Olimpo Informatico

[agatina]

da due giorni mi ero accorto che norton non dava segni di vita.oggi ho provato a lanciare una scansione ma il programma mi segnalava che avrei dovuto reinstallarlo perche' aveva dei file "corrotti". nel disinstallarlo e reinstallarlo ho cominciato a ricevere di tutto.
questo e ' il log.
grazie per l'aiuto.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0.14.43, on 15/02/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe
C:\Programmi\a-squared Anti-Dialer\a2adguard.exe
C:\Programmi\D-Link\AirPlus G\AirGCFG.exe
C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\System32\spoolw.exe
C:\WINDOWS\System32\igfxsvc.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\a-squared Anti-Dialer\a2service.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\winlagons.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\elenina\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F3 - REG:win.ini: run=C:\WINDOWS\mmhren1.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe"
O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programmi\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [spoolw] C:\WINDOWS\System32\spoolw.exe
O4 - HKCU\..\Run: [igfxsvc] C:\WINDOWS\System32\igfxsvc.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [Microsoft Update] psconv.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [Microsoft Update] psconv.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: cru629.dat
O21 - SSODL: ChkComponent - {54fff5ae-c89a-4c0f-9a0f-65f37f086fdc} - C:\WINDOWS\Installer\{54fff5ae-c89a-4c0f-9a0f-65f37f086fdc}\ChkComponent.dll
O21 - SSODL: zip - {16825f6a-dc77-436b-868a-17ef424b46fc} - C:\WINDOWS\Installer\{16825f6a-dc77-436b-868a-17ef424b46fc}\zip.dll
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Dialer\a2service.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\Norton Internet Security\comHost.exe
O23 - Service: Google Online Search Service - Unknown owner - C:\WINDOWS\System32\winlagons.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9323 bytes

[bdoriano]

Ciao agatina,

direi che sei messo proprio male...

Cominciamo a rimuovere norton, scarica e usa il Norton Removal Tool

Poi, segui le istruzioni di questo topic per postare il log di combofix.

Ri-posta un log aggiornato di hijackthis

[agatina]

ecco il log di combo:

ComboFix 08-02-16.2 - elenina 2008-02-16 10.10.23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1040.18.96 [GMT 1:00]
Eseguito da: C:\Documents and Settings\elenina\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\as.txt
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\elenina\Dati applicazioni\inst.exe
C:\U.exe
C:\WINDOWS\1950625.exe
C:\WINDOWS\870203.exe
C:\WINDOWS\870875.exe
C:\WINDOWS\898328.exe
C:\WINDOWS\runsql.exe
C:\WINDOWS\search_res.txt
C:\WINDOWS\sv.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\svzip.exe
C:\WINDOWS\system32\0_exception.nls
C:\WINDOWS\system32\kr_done1
C:\WINDOWS\system32\msdrives
C:\WINDOWS\system32\RunOnce.t__
C:\WINDOWS\system32\RunOnce.tm_
C:\WINDOWS\system32\update0.exe
C:\WINDOWS\system32\update1.exe
C:\WINDOWS\system32\update5.exe
C:\WINDOWS\system32\update6.exe
C:\WINDOWS\system32\update8.exe
C:\WINDOWS\system32\update9.exe
C:\WINDOWS\system32\xpdx.sys

----- BITS: Possible infected sites -----

hxxp://freepornmoviesworld.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DRIVERPP
-------\LEGACY_RUNTIME
-------\driverpp
-------\NdisWon


((((((((((((((((((((((((( Files Creati Da 2008-01-16 al 2008-02-16 )))))))))))))))))))))))))))))))))))
.

2008-02-16 10:05 . 2008-02-16 10:05 2,108 --a------ C:\chk-bggop.exe
2008-02-16 10:03 . 2008-02-16 10:03 <DIR> d-ahs---- C:\Settings
2008-02-16 10:03 . 2008-02-16 10:03 18,944 --a------ C:\WINDOWS\system32\herjt374.exe
2008-02-16 10:03 . 2008-02-16 10:03 14,336 --a------ C:\WINDOWS\system32\herjt331.exe
2008-02-16 10:02 . 2008-02-16 10:02 17,920 --a------ C:\WINDOWS\system32\herjt230.exe
2008-02-16 10:02 . 2008-02-16 10:02 10,000 --a------ C:\WINDOWS\system32\Jfs9jg.dll
2008-02-16 10:02 . 2008-02-16 10:02 10,000 --a------ C:\WINDOWS\system32\Fsd9mk4g.dll
2008-02-16 09:55 . 2008-02-16 09:55 3,751 --a------ C:\Programmi\tmp705093.exe
2008-02-16 09:55 . 2008-02-16 09:55 3,751 --a------ C:\Programmi\tmp704546.exe
2008-02-16 09:55 . 2008-02-16 09:55 3,751 --a------ C:\Programmi\tmp704531.exe
2008-02-14 18:11 . 2008-02-14 18:11 29 --a------ C:\WINDOWS\system32\dwttusgg.tmp
2008-02-14 18:09 . 2008-02-14 18:09 40,960 --a------ C:\WINDOWS\system32\herjt395.exe
2008-02-14 18:09 . 2008-02-14 18:09 40,960 --a------ C:\WINDOWS\mmhren1.exe
2008-02-14 18:09 . 2008-02-16 10:03 36 --a------ C:\WINDOWS\system32\svchost.t__
2008-02-14 18:09 . 2008-02-16 10:15 13 --ah----- C:\WINDOWS\mmax_hren2.ini
2008-02-14 18:07 . 2008-02-16 10:15 316 --a------ C:\WINDOWS\system32\winlogans.tmp
2008-02-14 18:06 . 2008-02-14 18:06 6,144 --a------ C:\WINDOWS\system32\winlagons.exe
2008-02-14 18:06 . 2008-02-14 18:06 6,144 --a------ C:\ie_updater.exe
2008-02-14 18:06 . 2008-02-14 18:06 6,144 --a------ C:\Documents and Settings\elenina\ie_updates3r.exe
2008-02-14 18:06 . 2008-02-14 18:06 2,108 --a------ C:\chk-qpvae.exe
2008-02-12 18:17 . 2008-02-12 18:17 <DIR> d-------- C:\Programmi\DVDFab Platinum 4
2008-02-12 18:17 . 2008-02-12 18:24 <DIR> d-------- C:\Documents and Settings\elenina\Dati applicazioni\Vso
2008-02-12 18:17 . 2008-02-12 18:17 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-02-12 18:17 . 2008-02-12 18:17 47,360 --a------ C:\Documents and Settings\elenina\Dati applicazioni\pcouffin.sys
2008-02-12 18:08 . 2008-02-12 18:08 <DIR> d-------- C:\Documents and Settings\elenina\Dati applicazioni\Ahead

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-16 09:15 --------- d-----w C:\Documents and Settings\elenina\Dati applicazioni\Skype
2008-02-16 09:03 --------- d-----w C:\Programmi\File comuni\Symantec Shared
2008-02-15 17:17 --------- d-----w C:\Programmi\eMule
2008-01-13 17:54 --------- d-----w C:\Programmi\DivX
2007-10-13 14:09 2,372,760 ----a-w C:\Programmi\winzip90.exe
2007-09-15 07:20 24,480 ----a-w C:\Documents and Settings\elenina\Dati applicazioni\GDIPFONTCACHEV1.DAT
2007-06-19 20:41 2,333,712 ----a-w C:\Programmi\a2AntiDialerSetup.exe
2007-03-01 17:12 3,534,076 ----a-w C:\Programmi\eMule0.47c-Installer.exe
2004-03-11 12:27 40,960 ----a-w C:\Programmi\Uninstall_CDS.exe
2001-08-31 12:00 4,096 --sha-w C:\WINDOWS\system32\bns.dat
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 1,400,944 2004-09-07 13:25:58 C:\Programmi\Ahead\InCD\bak\InCD.exe

----a-w 98,304 2002-11-08 14:50:32 C:\Programmi\Analog Devices\SoundMAX\bak\SMTray.exe

----a-w 32,768 2003-12-08 16:35:14 C:\Programmi\CyberLink DVD Solution\PowerDVD\bak\PDVDServ.exe

-c--a-w 185,896 2007-03-15 17:41:52 C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe

-c--a-w 218,240 2004-11-02 14:59:52 C:\Programmi\File comuni\Symantec Shared\Security Center\bak\UsrPrmpt.exe

----a-w 13,312 2001-08-31 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 13,312 2001-08-31 12:00:00 C:\WINDOWS\system32\ctfmon.exe

----a-w 155,648 2001-07-09 10:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-31 13:00 13312]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2001-08-02 07:14 1077277]
"Skype"="C:\Programmi\Skype\Phone\Skype.exe" [2007-08-31 16:40 22879528]
"NBJ"="C:\Programmi\Ahead\Nero BackItUp\NBJ.exe" [2004-09-22 16:10 1871872]
"spoolw"="C:\WINDOWS\System32\spoolw.exe" [2001-08-31 13:00 2108]
"igfxsvc"="C:\WINDOWS\System32\igfxsvc.exe" [2001-08-31 13:00 2108]
"Microsoft hren1"="C:\WINDOWS\mmhren1.exe" [2008-02-14 18:09 40960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2003-05-07 09:32 36864 C:\WINDOWS\system32\VTTimer.exe]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2007-03-14 18:05 257088]
"CnxDslTaskBar"="C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe" [2007-06-03 13:32 462848]
"a-squared Anti-Dialer"="C:\Programmi\a-squared Anti-Dialer\a2adguard.exe" [2007-06-19 21:44 1331200]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2007-02-16 09:54 282624]
"D-Link AirPlus G"="C:\Programmi\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 14:04 1544192]
"ANIWZCS2Service"="C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 17:19 49152]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Microsoft hren1"="C:\WINDOWS\mmhren1.exe" [2008-02-14 18:09 40960]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-31 13:00 13312]
"braviax"="C:\WINDOWS\System32\braviax.exe" [ ]
"Microsoft hren1"="C:\WINDOWS\mmhren1.exe" [2008-02-14 18:09 40960]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunServices]
"Microsoft Update"="psconv.exe" []

C:\Documents and Settings\elenina\Menu Avvio\Programmi\Esecuzione automatica\
imfe.exe [2008-02-16 10:06:39 2108]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
WinZip Quick Pick.lnk - C:\Programmi\WinZip\WZQKPICK.EXE [2007-10-13 15:15:26 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"ChkComponent"= {54fff5ae-c89a-4c0f-9a0f-65f37f086fdc} - C:\WINDOWS\Installer\{54fff5ae-c89a-4c0f-9a0f-65f37f086fdc}\ChkComponent.dll [2008-02-14 18:06 13862]
"zip"= {16825f6a-dc77-436b-868a-17ef424b46fc} - C:\WINDOWS\Installer\{16825f6a-dc77-436b-868a-17ef424b46fc}\zip.dll [2008-02-14 18:09 38438]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\explorer.exe]
Debugger=C:\WINDOWS\w32dbg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iexplore.exe]
Debugger=C:\WINDOWS\iexplore_32.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
UpdateWin REG_SZ C:\WINDOWS\System32\ahuit.exe

R2 a2AntiDialer;a-squared Anti-Dialer Service;C:\Programmi\a-squared Anti-Dialer\a2service.exe [2007-06-19 21:43]
R2 Google Online Search Service;Google Online Search Service;C:\WINDOWS\System32\winlagons.exe [2008-02-14 18:06]
S3 CnxEtP;Trust MD3100 USB ADSL MODEM LAN Adapter Filter Driver;C:\WINDOWS\System32\DRIVERS\CnxEtP.sys [2007-06-03 13:32]
S3 CnxEtU;Trust MD3100 USB ADSL MODEM Loader;C:\WINDOWS\System32\DRIVERS\CnxEtU.sys [2007-06-03 13:32]
S3 CnxTgN;Trust MD3100 USB ADSL MODEM LAN Adapter Driver;C:\WINDOWS\System32\DRIVERS\CnxTgN.sys [2007-06-03 13:32]
S4 WinDlService;WinDlService;"C:\Documents and Settings\elenina\Dati applicazioni\Microsoft\Internet Explorer\svchost.exe" []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\subsystems]
"Windows"= basevcwj32.dll

.
Contenuto della cartella 'Scheduled Tasks'
"2008-02-10 15:13:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-16 10:15:44
Windows 5.1.2600 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
spoolw = C:\WINDOWS\System32\spoolw.exe????????????????????????????????????????????????????????????????????????????????????????????????
igfxsvc = C:\WINDOWS\System32\igfxsvc.exe???????????????????????????????????????????????????????????????????????????????????????????????

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2600.0000]
-> C:\WINDOWS\Installer\{54fff5ae-c89a-4c0f-9a0f-65f37f086fdc}\ChkComponent.dll
-> C:\WINDOWS\Installer\{16825f6a-dc77-436b-868a-17ef424b46fc}\zip.dll

PROCESS: C:\WINDOWS\system32\csrss.exe
-> C:\WINDOWS\system32\basevcwj32.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Ora fine scansione: 2008-02-16 10:18:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-16 09:18:36
.
2008-02-14 02:01:42 --- E O F ---



e hj:
Logfile of HijackThis v1.99.1
Scan saved at 10.19.33, on 16/02/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe
C:\Programmi\a-squared Anti-Dialer\a2adguard.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\D-Link\AirPlus G\AirGCFG.exe
C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\mmhren1.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\WINDOWS\System32\spoolw.exe
C:\WINDOWS\System32\igfxsvc.exe
C:\WINDOWS\mmhren1.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\a-squared Anti-Dialer\a2service.exe
C:\WINDOWS\System32\winlagons.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\elenina\Impostazioni locali\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe"
O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programmi\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Microsoft hren1] C:\WINDOWS\mmhren1.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [spoolw] C:\WINDOWS\System32\spoolw.exe
O4 - HKCU\..\Run: [igfxsvc] C:\WINDOWS\System32\igfxsvc.exe
O4 - HKCU\..\Run: [Microsoft hren1] C:\WINDOWS\mmhren1.exe
O4 - Startup: imfe.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O21 - SSODL: ChkComponent - {54fff5ae-c89a-4c0f-9a0f-65f37f086fdc} - C:\WINDOWS\Installer\{54fff5ae-c89a-4c0f-9a0f-65f37f086fdc}\ChkComponent.dll
O21 - SSODL: zip - {16825f6a-dc77-436b-868a-17ef424b46fc} - C:\WINDOWS\Installer\{16825f6a-dc77-436b-868a-17ef424b46fc}\zip.dll
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Dialer\a2service.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Google Online Search Service - Unknown owner - C:\WINDOWS\System32\winlagons.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe

[bdoriano]

Scarica avenger e scompattalo in una sua cartella non temporanea e non sul desktop

Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:

[agatina]

al riavvio pero' mi appare solo lo sfondo desktop senza icone, per cui per fare le operazioni ho dovuto usare task manager. e' normale?
questo e' il log di hj

Logfile of HijackThis v1.99.1
Scan saved at 22.47.59, on 17/02/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\a-squared Anti-Dialer\a2service.exe
C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\spoolw.exe
C:\WINDOWS\System32\igfxsvc.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\elenina\Dati applicazioni\antivirus.exe
C:\WINDOWS\9128281.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\elenina\Impostazioni locali\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: (no name) - {F9583F2A-DCCD-4359-BE0C-1F7DB35EC64F} - C:\WINDOWS\System32\cnvfa.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe"
O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programmi\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Microsoft hren1] C:\WINDOWS\mmhren1.exe
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\System32\printer.exe
O4 - HKLM\..\Run: [qrcmvbtq] C:\ngeqyevb.bat
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\System32\ctfmona.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [spoolw] C:\WINDOWS\System32\spoolw.exe
O4 - HKCU\..\Run: [igfxsvc] C:\WINDOWS\System32\igfxsvc.exe
O4 - HKCU\..\Run: [Microsoft hren1] C:\WINDOWS\mmhren1.exe
O4 - HKCU\..\Run: [msiconf.exe] msiconf.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\System32\spoolvs.exe
O4 - HKCU\..\Run: [SystemDefender.install] "C:\Programmi\udefender_setup.exe" continue
O4 - HKCU\..\Run: [MSWTL32] C:\WINDOWS\MSATL32.exe
O4 - Startup: findfast.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O20 - Winlogon Notify: ibutu - C:\WINDOWS\SYSTEM32\ibutu.dll
O21 - SSODL: ChkComponent - {54fff5ae-c89a-4c0f-9a0f-65f37f086fdc} - C:\WINDOWS\Installer\{54fff5ae-c89a-4c0f-9a0f-65f37f086fdc}\ChkComponent.dll
O21 - SSODL: zip - {16825f6a-dc77-436b-868a-17ef424b46fc} - C:\WINDOWS\Installer\{16825f6a-dc77-436b-868a-17ef424b46fc}\zip.dll
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Dialer\a2service.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Google Online Search Service - Unknown owner - C:\WINDOWS\System32\winlagons.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe

[agatina]

questo e' il log di avenger

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\qundrtcs

*******************

Script file located at: \??\C:\WINDOWS\kdcihyat.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\iexplore_32.exe deleted successfully.
File C:\WINDOWS\w32dbg.exe deleted successfully.


File C:\WINDOWS\System32\ahuit.exe not found!
Deletion of file C:\WINDOWS\System32\ahuit.exe failed!

Could not process line:
C:\WINDOWS\System32\ahuit.exe
Status: 0xc0000034

File C:\Documents and Settings\elenina\Menu Avvio\Programmi\Esecuzione automatica\imfe.exe deleted successfully.
File C:\WINDOWS\mmhren1.exe deleted successfully.


File C:\WINDOWS\System32\braviax.exe not found!
Deletion of file C:\WINDOWS\System32\braviax.exe failed!

Could not process line:
C:\WINDOWS\System32\braviax.exe
Status: 0xc0000034

File C:\WINDOWS\System32\spoolw.exe deleted successfully.
File C:\WINDOWS\System32\igfxsvc.exe deleted successfully.
File C:\chk-qpvae.exe deleted successfully.
File C:\Documents and Settings\elenina\ie_updates3r.exe deleted successfully.
File C:\ie_updater.exe deleted successfully.
File C:\WINDOWS\system32\winlagons.exe deleted successfully.
File C:\WINDOWS\system32\winlogans.tmp deleted successfully.
File C:\WINDOWS\mmax_hren2.ini deleted successfully.
File C:\WINDOWS\system32\svchost.t__ deleted successfully.
File C:\WINDOWS\system32\herjt395.exe deleted successfully.
File C:\WINDOWS\system32\dwttusgg.tmp deleted successfully.
File C:\Programmi\tmp704531.exe deleted successfully.
File C:\Programmi\tmp704546.exe deleted successfully.
File C:\Programmi\tmp705093.exe deleted successfully.
File C:\WINDOWS\system32\Fsd9mk4g.dll deleted successfully.
File C:\WINDOWS\system32\Jfs9jg.dll deleted successfully.
File C:\WINDOWS\system32\herjt230.exe deleted successfully.
File C:\WINDOWS\system32\herjt331.exe deleted successfully.
File C:\WINDOWS\system32\herjt374.exe deleted successfully.
File C:\chk-bggop.exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[agatina]

il log di norman e' qui

[URL="http://www.freefilehosting.net/files/3c78l"]NFix_2008-02-17_23-11-34.log[/URL]

[agatina]

non vi ho piu' sentito. ho sbagliato qualcosa?

[Sante62]

fai quest'altra scansione:
Scansione con GMER
Ricorda che i log di GMER sono due: Autostart e Rootkit. Postali su www.freefilehosting.net come indicato quì

[agatina]

io ho salvato questo. e' giusto?

[URL="http://www.freefilehosting.net/files/3c9ac"]gmer6.log[/URL]

[Sante62]

Si, però mi sembra troppo corto; lo rifai cortesemente?;
ricordati che c'è anche il log Autostart....

[agatina]

forse questo e' giusto
[URL="http://www.freefilehosting.net/files/3c9c5"]gmer115.txt[/URL]
[URL="http://www.freefilehosting.net/files/3c9c5"]gmer115.txt[/URL]

[Sante62]

Sono tutti e due Rootkit; devi fare l'Autostart;
Se qualcosa non ti è chiaro rileggi il link della guida per fare questi log...

[agatina]

ci riprovo:
URL="http://www.freefilehosting.net/files/3c9fg"]gmer37.txt[/URL]

[Sante62]

Va bene, i log di GMER sembrano puliti...
Adesso collegati a Kaspersky online scanner
Quando sta scaricando i file necessari, disattiva momentaneamente l'antivirus. Non appena inizia la scansione del PC disconnettiti da internet.
Alla fine carica il risultato su www.freefilehosting.net, riportando quì il link che ti viene assegnato come indicato quì

[agatina]

niente da fare. non mi lascia connettere a kasperky. mi butta su dns4error.com

[Sante62]

Fai la scansione con Systemscan e posta il log generato come
indicato quì

[agatina]

ECCOLO
[URL="http://www.freefilehosting.net/files/3cag9"]20_02_2008_21_08_report.zip[/URL]

[Sante62]

Ti sei reinfettata nuovamente;
Utilizza avenger nuovamente con questo script:

[agatina]

il log di avenger:

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Error: could not create zip file.
Error code: 0


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ctwaloaa

*******************

Script file located at: \??\C:\WINDOWS\System32\brbxbadb.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\cdplayer.ini deleted successfully.
File C:\WINDOWS\896937.exe deleted successfully.
File C:\WINDOWS\5006171.exe deleted successfully.
File C:\WINDOWS\9111906.exe deleted successfully.
File C:\WINDOWS\13218343.exe deleted successfully.
File C:\WINDOWS\17259171.exe deleted successfully.
File C:\WINDOWS\21295703.exe deleted successfully.
File C:\WINDOWS\25304359.exe deleted successfully.
File C:\WINDOWS\29385093.exe deleted successfully.
File C:\WINDOWS\33432484.exe deleted successfully.
File C:\WINDOWS\37451171.exe deleted successfully.
File C:\WINDOWS\41539187.exe deleted successfully.
File C:\WINDOWS\45607781.exe deleted successfully.
File C:\WINDOWS\49673531.exe deleted successfully.
File C:\WINDOWS\53755921.exe deleted successfully.
File C:\WINDOWS\57824218.exe deleted successfully.
File C:\WINDOWS\61890125.exe deleted successfully.
File C:\WINDOWS\65959765.exe deleted successfully.
File C:\WINDOWS\70053968.exe deleted successfully.
File C:\WINDOWS\74120703.exe deleted successfully.
File C:\WINDOWS\78185890.exe deleted successfully.
File C:\WINDOWS\82266515.exe deleted successfully.
File C:\WINDOWS\86335765.exe deleted successfully.
File C:\WINDOWS\90430328.exe deleted successfully.
File C:\WINDOWS\94529187.exe deleted successfully.
File C:\WINDOWS\98613015.exe deleted successfully.
File C:\WINDOWS\997703.exe deleted successfully.
File C:\WINDOWS\5095453.exe deleted successfully.
File C:\WINDOWS\13141750.exe deleted successfully.
File C:\WINDOWS\29189156.exe deleted successfully.
File C:\WINDOWS\system32\549630002.dat deleted successfully.
File C:\WINDOWS\system32\herjt391.exe deleted successfully.
File C:\WINDOWS\system32\ctfmona.exe deleted successfully.
File C:\WINDOWS\system32\ibutu.dll deleted successfully.
File C:\Programmi\ucleaner_setup.exe deleted successfully.
Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ctfmona deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


combofix e'
[URL="http://www.freefilehosting.net/files/3cbda"]logcombo1.txt[/URL]

volevo ricordarti che il mio problema iniziale era che norton risultava danneggiato e non mi proteggeva piu'.
quando potro' reinstallarlo me lo dite voi, vero?