Olimpo Informatico

[mikred]

aiuto non so proprio cosa fare

[bdoriano]

Ciao mikred,

Segui le istruzioni di questo topic per postare il log di combofix.

Poi, fai questa scansione con FindAWF

PS: se vuoi, puoi presentarti qui

[mikred]

cosa significa postare

[Orange]

Post=messaggio
Postare= inviare messaggio

[mikred]

a chi lo devo inviare il messaggio

[Orange]

Puoi sempre provare a inviarlo al presidente degli Stati Uniti, ma nell'attesa di una sua risposta puoi provare a inserire tutti i dati richiesti qui sul forum....

[mikred]

ComboFix 08-02-24.4 - User 2008-02-24 16.40.06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.656 [GMT 1:00]
Eseguito da: C:\Documents and Settings\User\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-01-24 al 2008-02-24 )))))))))))))))))))))))))))))))))))
.

2008-02-22 20:23 . 2008-02-22 20:23 <DIR> d--h----- C:\WINDOWS\PIF
2008-02-15 18:41 . 2008-02-15 18:41 <DIR> d-------- C:\Programmi\Trend Micro
2008-02-07 23:12 . 2008-02-07 23:59 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-01-26 18:45 . 2008-01-26 18:45 <DIR> d-------- C:\WINDOWS\system32\bak

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-22 20:22 --------- d-----w C:\Programmi\eMule
2008-02-22 20:19 --------- d-----w C:\Programmi\Windows Live Toolbar
2008-02-22 20:18 --------- d-----w C:\Programmi\MSN Messenger
2008-01-26 17:57 --------- d-----w C:\Programmi\Vtune
2008-01-26 17:55 14,348 ----a-w C:\WINDOWS\system32\PSDrvCheck.exe
2008-01-26 17:55 14,348 ----a-w C:\WINDOWS\system32\NeroCheck.exe
2008-01-21 09:58 --------- d-----w C:\Programmi\Alice ti aiuta
2008-01-05 11:03 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-01-05 11:02 --------- d-----w C:\Programmi\ANI
2007-12-30 10:33 --------- d-----w C:\Programmi\ClonyXXL
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2006-11-17 19:45 0 -c--a-w C:\Documents and Settings\User\Dati applicazioni\wklnhst.dat
2004-06-09 15:03 832,728 ----a-w C:\Programmi\NPSWF32.dll
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 438,359 2006-04-21 13:41:20 C:\Programmi\Alice ti aiuta\SmartBridge\bak\MotiveSB.exe
----a-w 14,348 2008-01-26 17:55:32 C:\Programmi\Alice ti aiuta\SmartBridge\MotiveSB.exe

----a-w 79,224 2007-12-04 13:00:23 C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe
----a-w 79,224 2007-12-04 13:00:23 C:\Programmi\Alwil Software\Avast4\ashDisp.exe

----a-w 49,152 2005-10-19 17:19:08 C:\Programmi\ANI\ANIWZCS2 Service\bak\WZCSLDR2.exe
----a-w 49,152 2005-10-19 17:19:08 C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe

----a-w 1,544,192 2005-11-23 14:04:36 C:\Programmi\D-Link\AirPlus G\bak\AirGCFG.exe
----a-w 14,348 2008-01-26 17:55:32 C:\Programmi\D-Link\AirPlus G\AirGCFG.exe

----a-w 68,856 2007-06-25 21:44:05 C:\Programmi\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe
----a-w 14,348 2008-01-26 17:55:32 C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

----a-w 83,608 2007-03-14 01:43:44 C:\Programmi\Java\jre1.6.0_01\bin\bak\jusched.exe
----a-w 14,348 2008-01-26 17:55:32 C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe

----a-w 227,840 2006-10-08 06:25:30 C:\Programmi\SlySoft\AnyDVD\bak\AnyDVD.exe
----a-w 14,348 2008-01-26 17:55:32 C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe

----a-w 57,344 2005-05-19 13:47:36 C:\Programmi\SlySoft\CloneCD\bak\CloneCDTray.exe
----a-w 14,348 2008-01-26 17:55:32 C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe

----a-w 2,154,496 2006-09-13 08:16:44 C:\Programmi\Vtune\bak\TBPanel.exe
----a-w 14,348 2008-01-26 17:55:32 C:\Programmi\Vtune\TBPanel.exe

----a-w 155,648 2001-07-09 09:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe
----a-w 14,348 2008-01-26 17:55:32 C:\WINDOWS\system32\NeroCheck.exe

----a-w 406,016 2004-03-10 15:26:10 C:\WINDOWS\system32\bak\PSDrvCheck.exe
----a-w 14,348 2008-01-26 17:55:32 C:\WINDOWS\system32\PSDrvCheck.exe

----a-w 220,544 2007-07-02 10:29:12 G:\Programmi\Alcohol 120\bak\axcmd.exe
----a-w 14,348 2008-01-26 17:55:32 G:\Programmi\Alcohol 120\axcmd.exe

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="C:\Programmi\SlySoft\AnyDVD\bak\AnyDVD.exe" [2006-10-08 07:25 227840]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-26 18:55 14348]
"BitTorrent"="G:\Programmi\bittorrent.exe" [ ]
"MsnMsgr"="C:\Programmi\MSN Messenger\MsnMsgr.exe" [ ]
"AlcoholAutomount"="G:\Programmi\Alcohol 120\axcmd.exe" [2008-01-26 18:55 14348]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 08:34 16143872 C:\WINDOWS\RTHDCPL.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2008-01-26 18:55 14348]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SMSERIAL"="sm56hlpr.exe" [2004-12-28 23:01 544768 C:\WINDOWS\sm56hlpr.exe]
"CloneCDTray"="C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" [2008-01-26 18:55 14348]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2008-01-26 18:55 14348]
"Gainward"="C:\Programmi\Vtune\TBPanel.exe" [2008-01-26 18:55 14348]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43 8466432]
"nwiz"="nwiz.exe" [2007-06-28 23:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"YeppStudioAgent"="C:\Programmi\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe" [ ]
"Motive SmartBridge"="C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2008-01-26 18:55 14348]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe" [2008-01-26 18:55 14348]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 23:43 81920]
"D-Link AirPlus G"="C:\Programmi\D-Link\AirPlus G\AirGCFG.exe" [2008-01-26 18:55 14348]
"ANIWZCS2Service"="C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 18:19 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:39 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=

R0 mv614x;mv614x;C:\WINDOWS\system32\DRIVERS\mv614x.sys [2006-05-18 14:34]
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2005-02-01 16:30]
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2005-02-01 16:30]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-05-12 08:17]
S3 XPADFL02;XPAD Filter Service 02;C:\WINDOWS\system32\DRIVERS\xpadfl02.sys [2005-12-25 17:15]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-24 16:41:12
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-02-24 16.41.51
.
2007-07-12 07:26:13 --- E O F ---

[mikred]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.42.20, on 24/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\NeroCheck.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\sm56hlpr.exe
G:\Programmi\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Programmi\SlySoft\AnyDVD\bak\AnyDVD.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Gainward] C:\Programmi\Vtune\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Programmi\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programmi\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Programmi\SlySoft\AnyDVD\bak\AnyDVD.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent] "G:\Programmi\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "G:\Programmi\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C3AFE6D-F910-4045-BD29-2E52CA464C27}: NameServer = 85.37.17.42 85.38.28.87
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - G:\Programmi\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 6431 bytes

[mikred]

ora cosa devo fare ?

[bdoriano]

Scarica avenger e scompattalo in una sua cartella non temporanea e non sul desktop

Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:

[mikred]

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ikurfpvp

*******************

Script file located at: \??\C:\Documents and Settings\mwurcsor.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Programmi\Alice ti aiuta\SmartBridge\MotiveSB.exe deleted successfully.
File C:\Programmi\D-Link\AirPlus G\AirGCFG.exe deleted successfully.
File C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe deleted successfully.
File C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe deleted successfully.
File C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe deleted successfully.
File C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe deleted successfully.
File C:\Programmi\Vtune\TBPanel.exe deleted successfully.
File C:\WINDOWS\system32\NeroCheck.exe deleted successfully.
File C:\WINDOWS\system32\PSDrvCheck.exe deleted successfully.
File G:\Programmi\Alcohol 120\axcmd.exe deleted successfully.
File move operation C:\Programmi\Alice ti aiuta\SmartBridge\bak\MotiveSB.exe|C:\Programmi\Alice ti aiuta\SmartBridge\MotiveSB.exe completed successfully.
File move operation C:\Programmi\D-Link\AirPlus G\bak\AirGCFG.exe|C:\Programmi\D-Link\AirPlus G\AirGCFG.exe completed successfully.
File move operation C:\Programmi\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe|C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe completed successfully.
File move operation C:\Programmi\Java\jre1.6.0_01\bin\bak\jusched.exe|C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe completed successfully.


Could not open file C:\Programmi\SlySoft\AnyDVD\bak\AnyDVD.exe for move operation
File move operation C:\Programmi\SlySoft\AnyDVD\bak\AnyDVD.exe|C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe failed!

Could not process line:
C:\Programmi\SlySoft\AnyDVD\bak\AnyDVD.exe|C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
Status: 0xc0000043

File move operation C:\Programmi\SlySoft\CloneCD\bak\CloneCDTray.exe|C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe completed successfully.
File move operation C:\Programmi\Vtune\bak\TBPanel.exe|C:\Programmi\Vtune\TBPanel.exe completed successfully.


Could not open file C:\WINDOWS\system32\bak\NeroCheck.exe for move operation
File move operation C:\WINDOWS\system32\bak\NeroCheck.exe|C:\WINDOWS\system32\NeroCheck.exe failed!

Could not process line:
C:\WINDOWS\system32\bak\NeroCheck.exe|C:\WINDOWS\system32\NeroCheck.exe
Status: 0xc0000043

File move operation C:\WINDOWS\system32\bak\PSDrvCheck.exe|C:\WINDOWS\system32\PSDrvCheck.exe completed successfully.
File move operation G:\Programmi\Alcohol 120\bak\axcmd.exe|G:\Programmi\Alcohol 120\axcmd.exe completed successfully.

Completed script processing.

*******************

Finished! Terminate.

[mikred]

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ctjesbog

*******************

Script file located at: \??\C:\udkekptj.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Programmi\Alice ti aiuta\SmartBridge\MotiveSB.exe deleted successfully.
File C:\Programmi\D-Link\AirPlus G\AirGCFG.exe deleted successfully.
File C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe deleted successfully.
File C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe deleted successfully.


File C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe not found!
Deletion of file C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe failed!

Could not process line:
C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
Status: 0xc0000034

File C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe deleted successfully.
File C:\Programmi\Vtune\TBPanel.exe deleted successfully.


File C:\WINDOWS\system32\NeroCheck.exe not found!
Deletion of file C:\WINDOWS\system32\NeroCheck.exe failed!

Could not process line:
C:\WINDOWS\system32\NeroCheck.exe
Status: 0xc0000034

File C:\WINDOWS\system32\PSDrvCheck.exe deleted successfully.
File G:\Programmi\Alcohol 120\axcmd.exe deleted successfully.


File C:\Programmi\Alice ti aiuta\SmartBridge\bak\MotiveSB.exe not found!
File move operation C:\Programmi\Alice ti aiuta\SmartBridge\bak\MotiveSB.exe|C:\Programmi\Alice ti aiuta\SmartBridge\MotiveSB.exe failed!

Could not process line:
C:\Programmi\Alice ti aiuta\SmartBridge\bak\MotiveSB.exe|C:\Programmi\Alice ti aiuta\SmartBridge\MotiveSB.exe
Status: 0xc0000034



File C:\Programmi\D-Link\AirPlus G\bak\AirGCFG.exe not found!
File move operation C:\Programmi\D-Link\AirPlus G\bak\AirGCFG.exe|C:\Programmi\D-Link\AirPlus G\AirGCFG.exe failed!

Could not process line:
C:\Programmi\D-Link\AirPlus G\bak\AirGCFG.exe|C:\Programmi\D-Link\AirPlus G\AirGCFG.exe
Status: 0xc0000034



File C:\Programmi\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe not found!
File move operation C:\Programmi\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe|C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe failed!

Could not process line:
C:\Programmi\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe|C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Status: 0xc0000034



File C:\Programmi\Java\jre1.6.0_01\bin\bak\jusched.exe not found!
File move operation C:\Programmi\Java\jre1.6.0_01\bin\bak\jusched.exe|C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe failed!

Could not process line:
C:\Programmi\Java\jre1.6.0_01\bin\bak\jusched.exe|C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
Status: 0xc0000034



Could not open file C:\Programmi\SlySoft\AnyDVD\bak\AnyDVD.exe for move operation
File move operation C:\Programmi\SlySoft\AnyDVD\bak\AnyDVD.exe|C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe failed!

Could not process line:
C:\Programmi\SlySoft\AnyDVD\bak\AnyDVD.exe|C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
Status: 0xc0000043



File C:\Programmi\SlySoft\CloneCD\bak\CloneCDTray.exe not found!
File move operation C:\Programmi\SlySoft\CloneCD\bak\CloneCDTray.exe|C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe failed!

Could not process line:
C:\Programmi\SlySoft\CloneCD\bak\CloneCDTray.exe|C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe
Status: 0xc0000034



File C:\Programmi\Vtune\bak\TBPanel.exe not found!
File move operation C:\Programmi\Vtune\bak\TBPanel.exe|C:\Programmi\Vtune\TBPanel.exe failed!

Could not process line:
C:\Programmi\Vtune\bak\TBPanel.exe|C:\Programmi\Vtune\TBPanel.exe
Status: 0xc0000034



Could not open file C:\WINDOWS\system32\bak\NeroCheck.exe for move operation
File move operation C:\WINDOWS\system32\bak\NeroCheck.exe|C:\WINDOWS\system32\NeroCheck.exe failed!

Could not process line:
C:\WINDOWS\system32\bak\NeroCheck.exe|C:\WINDOWS\system32\NeroCheck.exe
Status: 0xc0000043



File C:\WINDOWS\system32\bak\PSDrvCheck.exe not found!
File move operation C:\WINDOWS\system32\bak\PSDrvCheck.exe|C:\WINDOWS\system32\PSDrvCheck.exe failed!

Could not process line:
C:\WINDOWS\system32\bak\PSDrvCheck.exe|C:\WINDOWS\system32\PSDrvCheck.exe
Status: 0xc0000034



File G:\Programmi\Alcohol 120\bak\axcmd.exe not found!
File move operation G:\Programmi\Alcohol 120\bak\axcmd.exe|G:\Programmi\Alcohol 120\axcmd.exe failed!

Could not process line:
G:\Programmi\Alcohol 120\bak\axcmd.exe|G:\Programmi\Alcohol 120\axcmd.exe
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

[mikred]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.32.04, on 25/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
G:\Programmi\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Programmi\SlySoft\AnyDVD\bak\AnyDVD.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Gainward] C:\Programmi\Vtune\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Programmi\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programmi\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Programmi\SlySoft\AnyDVD\bak\AnyDVD.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent] "G:\Programmi\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "G:\Programmi\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - G:\Programmi\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 6440 bytes

[mikred]

KASPERSKY ONLINE SCANNER REPORT
Monday, February 25, 2008 8:08:14 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 25/02/2008
Kaspersky Anti-Virus database records: 580234


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics
Total number of scanned objects 60372
Number of viruses found 3
Number of infected objects 30
Number of suspicious objects 0
Duration of the scan process 00:54:27

Infected Object Name Virus Name Last Action
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\User\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\User\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\User\ntuser.dat.LOG Object is locked skipped

C:\Programmi\Alice ti aiuta\log\mpbtn.log Object is locked skipped

C:\Programmi\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Programmi\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Programmi\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{7E86FC92-5380-4935-839E-586D236F4A8D}\RP244\A0119521.exe Infected: Trojan-Downloader.Win32.Agent.iar skipped

C:\System Volume Information\_restore{7E86FC92-5380-4935-839E-586D236F4A8D}\RP244\A0119538.exe Infected: Trojan-Downloader.Win32.Agent.iar skipped

C:\System Volume Information\_restore{7E86FC92-5380-4935-839E-586D236F4A8D}\RP244\A0119539.exe Infected: Trojan-Downloader.Win32.Agent.iar skipped

C:\System Volume Information\_restore{7E86FC92-5380-4935-839E-586D236F4A8D}\RP244\A0119541.exe Infected: Trojan-Downloader.Win32.Agent.iar skipped

C:\System Volume Information\_restore{7E86FC92-5380-4935-839E-586D236F4A8D}\RP244\A0119542.exe Infected: Trojan-Downloader.Win32.Agent.iar skipped

C:\System Volume Information\_restore{7E86FC92-5380-4935-839E-586D236F4A8D}\RP244\A0119543.exe Infected: Trojan-Downloader.Win32.Agent.iar skipped

C:\System Volume Information\_restore{7E86FC92-5380-4935-839E-586D236F4A8D}\RP244\A0119544.exe Infected: Trojan-Downloader.Win32.Agent.iar skipped

C:\System Volume Information\_restore{7E86FC92-5380-4935-839E-586D236F4A8D}\RP244\A0119545.exe Infected: Trojan-Downloader.Win32.Agent.iar skipped

C:\System Volume Information\_restore{7E86FC92-5380-4935-839E-586D236F4A8D}\RP244\A0119546.exe Infected: Trojan-Downloader.Win32.Agent.iar skipped

C:\System Volume Information\_restore{7E86FC92-5380-4935-839E-586D236F4A8D}\RP244\A0119547.exe Infected: Trojan-Downloader.Win32.Agent.iar skipped

C:\System Volume Information\_restore{7E86FC92-5380-4935-839E-586D236F4A8D}\RP244\A0119548.exe Infected: Trojan-Downloader.Win32.Agent.iar skipped

C:\System Volume Information\_restore{7E86FC92-5380-4935-839E-586D236F4A8D}\RP244\A0119572.exe Infected: Trojan.Win32.KillAV.oe skipped

C:\System Volume Information\_restore{7E86FC92-5380-4935-839E-586D236F4A8D}\RP250\A0119821.exe Infected: Trojan.Win32.KillAV.oe skipped

C:\System Volume Information\_restore{7E86FC92-5380-4935-839E-586D236F4A8D}\RP257\A0121248.exe Infected: Trojan.Win32.KillAV.oe skipped

C:\System Volume Information\_restore{7E86FC92-5380-4935-839E-586D236F4A8D}\RP257\A0121249.exe Infected: Trojan.Win32.KillAV.oe skipped

C:\System Volume Information\_restore{7E86FC92-5380-4935-839E-586D236F4A8D}\RP257\A0121251.exe Infected: Trojan.Win32.KillAV.oe skipped

C:\System Volume Information\_restore{7E86FC92-5380-4935-839E-586D236F4A8D}\RP257\A0121252.exe Infected: Trojan.Win32.KillAV.oe skipped

C:\System Volume Information\_restore{7E86FC92-5380-4935-839E-586D236F4A8D}\RP257\A0121253.exe Infected: Trojan.Win32.KillAV.oe skipped

C:\System Volume Information\_restore{7E86FC92-5380-4935-839E-586D236F4A8D}\RP257\A0121254.exe Infected: Trojan.Win32.KillAV.oe skipped

C:\System Volume Information\_restore{7E86FC92-5380-4935-839E-586D236F4A8D}\RP257\A0121255.exe Infected: Trojan.Win32.KillAV.oe skipped

C:\System Volume Information\_restore{7E86FC92-5380-4935-839E-586D236F4A8D}\RP257\A0121256.exe Infected: Trojan.Win32.KillAV.oe skipped

C:\System Volume Information\_restore{7E86FC92-5380-4935-839E-586D236F4A8D}\RP257\A0121257.exe Infected: Trojan.Win32.KillAV.oe skipped

C:\System Volume Information\_restore{7E86FC92-5380-4935-839E-586D236F4A8D}\RP258\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_734.dat Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\Software\Internet\mirc631.zip/mirc631.exe/stream/data0001/stream/data0014 Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped

D:\Software\Internet\mirc631.zip/mirc631.exe/stream/data0001/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped

D:\Software\Internet\mirc631.zip/mirc631.exe/stream/data0001 Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped

D:\Software\Internet\mirc631.zip/mirc631.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped

D:\Software\Internet\mirc631.zip/mirc631.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped

D:\Software\Internet\mirc631.zip ZIP: infected - 5 skipped

E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

G:\Programmi\Alcohol 120\StarWind\logs\sw_ae-20080225-182337.log Object is locked skipped

G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

G:\System Volume Information\_restore{7E86FC92-5380-4935-839E-586D236F4A8D}\RP244\A0119540.exe Infected: Trojan-Downloader.Win32.Agent.iar skipped

G:\System Volume Information\_restore{7E86FC92-5380-4935-839E-586D236F4A8D}\RP257\A0121258.exe Infected: Trojan.Win32.KillAV.oe skipped

G:\System Volume Information\_restore{7E86FC92-5380-4935-839E-586D236F4A8D}\RP258\change.log Object is locked skipped

Scan process completed.

[mikred]

quale è il link che devo postare

[bdoriano]

Ciao mikred,

perché hai eseguito 2 volte avenger?
Ora hai cancellato anche i files legittimi che non andavano cancellati.

Se qualcosa non va a buon fine, posta il log e aspetta pazientemente che qualcuno passi a darti ulteriori indicazioni prima di fare qualche danno.

Mi sa che dovrai reinstallare questi programmi:
Alcohol 120%
CloneCD
AnyDVD
Airsoft G (connessione wireless)

Per cancellare i files infetti presenti nella System Volume Information, Disabilita il ripristino di sistema.

Segui le istruzioni di questo topic per postare il log di combofix.

[mikred]

ComboFix 08-02-24.4 - User 2008-02-25 21.31.40.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.610 [GMT 1:00]
Eseguito da: C:\Documents and Settings\User\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-01-25 al 2008-02-25 )))))))))))))))))))))))))))))))))))
.

2008-02-25 18:44 . 2008-02-25 18:44 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-25 18:44 . 2008-02-25 18:44 <DIR> d-------- C:\WINDOWS\LastGood
2008-02-25 18:44 . 2008-02-25 18:44 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-02-22 20:23 . 2008-02-22 20:23 <DIR> d--h----- C:\WINDOWS\PIF
2008-02-15 18:41 . 2008-02-15 18:41 <DIR> d-------- C:\Programmi\Trend Micro
2008-02-07 23:12 . 2008-02-07 23:59 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-01-26 18:45 . 2008-02-25 15:57 <DIR> d-------- C:\WINDOWS\system32\bak

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-25 17:23 --------- d-----w C:\Programmi\Vtune
2008-02-22 20:22 --------- d-----w C:\Programmi\eMule
2008-02-22 20:19 --------- d-----w C:\Programmi\Windows Live Toolbar
2008-02-22 20:18 --------- d-----w C:\Programmi\MSN Messenger
2008-01-21 09:58 --------- d-----w C:\Programmi\Alice ti aiuta
2008-01-05 11:03 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-01-05 11:02 --------- d-----w C:\Programmi\ANI
2007-12-30 10:33 --------- d-----w C:\Programmi\ClonyXXL
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2006-11-17 19:45 0 -c--a-w C:\Documents and Settings\User\Dati applicazioni\wklnhst.dat
2004-06-09 15:03 832,728 ----a-w C:\Programmi\NPSWF32.dll
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 79,224 2007-12-04 13:00:23 C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe
----a-w 79,224 2007-12-04 13:00:23 C:\Programmi\Alwil Software\Avast4\ashDisp.exe

----a-w 49,152 2005-10-19 17:19:08 C:\Programmi\ANI\ANIWZCS2 Service\bak\WZCSLDR2.exe
----a-w 49,152 2005-10-19 17:19:08 C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe

----a-w 227,840 2006-10-08 06:25:30 C:\Programmi\SlySoft\AnyDVD\bak\AnyDVD.exe

----a-w 155,648 2001-07-09 09:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="C:\Programmi\SlySoft\AnyDVD\bak\AnyDVD.exe" [2006-10-08 07:25 227840]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"BitTorrent"="G:\Programmi\bittorrent.exe" [ ]
"MsnMsgr"="C:\Programmi\MSN Messenger\MsnMsgr.exe" [ ]
"AlcoholAutomount"="G:\Programmi\Alcohol 120\axcmd.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 08:34 16143872 C:\WINDOWS\RTHDCPL.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SMSERIAL"="sm56hlpr.exe" [2004-12-28 23:01 544768 C:\WINDOWS\sm56hlpr.exe]
"CloneCDTray"="C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" [ ]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [ ]
"Gainward"="C:\Programmi\Vtune\TBPanel.exe" [ ]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43 8466432]
"nwiz"="nwiz.exe" [2007-06-28 23:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"YeppStudioAgent"="C:\Programmi\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe" [ ]
"Motive SmartBridge"="C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe" [ ]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe" [ ]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 23:43 81920]
"D-Link AirPlus G"="C:\Programmi\D-Link\AirPlus G\AirGCFG.exe" [ ]
"ANIWZCS2Service"="C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 18:19 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:39 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=

R0 mv614x;mv614x;C:\WINDOWS\system32\DRIVERS\mv614x.sys [2006-05-18 14:34]
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2005-02-01 16:30]
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2005-02-01 16:30]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-05-12 08:17]
S3 XPADFL02;XPAD Filter Service 02;C:\WINDOWS\system32\DRIVERS\xpadfl02.sys [2005-12-25 17:15]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-25 21:32:48
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-02-25 21.33.23
.
2007-07-12 07:26:13 --- E O F ---

[mikred]

e adesso ?????

[bdoriano]

Hai usato DelDomains?
Riscontri ancora problemi?

[mikred]

; DelDomains.inf © 11-28-04 | Revised 01-15-06
; Created by: Mike Burgess Microsoft MVP
; http://mvps.org/winhelp2002/
;
; Warning: Deletes all entries in the Restricted & Trusted Zone list
; http://mvps.org/winhelp2002/restricted.htm
;
; Revised to include the EscDomains key
;
; To execute this file: in Explorer - right-click (this file)
; Select Install from the Menu.
; Note: you will not see any onscreen action.

[version]
signature="$CHICAGO$"

[DefaultInstall]
DelReg=DelTemps
AddReg=AddTemps

[DelTemps]
HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"
HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains"

; Recreate the keys to avoid a restart

[AddTemps]
HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"
HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains"