Olimpo Informatico

[fax]

qualcuno può controllare il mio LOG, ho problemi di lentezza con Internet Explorer al primo avvio, ho eseguito le indicazioni contenute in questo thread.
ho sempre connessioni verso a.doginhispen.com
grazie anticipatamente

[fax]

ho fatto anche una scansione con AWF

[bdoriano]

Ciao fax,
Scarica avenger e scompattalo in una sua cartella non temporanea e non sul desktop

Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:

[fax]

Grazie per aver risposto,
durante l'esecuzione di avenger ho visto un errore perchè non trovava un .reg (la cartella di avenger l'ho creata in una sottocartella, non so se è importante) comunque ora è ripristinato il vecchio antivirus AVG (ora ne ho due attivi, ma bitdefender scade....) e la tastiera multimediale
ecco i due log:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\fmuhahuc

*******************

Script file located at: \??\E:\WINNT\system32\ubtqcjmd.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at E:\Avenger

*******************

Beginning to process script file:

File E:\Programmi\Iomega HotBurn\Autolaunch.exe deleted successfully.
File E:\Programmi\Winamp5\winampa.exe deleted successfully.
File E:\WINNT\system32\NeroCheck.exe deleted successfully.
File E:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe deleted successfully.
File E:\Programmi\Grisoft\AVG Free\avgcc.exe deleted successfully.
File E:\Programmi\Netropa\Multimedia Keyboard\MMKeybd.exe deleted successfully.
File E:\Programmi\Sygate\SPF\Smc.exe deleted successfully.
File E:\Programmi\File comuni\InstallShield\UpdateService\issch.exe deleted successfully.
File E:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe deleted successfully.
File move operation E:\Programmi\Iomega HotBurn\bak\Autolaunch.exe|E:\Programmi\Iomega HotBurn\Autolaunch.exe completed successfully.
File move operation E:\Programmi\Winamp5\bak\winampa.exe|E:\Programmi\Winamp5\winampa.exe completed successfully.
File move operation E:\WINNT\system32\bak\NeroCheck.exe|E:\WINNT\system32\NeroCheck.exe completed successfully.
File move operation E:\Programmi\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe|E:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe completed successfully.
File move operation E:\Programmi\Grisoft\AVG Free\bak\avgcc.exe|E:\Programmi\Grisoft\AVG Free\avgcc.exe completed successfully.
File move operation E:\Programmi\Netropa\Multimedia Keyboard\bak\MMKeybd.exe|E:\Programmi\Netropa\Multimedia Keyboard\MMKeybd.exe completed successfully.
File move operation E:\Programmi\Sygate\SPF\bak\Smc.exe|E:\Programmi\Sygate\SPF\Smc.exe completed successfully.
File move operation E:\Programmi\File comuni\InstallShield\UpdateService\bak\issch.exe|E:\Programmi\File comuni\InstallShield\UpdateService\issch.exe completed successfully.
File move operation E:\Programmi\File comuni\InstallShield\UpdateService\bak\ISUSPM.exe|E:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe completed successfully.

Completed script processing.

*******************

Finished! Terminate.



Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9.48.57, on 11/02/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
Boot mode: Normal

Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\Programmi\Netropa\Multimedia Keyboard\nhksrv.exe
E:\Programmi\a-squared Free\a2service.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\system32\drivers\KodakCCS.exe
C:\mysql\bin\mysqld-nt.exe
E:\WINNT\system32\nvsvc32.exe
E:\Programmi\File comuni\Protexis\License Service\PSIService.exe
E:\Programmi\Kodak\Kodak EasyShare software\bin\ptssvc.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\System32\tcpsvcs.exe
E:\WINNT\Explorer.EXE
E:\WINNT\system32\stisvc.exe
E:\WINNT\system32\ZoneLabs\vsmon.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\system32\mspmspsv.exe
E:\WINNT\system32\svchost.exe
E:\Programmi\Iomega HotBurn\Autolaunch.exe
E:\Programmi\File comuni\BitDefender\BitDefender Communicator\xcommsvr.exe
E:\Programmi\IPM\Adsl\DataWay\dslstat.exe
E:\WINNT\System32\inetsrv\inetinfo.exe
E:\WINNT\system32\dslagent.exe
E:\Programmi\Winamp5\winampa.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\Programmi\File comuni\BitDefender\BitDefender Update Service\livesrv.exe
E:\Programmi\Netropa\Multimedia Keyboard\MMKeybd.exe
E:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
E:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
E:\Programmi\Netropa\Multimedia Keyboard\TrayMon.exe
E:\Programmi\Netropa\Onscreen Display\OSD.exe
E:\Programmi\BitDefender\BitDefender 2008\bdagent.exe
E:\Programmi\BitDefender\BitDefender 2008\vsserv.exe
E:\WINNT\system32\internat.exe
E:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\Programmi\Microsoft Office\Office\OSA.EXE
E:\Programmi\Microsoft Office\Office\FINDFAST.EXE
E:\WINNT\system32\notepad.exe
E:\WINNT\System32\svchost.exe
e:\programmi\file comuni\installshield\updateservice\isuspm.exe
E:\Programmi\File comuni\InstallShield\UpdateService\agent.exe
E:\WINNT\system32\wuauclt.exe
E:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\sicurezza\HiJackThis_v2\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mailrr.aruba.it/cgi-bin/sqwebmail?index=1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = E:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = E:\windows\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\programmi\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\programmi\google\googletoolbar3.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - E:\Programmi\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SmcService] E:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "E:\Programmi\Iomega HotBurn\Autolaunch.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] E:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [WinampAgent] E:\Programmi\Winamp5\winampa.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] E:\Programmi\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [ISUSPM Startup] E:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "E:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "E:\Programmi\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "E:\Programmi\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [swg] E:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] E:\Programmi\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = E:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio Office.lnk = E:\Programmi\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = E:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Corel Family & Friends Reminders.LNK = E:\Programmi\Corel\Print House Magic\cffrem.exe
O4 - Global Startup: Ricerca rapida.lnk = E:\Programmi\Microsoft Office\Office\FINDFAST.EXE
O12 - Plugin for .spop: E:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021126/qtinstall.info.apple.com/sikes/it/win/QuickTimeInstaller.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4C6300A-ABC5-4EE7-97CD-83046F77536E}: NameServer = 85.37.17.16 85.38.28.68
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINNT\system32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - E:\Programmi\a-squared Free\a2service.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - E:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - E:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - E:\Programmi\File comuni\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - E:\Programmi\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINNT\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - E:\Programmi\File comuni\Protexis\License Service\PSIService.exe
O23 - Service: ptssvc - KODAK - E:\Programmi\Kodak\Kodak EasyShare software\bin\ptssvc.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - E:\Programmi\Sygate\SPF\Smc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - E:\Programmi\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - E:\Programmi\File comuni\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 8741 bytes

[fax]

ecco i log di combofix e hijack:

ComboFix 08-02.11.1 - lucia 11/02/2008 10.02.38.2 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1040.18.81 [GMT 1:00]
Eseguito da: E:\Documents and Settings\lucia\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-01-11 al 2008-02-11 )))))))))))))))))))))))))))))))))))
.

2008-02-11 10:02 . 11/02/08 10.02 16,384 --a----t- E:\WINNT\system32\Perflib_Perfdata_46c.dat
2008-02-11 09:34 . 11/02/08 09.34 5,007 --a------ E:\WINNT\avatar_aldo.jpg
2008-02-10 22:22 . 10/02/08 22.22 554,350 ---h----- E:\WINNT\ShellIconCache
2008-02-10 20:00 . 10/02/08 20.04 2,524 --a------ E:\WINNT\system32\tmp.reg
2008-02-10 19:49 . 10/02/08 19.53 <DIR> d-------- E:\Programmi\RogueRemover FREE
2008-02-10 19:27 . 24/03/04 02.42 246,032 --a------ E:\kmd.exe
2008-02-08 22:24 . 08/02/08 22.24 <DIR> d-------- E:\Documents and Settings\lucia\Dati applicazioni\Thunderbird
2008-02-08 22:24 . 08/02/08 22.24 <DIR> d-------- E:\Documents and Settings\lucia\Dati applicazioni\Talkback
2008-02-08 20:13 . 08/02/08 22.23 <DIR> d-------- E:\rim
2008-02-08 17:55 . 11/02/08 10.06 121 --a------ E:\WINNT\bdagent.INI
2008-02-08 17:48 . 08/02/08 17.48 <DIR> d-------- E:\WINNT\winsxs
2008-02-08 17:48 . 08/02/08 17.48 <DIR> d-------- E:\Programmi\BitDefender
2008-02-08 17:48 . 08/02/08 17.48 <DIR> d-------- E:\Documents and Settings\lucia\Dati applicazioni\Bitdefender
2008-02-08 17:48 . 08/02/08 17.49 <DIR> d-------- E:\Documents and Settings\All Users\Dati applicazioni\BitDefender
2008-02-08 17:46 . 08/02/08 17.48 <DIR> d-------- E:\Programmi\File comuni\BitDefender
2008-02-07 21:38 . 07/02/08 22.35 <DIR> d-------- E:\Programmi\a-squared Free
2008-02-07 21:16 . 07/02/08 21.16 <DIR> d-------- E:\Programmi\Eusing Free Registry Cleaner
2008-02-07 18:42 . 07/02/08 18.42 <DIR> d-------- E:\Programmi\SpywareBlaster
2008-01-23 20:56 . 11/02/08 09.39 <DIR> d-------- E:\WINNT\system32\bak
2008-01-12 11:06 . 12/01/08 11.09 <DIR> d-------- E:\Programmi\File comuni\Macromedia
2008-01-12 10:59 . 12/01/08 10.59 <DIR> d--h-c--- E:\WINNT\$MSI30UninstallMSI30-KB884016$

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-11 08:43 --------- d---a-w E:\Documents and Settings\All Users\Dati applicazioni\avg7
2008-02-11 08:39 --------- d-----w E:\Programmi\Winamp5
2008-02-11 08:39 --------- d-----w E:\Programmi\Iomega HotBurn
2008-02-10 18:54 24,576 ----a-w E:\WINNT\Internet Logs\xDB1B.tmp
2008-02-10 18:35 5,850,112 ----a-w E:\WINNT\Internet Logs\xDB1A.tmp
2008-02-10 17:32 --------- d-----w E:\Documents and Settings\lucia\Dati applicazioni\AdobeUM
2008-02-07 20:32 4,072,670 ----a-w E:\WINNT\Internet Logs\tvDebug.zip
2008-02-05 19:30 --------- d-----w E:\Programmi\Spybot - Search & Destroy
2008-01-23 19:56 --------- d-----w E:\Programmi\QuickTime
2008-01-12 10:08 --------- d-----w E:\Programmi\Macromedia
2008-01-05 16:18 --------- d-----w E:\Documents and Settings\lucia\Dati applicazioni\AVG7
2007-11-27 15:46 77,824 ----a-w E:\WINNT\system32\xcomm.dll
2007-11-17 16:26 3,490,304 ----a-w E:\WINNT\Internet Logs\xDB19.tmp
2007-11-17 15:55 17,130 ----a-w E:\WINNT\Fonts\Agency.zip
2007-11-14 15:05 75,248 ----a-w E:\WINNT\zllsputility.exe
2007-11-14 15:05 1,086,952 ----a-w E:\WINNT\system32\zpeng24.dll
2006-09-23 15:29 564,224 ----a-w E:\WINNT\Internet Logs\xDB18.tmp
2006-09-23 15:29 1,193,984 ----a-w E:\WINNT\Internet Logs\xDB17.tmp
2006-05-19 15:56 17,920 ----a-w E:\WINNT\Internet Logs\xDB16.tmp
2006-05-19 15:55 1,107,456 ----a-w E:\WINNT\Internet Logs\xDB15.tmp
2006-05-19 15:34 12,288 ----a-w E:\WINNT\Internet Logs\xDB14.tmp
2006-05-19 15:34 1,105,408 ----a-w E:\WINNT\Internet Logs\xDB13.tmp
2006-05-19 15:24 12,800 ----a-w E:\WINNT\Internet Logs\xDB12.tmp
2006-05-19 15:24 1,105,408 ----a-w E:\WINNT\Internet Logs\xDB11.tmp
2006-05-19 14:54 1,437,184 ----a-w E:\WINNT\Internet Logs\xDB10.tmp
2006-05-19 14:54 1,105,408 ----a-w E:\WINNT\Internet Logs\xDBF.tmp
2005-12-17 22:04 2,183,680 ----a-w E:\WINNT\Internet Logs\xDBE.tmp
2005-12-17 22:04 1,078,272 ----a-w E:\WINNT\Internet Logs\xDBD.tmp
2005-11-05 12:35 989,184 ----a-w E:\WINNT\Internet Logs\xDBB.tmp
2005-11-05 12:35 2,854,912 ----a-w E:\WINNT\Internet Logs\xDBC.tmp
2005-07-10 20:58 915,456 ----a-w E:\WINNT\Internet Logs\xDB9.tmp
2005-07-10 20:58 2,838,016 ----a-w E:\WINNT\Internet Logs\xDBA.tmp
2005-07-09 22:15 884,736 ----a-w E:\WINNT\Internet Logs\xDB7.tmp
2005-07-09 22:15 2,079,232 ----a-w E:\WINNT\Internet Logs\xDB8.tmp
2005-07-09 17:38 2,874,880 ----a-w E:\WINNT\Internet Logs\xDB43C.tmp
2005-07-08 21:07 942,592 ----a-w E:\WINNT\Internet Logs\xDB5.tmp
2005-07-08 21:07 2,674,176 ----a-w E:\WINNT\Internet Logs\xDB6.tmp
2005-07-06 20:55 842,752 ----a-w E:\WINNT\Internet Logs\xDB3.tmp
2005-07-06 20:55 3,119,104 ----a-w E:\WINNT\Internet Logs\xDB4.tmp
2005-07-06 05:22 839,680 ----a-w E:\WINNT\Internet Logs\xDB2.tmp
2005-07-03 20:46 980,480 ----a-w E:\WINNT\Internet Logs\xDB1.tmp
2004-02-01 08:36 271 ---h--w E:\Programmi\desktop.ini
2004-02-01 08:36 22,075 ---h--w E:\Programmi\folder.htt
2000-12-12 10:17 100,432 ------w E:\Programmi\Win2000PPAHotfix.exe
1999-12-23 00:00 32,528 ----a-w E:\WINNT\inf\wbfirdma.sys
2007-10-25 09:56 88 --sh--r E:\WINNT\system32\7A0930EE5E.sys
2003-10-19 18:57 56 --sh--r E:\WINNT\system32\EDD29C43B3.sys
2007-10-25 09:57 5,330 --sha-w E:\WINNT\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 299,008 2003-04-01 10:32:08 E:\Programmi\IPM\Adsl\DataWay\bak\dslstat.exe
----a-w 299,008 2003-04-01 10:32:08 E:\Programmi\IPM\Adsl\DataWay\dslstat.exe

----a-w 286,720 2007-10-31 15:15:34 E:\Programmi\QuickTime\bak\qttask.exe

----a-w 29,937 2008-02-11 07:30:33 E:\Programmi\Sygate\SPF\bak\debug.log
----a-w 214,903 2008-02-11 08:42:51 E:\Programmi\Sygate\SPF\debug.log

----a-w 72 2008-01-24 08:19:53 E:\Programmi\Sygate\SPF\bak\rawlog.log
----a-w 72 2003-02-25 19:00:04 E:\Programmi\Sygate\SPF\rawlog.log

----a-w 72 2008-01-24 08:19:53 E:\Programmi\Sygate\SPF\bak\seclog.log
----a-w 1,482 2005-02-05 19:44:38 E:\Programmi\Sygate\SPF\seclog.log

----a-w 1,360 2008-02-11 07:30:32 E:\Programmi\Sygate\SPF\bak\StdState.dat
----a-w 150,280 2008-02-11 08:42:48 E:\Programmi\Sygate\SPF\StdState.dat

----a-w 7,314 2008-02-11 07:30:32 E:\Programmi\Sygate\SPF\bak\syslog.log
----a-w 4,846 2008-02-11 08:42:49 E:\Programmi\Sygate\SPF\syslog.log

----a-w 72 2008-01-24 08:19:53 E:\Programmi\Sygate\SPF\bak\tralog.log
----a-w 29,885 2005-03-15 21:01:01 E:\Programmi\Sygate\SPF\tralog.log

----a-w 1,360 2008-02-11 07:30:32 E:\Programmi\Sygate\SPF\bak\TState.dat
----a-w 150,280 2008-02-11 08:42:49 E:\Programmi\Sygate\SPF\TState.dat

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{381FFDE8-2394-4F90-B10D-FC6124A40F8C}

[HKEY_CLASSES_ROOT\clsid\{381ffde8-2394-4f90-b10d-fc6124a40f8c}]
[HKEY_CLASSES_ROOT\BitDefender Toolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [23/12/99 01.00 20752 E:\WINNT\system32\internat.exe]
"swg"="E:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [25/07/07 22.38 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [19/06/03 12.05 111376 E:\WINNT\system32\mobsync.exe]
"NvCplDaemon"="E:\WINNT\system32\NvCpl.dll" [09/03/06 14.29 7561216]
"nwiz"="nwiz.exe" [09/03/06 14.29 1519616 E:\WINNT\system32\nwiz.exe]
"SmcService"="E:\PROGRA~1\Sygate\SPF\Smc.exe" [11/09/02 09.25 1986631]
"NeroFilterCheck"="E:\WINNT\system32\NeroCheck.exe" [09/07/01 10.50 155648]
"Drag'n'Drop_Autolaunch"="E:\Programmi\Iomega HotBurn\Autolaunch.exe" [16/10/01 18.09 90112]
"DSLSTATEXE"="E:\Programmi\IPM\Adsl\DataWay\dslstat.exe" [01/04/03 11.32 299008]
"DSLAGENTEXE"="dslagent.exe" [01/04/03 10.53 16384 E:\WINNT\system32\dslagent.exe]
"WinampAgent"="E:\Programmi\Winamp5\winampa.exe" [13/12/03 01.50 33792]
"NvMediaCenter"="E:\WINNT\system32\NvMcTray.dll" [09/03/06 14.29 86016]
"AVG7_CC"="E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [04/01/08 16.13 579072]
"MULTIMEDIA KEYBOARD"="E:\Programmi\Netropa\Multimedia Keyboard\MMKeybd.exe" [28/11/00 09.18 135168]
"ISUSPM Startup"="E:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [16/02/05 15.15 221184]
"ISUSScheduler"="E:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" [16/02/05 15.15 81920]
"ZoneAlarm Client"="E:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" [14/11/07 16.05 919016]
"BitDefender Antiphishing Helper"="E:\Programmi\BitDefender\BitDefender 2008\IEShow.exe" [09/10/07 15.46 61440]
"BDAgent"="E:\Programmi\BitDefender\BitDefender 2008\bdagent.exe" [16/11/07 16.37 319488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [23/12/99 01.00 20752 E:\WINNT\system32\internat.exe]
"NvMediaCenter"="E:\WINNT\system32\NVMCTRAY.DLL" [09/03/06 14.29 86016]
"AVG7_Run"="E:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [24/10/07 09.16 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="E:\Programmi\Internet Explorer\Connection Wizard\icwconn1.exe" [19/06/03 12.05 188176]

E:\Documents and Settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\
WinMySQLadmin.lnk - C:\mysql\bin\winmysqladmin.exe [2003-05-25 08:27:44 936448]

E:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.exe.lnk - E:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-06 13:39:42 110592]
Adobe Gamma Loader.lnk - E:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-06 13:39:42 110592]
Avvio Office.lnk - E:\Programmi\Microsoft Office\Office\OSA.EXE [1997-08-31 23:00:00 51984]
Avvio veloce di Adobe Reader.lnk - E:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Corel Family & Friends Reminders.LNK - E:\Programmi\Corel\Print House Magic\cffrem.exe [2007-10-22 11:00:02 670208]
Ricerca rapida.lnk - E:\Programmi\Microsoft Office\Office\FINDFAST.EXE [1997-08-31 23:00:00 111376]

R1 Avg7RsNT;AVG7 Resident Driver NT;E:\WINNT\system32\Drivers\avg7rsnt.sys [14/10/07 13.13 ]
R1 bdftdif;bdftdif;E:\Programmi\File comuni\BitDefender\BitDefender Firewall\bdftdif.sys [12/11/07 16.28 ]
R1 msikbd2k;Multimedia Keyboard Filter Driver;E:\WINNT\system32\DRIVERS\msikbd2k.sys [03/10/00 14.18 ]
R2 nhksrv;Netropa NHK Server;E:\Programmi\Netropa\Multimedia Keyboard\nhksrv.exe [13/09/00 15.18 ]
R2 ousbehci;NEC PCI to USB Enhanced Host Controller;E:\WINNT\system32\Drivers\ousbehci.sys [01/07/02 14.07 ]
R2 ptssvc;ptssvc;E:\Programmi\Kodak\Kodak EasyShare software\bin\ptssvc.exe [11/08/04 02.00 ]
R2 ScanDrv;ScanDrv;E:\WINNT\system32\drivers\ScanDrv.sys [29/10/98 16.21 ]
R2 SMTPSVC;Protocollo SMTP (Simple Mail Transport Protocol);E:\WINNT\System32\inetsrv\inetinfo.exe [19/06/03 12.05 ]
R3 BDSelfPr;BDSelfPr;E:\Programmi\BitDefender\BitDefender 2008\bdselfpr.sys [08/08/07 13.12 ]
R3 openhci;Driver controller host USB Open Microsoft ;E:\WINNT\system32\DRIVERS\openhci.sys [19/06/03 11.05 ]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;E:\WINNT\system32\DRIVERS\ousb2hub.sys [01/07/02 14.07 ]
R3 scan;BitDefender Threat Scanner;E:\WINNT\System32\svchost.exe [23/12/99 01.00 ]
R3 TTLOOPHE;Virtual DVB-S/-C/-T Network Adapter Driver;E:\WINNT\system32\DRIVERS\ttloophe.sys [22/05/02 16.00 ]
S1 EPPSCSIx;EPPSCSIx;E:\WINNT\system32\Drivers\EppSCSI.sys [20/01/98 19.39 ]
S1 sglfb;sglfb;E:\WINNT\system32\drivers\sglfb.sys [23/12/99 01.00 ]
S3 bdfsfltr;bdfsfltr;E:\WINNT\system32\drivers\bdfsfltr.sys [03/08/07 14.18 ]
S3 NUVision;Pinnacle LINX;E:\WINNT\system32\DRIVERS\NUVision.sys [16/07/00 11.52 ]
S3 PAC7311;VGA SoC PC-Camer@;E:\WINNT\system32\DRIVERS\PA707UCM.SYS [18/10/05 10.48 ]
S3 RivaTuner;RivaTuner;C:\Programmi\RivaTuner\RivaTuner.sys []
S3 SAA7146n;TT DVB-PCI driver (SAA7146n);E:\WINNT\system32\DRIVERS\saa7146n.sys [22/05/02 11.55 ]
S3 U3SSTOR;U3SMSCDriver;E:\WINNT\system32\DRIVERS\U3SWDMb.SYS [24/02/03 09.59 ]
S3 usbhub20;Supporto hub principale USB 2.0;E:\WINNT\system32\DRIVERS\usbhub20.sys [19/06/03 20.05 ]
S3 viafilter;VIA USB Filter;E:\WINNT\system32\Drivers\viausb.sys [06/12/02 16.45 ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

.
Contenuto della cartella 'Scheduled Tasks'
"2008-02-07 11:59:09 E:\WINNT\Tasks\AppleSoftwareUpdate.job"
- E:\Programmi\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-11 10:07:04
Windows 5.0.2195 Service Pack 4 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql]
"ImagePath"="C:/mysql/bin/mysqld-nt.exe"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: E:\WINNT\system32\winlogon.exe
-> E:\WINNT\System32\NavLogon.dll
.
Ora fine scansione: 11/02/2008 10.10.21
ComboFix-quarantined-files.txt 2008-02-11 09:10:14



Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10.32.46, on 11/02/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
Boot mode: Normal

Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\Programmi\Netropa\Multimedia Keyboard\nhksrv.exe
E:\Programmi\a-squared Free\a2service.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\system32\drivers\KodakCCS.exe
C:\mysql\bin\mysqld-nt.exe
E:\WINNT\system32\nvsvc32.exe
E:\Programmi\File comuni\Protexis\License Service\PSIService.exe
E:\Programmi\Kodak\Kodak EasyShare software\bin\ptssvc.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\System32\tcpsvcs.exe
E:\WINNT\system32\stisvc.exe
E:\WINNT\system32\ZoneLabs\vsmon.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\system32\mspmspsv.exe
E:\WINNT\system32\svchost.exe
E:\Programmi\Iomega HotBurn\Autolaunch.exe
E:\Programmi\File comuni\BitDefender\BitDefender Communicator\xcommsvr.exe
E:\Programmi\IPM\Adsl\DataWay\dslstat.exe
E:\WINNT\System32\inetsrv\inetinfo.exe
E:\WINNT\system32\dslagent.exe
E:\Programmi\Winamp5\winampa.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\Programmi\File comuni\BitDefender\BitDefender Update Service\livesrv.exe
E:\Programmi\Netropa\Multimedia Keyboard\MMKeybd.exe
E:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
E:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
E:\Programmi\Netropa\Multimedia Keyboard\TrayMon.exe
E:\Programmi\Netropa\Onscreen Display\OSD.exe
E:\Programmi\BitDefender\BitDefender 2008\bdagent.exe
E:\Programmi\BitDefender\BitDefender 2008\vsserv.exe
E:\WINNT\system32\internat.exe
E:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\Programmi\Microsoft Office\Office\OSA.EXE
E:\Programmi\Microsoft Office\Office\FINDFAST.EXE
E:\WINNT\System32\svchost.exe
e:\programmi\file comuni\installshield\updateservice\isuspm.exe
E:\Programmi\File comuni\InstallShield\UpdateService\agent.exe
E:\WINNT\system32\wuauclt.exe
E:\Programmi\Internet Explorer\IEXPLORE.EXE
E:\Programmi\Internet Explorer\IEXPLORE.EXE
E:\Programmi\Internet Explorer\IEXPLORE.EXE
E:\WINNT\explorer.exe
E:\WINNT\system32\notepad.exe
E:\Programmi\ACD Systems\ACDSee\ACDSee.exe
C:\sicurezza\HiJackThis_v2\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mailrr.aruba.it/cgi-bin/sqwebmail?index=1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = E:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = E:\windows\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\programmi\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\programmi\google\googletoolbar3.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - E:\Programmi\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SmcService] E:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "E:\Programmi\Iomega HotBurn\Autolaunch.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] E:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [WinampAgent] E:\Programmi\Winamp5\winampa.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] E:\Programmi\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [ISUSPM Startup] E:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "E:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "E:\Programmi\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "E:\Programmi\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [swg] E:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] E:\Programmi\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = E:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio Office.lnk = E:\Programmi\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = E:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Corel Family & Friends Reminders.LNK = E:\Programmi\Corel\Print House Magic\cffrem.exe
O4 - Global Startup: Ricerca rapida.lnk = E:\Programmi\Microsoft Office\Office\FINDFAST.EXE
O12 - Plugin for .spop: E:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021126/qtinstall.info.apple.com/sikes/it/win/QuickTimeInstaller.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4C6300A-ABC5-4EE7-97CD-83046F77536E}: NameServer = 85.37.17.16 85.38.28.68
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINNT\system32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - E:\Programmi\a-squared Free\a2service.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - E:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - E:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - E:\Programmi\File comuni\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - E:\Programmi\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINNT\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - E:\Programmi\File comuni\Protexis\License Service\PSIService.exe
O23 - Service: ptssvc - KODAK - E:\Programmi\Kodak\Kodak EasyShare software\bin\ptssvc.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - E:\Programmi\Sygate\SPF\Smc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - E:\Programmi\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - E:\Programmi\File comuni\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 8876 bytes

[fax]

ho provato ad eseguire kasper ma dopo aver cliccato su "Kaspersky on line scanner" non mi compare la lincenza, proverò più tardi, il lavoro mi reclama..... grazie comunque

[fax]

risultato scansione kaspersky



link

[fax]

devo eseguire avenger con il seguente testo ?


Files to delete:
C:\app_hauppa\ffmanager_eccccc\FGF095.ZIP/setup.exe
C:\app_hauppa\ffmanager_eccccc\FFM25555PatchXP_Tete.zip
C:\app_hauppa\ffmanager_eccccc\FGF095\SETUP.EXE
E:\avenger\backup.zip
E:\WINNT\system32\HotVideo_it-uninstall.exe

[fax]

log di Hijack qualcuno ci butta un occhio per favore?
mi è rimasto il problema di Internet Explorer che non apre i link in nuove finestre...mah
grazie


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8.02.18, on 13/02/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
Boot mode: Normal

Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\Programmi\Netropa\Multimedia Keyboard\nhksrv.exe
E:\Programmi\a-squared Free\a2service.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\system32\drivers\KodakCCS.exe
C:\mysql\bin\mysqld-nt.exe
E:\WINNT\system32\nvsvc32.exe
E:\Programmi\File comuni\Protexis\License Service\PSIService.exe
E:\Programmi\Kodak\Kodak EasyShare software\bin\ptssvc.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\System32\tcpsvcs.exe
E:\WINNT\system32\stisvc.exe
E:\WINNT\system32\ZoneLabs\vsmon.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\system32\mspmspsv.exe
E:\WINNT\system32\svchost.exe
E:\Programmi\File comuni\BitDefender\BitDefender Communicator\xcommsvr.exe
E:\WINNT\System32\inetsrv\inetinfo.exe
E:\Programmi\File comuni\BitDefender\BitDefender Update Service\livesrv.exe
E:\Programmi\BitDefender\BitDefender 2008\vsserv.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\Explorer.EXE
E:\WINNT\system32\wuauclt.exe
E:\PROGRA~1\Sygate\SPF\Smc.exe
E:\Programmi\Iomega HotBurn\Autolaunch.exe
E:\Programmi\IPM\Adsl\DataWay\dslstat.exe
E:\WINNT\system32\dslagent.exe
E:\Programmi\Winamp5\winampa.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\Programmi\Netropa\Multimedia Keyboard\MMKeybd.exe
E:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
E:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
E:\Programmi\BitDefender\BitDefender 2008\bdagent.exe
E:\Programmi\Netropa\Multimedia Keyboard\TrayMon.exe
E:\WINNT\system32\internat.exe
E:\Programmi\Netropa\Onscreen Display\OSD.exe
E:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\Programmi\Microsoft Office\Office\OSA.EXE
E:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
E:\Programmi\Microsoft Office\Office\FINDFAST.EXE
E:\WINNT\system32\notepad.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\sicurezza\HiJackThis_v2\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mailrr.aruba.it/cgi-bin/sqwebmail?index=1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = E:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = E:\windows\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\programmi\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\programmi\google\googletoolbar3.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - E:\Programmi\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SmcService] E:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "E:\Programmi\Iomega HotBurn\Autolaunch.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] E:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [WinampAgent] E:\Programmi\Winamp5\winampa.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] E:\Programmi\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [ISUSPM Startup] E:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "E:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "E:\Programmi\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "E:\Programmi\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [swg] E:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] E:\Programmi\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = E:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio Office.lnk = E:\Programmi\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = E:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Corel Family & Friends Reminders.LNK = E:\Programmi\Corel\Print House Magic\cffrem.exe
O4 - Global Startup: Ricerca rapida.lnk = E:\Programmi\Microsoft Office\Office\FINDFAST.EXE
O12 - Plugin for .spop: E:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021126/qtinstall.info.apple.com/sikes/it/win/QuickTimeInstaller.exe
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINNT\system32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - E:\Programmi\a-squared Free\a2service.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - E:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - E:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - E:\Programmi\File comuni\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - E:\Programmi\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINNT\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - E:\Programmi\File comuni\Protexis\License Service\PSIService.exe
O23 - Service: ptssvc - KODAK - E:\Programmi\Kodak\Kodak EasyShare software\bin\ptssvc.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - E:\Programmi\Sygate\SPF\Smc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - E:\Programmi\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - E:\Programmi\File comuni\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 8719 bytes

[bdoriano]

Il log di hijackthis sembra pulito.
I files da cancellare, secondo Kaspersky, sono i seguenti: