
File C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe deleted successfully.
File C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe deleted successfully.
File C:\Programmi\File comuni\Real\Update_OB\realsched.exe deleted successfully.
File C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe deleted successfully.
File C:\Programmi\Intel\Wireless\Bin\ZCfgSvc.exe deleted successfully.
File C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAAE.EXE deleted successfully.
File move operation C:\Programmi\iTunes\bak\iTunesHelper.exe|C:\Programmi\iTunes\iTunesHelper.exe completed successfully.
File move operation C:\Programmi\QuickTime\bak\qttask.exe|C:\Programmi\QuickTime\qttask.exe completed successfully.
File move operation C:\Programmi\Synaptics\SynTP\bak\SynTPEnh.exe|C:\Programmi\Synaptics\SynTP\SynTPEnh.exe completed successfully.
File move operation C:\Programmi\Toshiba\TOSCDSPD\bak\toscdspd.exe|C:\Programmi\Toshiba\TOSCDSPD\toscdspd.exe completed successfully.
File move operation C:\Programmi\Toshiba\TOSHIBA Applet\bak\thotkey.exe|C:\Programmi\Toshiba\TOSHIBA Applet\thotkey.exe completed successfully.
File move operation C:\Programmi\Toshiba\TOSHIBA Zooming Utility\bak\SmoothView.exe|C:\Programmi\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe completed successfully.
File move operation C:\Programmi\Toshiba\Tvs\bak\TvsTray.exe|C:\Programmi\Toshiba\Tvs\TvsTray.exe completed successfully.
File move operation C:\Programmi\Ulead Systems\Ulead VideoStudio 10\bak\uvPL.exe|C:\Programmi\Ulead Systems\Ulead VideoStudio 10\uvPL.exe completed successfully.
File move operation C:\WINDOWS\Samsung\ComSMMgr\bak\ssmmgr.exe|C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe completed successfully.
File move operation C:\WINDOWS\system32\DLA\bak\DLACTRLW.EXE|C:\WINDOWS\system32\DLA\DLACTRLW.EXE completed successfully.
File move operation C:\Programmi\File comuni\Ahead\Lib\bak\NeroCheck.exe|C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe completed successfully.
File move operation C:\Programmi\File comuni\Ahead\Lib\bak\NMBgMonitor.exe|C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe completed successfully.
File move operation C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe|C:\Programmi\File comuni\Real\Update_OB\realsched.exe completed successfully.
File move operation C:\Programmi\Intel\Wireless\Bin\bak\ifrmewrk.exe|C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe completed successfully.
File move operation C:\Programmi\Intel\Wireless\Bin\bak\ZCfgSvc.exe|C:\Programmi\Intel\Wireless\Bin\ZCfgSvc.exe completed successfully.
File move operation C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\E_FATIAAE.EXE|C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAAE.EXE completed successfully.

Completed script processing.

*******************

Finished! Terminate.

bdoriano

Ok. I logs sembrano puliti. Smile

Hai fatto anche il passaggio con DelDomains come ti avevo indicato?

Per sicurezza:

Fai una scansione online con Bitdefender.
Fai una scansione online con Panda Active Scan.
Fai una scansione online con Eset.

filippom82 · Mortale devoto Registrato: 12/01/08 19:37 Messaggi: 5

si ho fatto anche quel passaggio....

io ho avast installato, ma ovviamente non si è accorto di nulla! ora provo a passare con quelli da te linkati, grazie mille.

ps mi sapresti indicare qualche spyware di fiducia? io ho ad-adaware e super ma anche loro non hanno visto nulla...

grazie ancora

bdoriano

Purtroppo, AdAware e SuperAntiSpyware non lavorano in tempo reale.
Puoi provare SpywareTerminator che ha la protezione in tempo reale.
Tieni conto che i virus vengono riconosciuti dopo qualche ora (o qualche giorno) dalla prima infezione riconosciuta.
Ti consiglio di installare anche un buon firewall.