Olimpo Informatico

[levriero]

Ho riesumato vecchio muletto ,purtroppo è infestato da questo virus che non riesco a toglier perchcè si replica continuamente.allego scansione con Hij

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15.20.51, on 23/02/2008
Platform: Windows XP (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Programmi\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programmi\TOSHIBA\NetDevSw\NetDevSW.exe
C:\Programmi\File comuni\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\System32\wuauclt.exe
E:\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 10
O4 - HKLM\..\Run: [WorksFUD] C:\Programmi\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programmi\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmi\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-3813086739-1203367206-2587936551-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Network Device Switch.lnk = ?
O4 - Global Startup: Promemoria del Calendario di Microsoft Works.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O8 - Extra context menu item: Aggiungi ad Anti-Banner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203255926972
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Servizio Gateway di livello applicazione (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: ClipBook (ClipSrv) - Unknown owner - C:\WINDOWS\system32\clipsrv.exe (file missing)
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: DDE di rete (NetDDE) - Unknown owner - C:\WINDOWS\system32\netdde.exe (file missing)
O23 - Service: DDE DSDM di rete (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\netdde.exe (file missing)
O23 - Service: RPC Locator (RpcLocator) - Unknown owner - C:\WINDOWS\System32\locator.exe (file missing)
O23 - Service: QoS RSVP (RSVP) - Unknown owner - C:\WINDOWS\System32\rsvp.exe (file missing)
O23 - Service: Helper smart card (SCardDrv) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe (file missing)
O23 - Service: smart card (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe (file missing)

--
End of file - 6041 bytes

[Sante62]

Ciao levriero e benvenuto....
Il log di Hijackthis sembra pulito....
Lancia Combofix seguendo questa discussione;
fai anche la Scansione con GMER
Ricorda che i log di GMER sono due: Autostart e Rootkit. Postali su www.freefilehosting.net come indicato quì

[levriero]

ComboFix 08-02-23.2 - Winni 2008-02-23 17.19.16.1 - FAT32x86

Eseguito da: C:\Documents and Settings\Winni\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-01-23 al 2008-02-23 )))))))))))))))))))))))))))))))))))
.

2008-02-23 00:28 . 2008-02-23 00:28 <DIR> d-------- C:\Programmi\Google
2008-02-23 00:24 . 2001-08-31 14:00 132,096 --a------ C:\WINDOWS\system32\taskmgr.exe
2008-02-23 00:24 . 2001-08-31 14:00 132,096 --a------ C:\WINDOWS\system32\dllcache\taskmgr.exe
2008-02-23 00:24 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-23 00:24 . 2001-08-31 14:00 10,752 --a------ C:\WINDOWS\system32\tracert.exe
2008-02-23 00:24 . 2001-08-31 14:00 10,752 --a------ C:\WINDOWS\system32\dllcache\tracert.exe
2008-02-23 00:23 . 2001-08-31 14:00 43,008 --a------ C:\WINDOWS\system32\ftp.exe
2008-02-23 00:23 . 2001-08-31 14:00 43,008 --a------ C:\WINDOWS\system32\dllcache\ftp.exe
2008-02-23 00:18 . 2008-02-23 00:18 <DIR> d-------- C:\Programmi\Java
2008-02-23 00:16 . 2008-02-23 00:16 <DIR> d-------- C:\Programmi\File comuni\Java
2008-02-23 00:03 . 2004-03-30 02:29 552,960 --a------ C:\WINDOWS\system32\rtcdll.dll
2008-02-23 00:03 . 2004-03-30 02:29 253,952 --a------ C:\WINDOWS\system32\h323.tsp
2008-02-23 00:03 . 2004-03-30 02:29 40,960 --------- C:\WINDOWS\system32\dllcache\evtgprov.dll
2008-02-23 00:02 . 2004-03-30 02:29 593,408 --a------ C:\WINDOWS\system32\h323msp.dll
2008-02-23 00:02 . 2004-03-30 02:29 455,680 --a------ C:\WINDOWS\system32\ipnathlp.dll
2008-02-23 00:02 . 2004-03-30 02:29 48,640 --a------ C:\WINDOWS\system32\browser.dll
2008-02-23 00:02 . 2004-03-30 02:29 36,864 --a------ C:\WINDOWS\system32\mf3216.dll
2008-02-22 23:52 . 2003-02-28 16:34 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2008-02-22 23:52 . 2003-02-28 18:26 171,280 --a------ C:\WINDOWS\system32\jit.dll
2008-02-22 23:52 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2008-02-22 23:52 . 2003-02-28 18:26 46,352 --a------ C:\WINDOWS\setdebug.exe
2008-02-22 23:52 . 2003-02-28 16:54 7,315 --a------ C:\WINDOWS\system32\javasup.vxd
2008-02-22 23:52 . 2003-02-28 16:35 6,550 --a------ C:\WINDOWS\jautoexp.dat
2008-02-22 23:40 . 2002-11-14 20:43 221,696 --a------ C:\WINDOWS\system32\srrstr.dll
2008-02-22 23:36 . 2008-02-22 23:36 <DIR> d--h----- C:\WINDOWS\$xpsp1hfm$
2008-02-22 23:36 . 2004-01-10 06:11 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2008-02-22 23:09 . 2008-02-22 23:09 <DIR> d-------- C:\WINDOWS\system32\bits
2008-02-22 23:07 . 2004-07-01 23:05 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2008-02-22 23:07 . 2004-07-01 23:05 7,168 --------- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-02-22 23:07 . 2004-07-01 23:05 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-02-22 23:06 . 2004-07-01 23:05 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-02-22 23:06 . 2004-07-01 23:05 7,680 --------- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-02-22 23:06 . 2004-07-01 23:05 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-02-20 23:17 . 2008-02-20 23:48 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-02-20 23:17 . 2008-02-20 23:48 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-02-20 23:16 . 2008-02-20 23:16 <DIR> d-------- C:\Programmi\Kaspersky Lab
2008-02-20 23:16 . 2008-02-20 23:16 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-02-20 23:16 . 2008-02-23 00:36 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-20 23:16 . 2008-02-23 00:36 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-20 23:16 . 2008-02-23 00:36 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-20 23:16 . 2008-02-23 00:36 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-17 14:47 . 2008-02-17 14:47 65 --a------ C:\WINDOWS\system32\i
2008-02-17 14:46 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-02-17 14:46 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-02-17 14:46 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-02-17 14:46 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-02-17 14:46 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-02-17 14:46 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-02-17 14:46 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-02-17 14:46 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-02-17 14:46 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-02-17 14:45 . 2008-02-17 14:45 <DIR> d---s---- C:\Documents and Settings\Winni\UserData
2008-02-17 14:39 . 2008-02-17 14:39 <DIR> d-------- C:\Programmi\Pirelli
2008-02-17 14:38 . 2008-02-17 14:38 <DIR> d-------- C:\WINDOWS\Motive
2008-02-17 14:38 . 2008-02-17 14:38 <DIR> d-------- C:\Programmi\Motive
2008-02-17 14:38 . 2008-02-17 14:38 <DIR> d-------- C:\Programmi\Common Files
2008-02-17 14:38 . 2008-02-17 14:38 <DIR> d-------- C:\Programmi\Alice ti aiuta
2008-02-17 14:36 . 2008-02-17 14:36 <DIR> d-------- C:\Programmi\Telecom Italia
2008-02-17 14:24 . 2008-02-17 14:24 <DIR> d-------- C:\Programmi\Alwil Software
2008-02-17 14:24 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-02-17 14:24 . 2003-03-18 21:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-02-17 14:24 . 2003-02-21 05:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2008-02-17 14:23 . 2001-08-17 22:03 21,760 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2008-02-17 14:22 . 2001-10-10 10:35 <DIR> d-------- C:\Documents and Settings\Winni\WINDOWS
2008-02-17 14:22 . 2001-10-10 08:38 <DIR> d--h----- C:\Documents and Settings\Winni\Risorse di stampa
2008-02-17 14:22 . 2001-10-10 08:38 <DIR> d--h----- C:\Documents and Settings\Winni\Risorse di rete
2008-02-17 14:22 . 2001-10-10 09:09 <DIR> dr------- C:\Documents and Settings\Winni\Preferiti
2008-02-17 14:22 . 2001-10-10 08:38 <DIR> d--h----- C:\Documents and Settings\Winni\Modelli
2008-02-17 14:22 . 2001-10-10 08:38 <DIR> dr------- C:\Documents and Settings\Winni\Menu Avvio
2008-02-17 14:22 . 2001-10-10 08:38 <DIR> d--h----- C:\Documents and Settings\Winni\Impostazioni locali
2008-02-17 14:22 . 2001-10-10 09:09 <DIR> dr------- C:\Documents and Settings\Winni\Documenti
2008-02-17 14:22 . 2001-10-10 11:19 <DIR> d-------- C:\Documents and Settings\Winni\Dati applicazioni\Microsoft Web Folders
2008-02-17 14:22 . 2001-10-10 11:01 <DIR> d-------- C:\Documents and Settings\Winni\Dati applicazioni\InterTrust
2008-02-17 14:22 . 2001-10-10 08:38 <DIR> dr-h----- C:\Documents and Settings\Winni\Dati applicazioni
2008-02-17 14:21 . 2001-10-10 10:35 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-02-17 14:21 . 2001-10-10 10:35 <DIR> d-------- C:\Documents and Settings\Default User\WINDOWS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-20 23:07 98,304 ----a-w C:\WINDOWS\system32\00THotkey.exe
2008-02-20 23:07 188,416 ----a-w C:\WINDOWS\system32\TPWRTRAY.EXE
2008-02-20 23:07 13,312 ----a-w C:\WINDOWS\system32\ctfmon.exe
2008-02-20 23:06 1,003,520 ----a-w C:\WINDOWS\explorer.exe
2008-02-20 22:42 118,784 ----a-w C:\WINDOWS\system32\wscript.exe
2008-02-20 22:42 100,864 ----a-w C:\WINDOWS\system32\clipbrd.exe
2008-02-20 22:40 31,744 ----a-w C:\WINDOWS\system32\rundll32.exe
2008-02-20 22:39 67,072 ----a-w C:\WINDOWS\system32\notepad.exe
2008-02-20 22:39 24,064 ----a-w C:\WINDOWS\system32\mshta.exe
2008-02-20 22:39 184,832 ----a-w C:\WINDOWS\system32\accwiz.exe
2008-02-20 22:39 139,264 ----a-w C:\WINDOWS\regedit.exe
2008-02-20 22:37 63,488 ----a-w C:\WINDOWS\system32\msiexec.exe
2008-02-20 22:37 534,528 ----a-w C:\WINDOWS\system32\spider.exe
2008-02-20 22:37 46,592 ----a-w C:\WINDOWS\system32\drwtsn32.exe
2008-02-20 22:37 396,288 ----a-w C:\WINDOWS\system32\ntvdm.exe
2008-02-20 22:37 387,584 ----a-w C:\WINDOWS\system32\mstsc.exe
2008-02-20 22:37 346,624 ----a-w C:\WINDOWS\system32\tourstart.exe
2008-02-20 22:37 22,016 ----a-w C:\WINDOWS\system32\userinit.exe
2008-02-20 22:37 127,488 ----a-w C:\WINDOWS\system32\mshearts.exe
2008-02-20 22:36 67,072 ----a-w C:\WINDOWS\NOTEPAD.EXE
.

------- Sigcheck -------

"C:\WINDOWS\explorer.exe"
----a-w 1,003,520 2008-02-20 23:06:58 C:\WINDOWS\explorer.exe
------w 1,003,520 2001-08-30 22:08:10 C:\WINDOWS\SoftwareDistribution\Download\2687715cf083bcb30f3fa4a439f2197c\backup\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2008-02-21 00:07 13312]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2008-02-21 00:07 1077248]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-02-23 15:04 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00THotkey"="C:\WINDOWS\System32\00THotkey.exe" [2008-02-21 00:07 98304]
"Tpwrtray"="TPWRTRAY.EXE" [2008-02-21 00:07 188416 C:\WINDOWS\system32\TPWRTRAY.EXE]
"TFncKy"="TFncKy.exe" []
"WorksFUD"="C:\Programmi\Microsoft Works\wkfud.exe" [2008-02-20 23:36 24576]
"Microsoft Works Portfolio"="C:\Programmi\Microsoft Works\WksSb.exe" [2008-02-20 23:36 311296]
"Microsoft Works Update Detection"="C:\Programmi\Microsoft Works\WkDetect.exe" [2008-02-20 23:36 28672]
"AVP"="C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-02-21 00:07 13312]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Network Device Switch.lnk - C:\Programmi\TOSHIBA\NetDevSw\NetDevSW.exe [2001-10-10 11:02:33 290816]
Promemoria del Calendario di Microsoft Works.lnk - C:\Programmi\File comuni\Microsoft Shared\Works Shared\wkcalrem.exe [2000-07-12 14:14:38 24576]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office\OSA9.EXE [2000-01-21 10:15:56 65536]
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2008-02-17 14:38:26 212992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll


.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-23 17:22:18
Windows 5.1.2600 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-02-23 17.23.48
.
2008-02-22 23:05:16 --- E O F ---

[Sante62]

Ok, aspetto i log di GMER...

[levriero]

non riesco...mi si spegne il pc prima che finisca l'analisi con gmer e poi mi si riavvia come se lo riattivassi dopo lo stanby..che faccio?

[levriero]

provo a fare scansione in modalità provvisori e vedo cosa succede

[Sante62]

GMER non va bene in modalità provvisoria;
C'è qualcosa che non va...
Scarica Virit
Aggiornalo mediante l'icona della parabola posta nella barra in alto e fagli fare la scansione completa del PC.
Fai in modo che rimuova automaticamente i file infetti trovati.
Non dimenticare di disattivare momentaneamente il tuo antivirus.
Incolla poi quì il risultato.