Avast e virus....

[DevilOfSky]

Ciao ragazzi... ultimamente mi compare ogni tanto questo




ho fatto uno scan completo al riavvio del sistema ma non me lo trova...

e anche se lo cancello dai temp si ricrea da solo... e nella lista di programmi che partono all'avvio non c'è niente di strano...

cosa può essere come lo fermo!?


edit: scusate ho visto ora la sezione apposita.. potete spostarmi?

[_MaRcO_]

chiedi a Kewell con un messaggio privato

[Kewell]

Spostato nella sezione generale di "antivirus" (non ho capito se si tratta di una infezione o di un problema di avast ).

[badedas]

C'è già un topic

http://www.hwupgrade.it/forum/showthread.php?t=1546897

Uso anch'io Avast e giusto ieri non mi ha bloccato un virus, precisamente l'"XP Antivirus 2008"

[wizard1993]

Quote:

Originariamente inviato da Kewell

Spostato nella sezione generale di "antivirus" (non ho capito se si tratta di una infezione o di un problema di avast ).

allora hai padellato vistosamente , quella è un infezione, basta vedere i nomi dei file,

[xcdegasp]

spostato in area infezioni


segui la semplice procedura descritta in Guida alla Disinfezione per Infetti e pubblica tutti i log richiesti facendo attenzione alle Regole di Sezione, così potremmo aiutarti

[Kewell]

Quote:

Originariamente inviato da wizard1993

allora hai padellato vistosamente , quella è un infezione, basta vedere i nomi dei file,

Avevo capito che il virus veniva eliminato da avast, ma poi ricompariva lo stesso...

Comunque, io non ho mai avuto un virus (sono sanissimo ), e quindi non ho l'occhio esperto

[DevilOfSky]

log di hackjjj

Codice:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3.31.20, on 28/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\NetLimiter 2 Monitor\nlsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\CTHELPER.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Logitech\Video\LogiTray.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Programmi\NetLimiter 2 Monitor\NLClient.exe
C:\Programmi\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\Mozilla Firefox\firefox.exe
G:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programmi\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmi\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmi\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmi\Logitech\Video\ManifestEngine.exe boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/.../GAME_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ischiatenna4ever.spaces.live....d/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{718140E6-AD9B-493C-BE77-D872627FBE81}: NameServer = 212.216.112.112,212.216.172.62,195.14.96.135,194.242.154.51,195.31.190.31,151.99.125.1,151.99.125.3,151.99.250.2,193.70.192.100,195.210.91.100,193.70. 192.25,212.245.255.2,212.245.158.66
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA6588F8-DAC5-4B42-ABAA-C54A25B9CABE}: NameServer = 193.205.245.5,151.1.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Programmi\NetLimiter 2 Monitor\nlsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe

--
End of file - 8419 bytes

[wizard1993]

intanto fixa questo

Codice:

	O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w

[wjmat]

sarebbe meglio che tu caricassi tutti i log secondo le modalità

[xcdegasp]

i fixerei tutta queste cose:
(riesegui HiJackThis optando per l'opzione "Scan Only", al termine il pulsante in basso a sinistra si chiamerà "Fix Checked", quindi seleziona le righe da fixare e premi tale tasto.)

Codice:

O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O17 - HKLM\System\CCS\Services\Tcpip\..\{718140E6-AD9B-493C-BE77-D872627FBE81}: NameServer = 212.216.112.112,212.216.172.62,195.14.96.135,194.242.154.51,195.31.190.31,151.99.125.1,151.99.125.3,151.99.250.2,193.70.192.100,195.210.91.100,193.70. 192.25,212.245.255.2,212.245.158.66
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA6588F8-DAC5-4B42-ABAA-C54A25B9CABE}: NameServer = 193.205.245.5,151.1.1.1
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nc.exe

http://www.prevx.com/filenames/X2469...AH4NC.EXE.html


ribadisco, segui la semplice procedura descritta in Guida alla Disinfezione per Infetti e pubblica tutti i log richiesti facendo attenzione alle Regole di Sezione, così potremmo aiutarti
emi raccomando leggi le Regole di Sezione così puoi usare altri sistemi più consoni per pubblicare i log e agevlarci nella lettura come appunto uppando i log su uns erver e pubblicando i link a cui scaricarli

[DevilOfSky]

ComboFix report

Quote:

ComboFix 08-07-27.5 - Filippo 2008-07-28 3.35.09.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1494 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Filippo\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Filippo\Dati applicazioni\macromedia\Flash Player\#SharedObjects\N76TB4FV\interclick.com
C:\Documents and Settings\Filippo\Dati applicazioni\macromedia\Flash Player\#SharedObjects\N76TB4FV\interclick.com\ud.sol
C:\Documents and Settings\Filippo\Dati applicazioni\macromedia\Flash Player\#SharedObjects\N76TB4FV\www.broadcaster.com
C:\Documents and Settings\Filippo\Dati applicazioni\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Filippo\Dati applicazioni\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Filippo\Dati applicazioni\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Filippo\Dati applicazioni\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\system\smvss.exe

.
((((((((((((((((((((((((( Files Creati Da 2008-06-28 al 2008-07-28 )))))))))))))))))))))))))))))))))))
.

2008-07-21 21:38 . 2008-07-21 21:38 <DIR> d-------- C:\Programmi\AP Tuner
2008-07-21 14:09 . 2008-07-21 14:09 <DIR> d-------- C:\Programmi\WMVTOAVI
2008-07-21 13:46 . 2008-07-21 13:46 <DIR> d-------- C:\Programmi\AVI GIF Converter
2008-07-21 13:46 . 1998-06-24 00:00 209,192 --a------ C:\WINDOWS\system32\TABCTL32.OCX
2008-07-21 13:46 . 2003-05-02 15:20 194,048 --a------ C:\WINDOWS\system32\PlayGif.ocx
2008-07-20 18:51 . 2006-02-20 20:25 17,536 --a------ C:\WINDOWS\system32\drivers\grmn0200.sys
2008-07-20 18:51 . 2003-09-23 16:42 17,024 --a------ C:\WINDOWS\system32\drivers\grmngen.sys
2008-07-20 18:51 . 2006-04-11 21:51 16,512 --a------ C:\WINDOWS\system32\drivers\grmn0400.sys
2008-07-20 18:51 . 2006-07-11 21:50 11,776 --a------ C:\WINDOWS\system32\drivers\grmn1200.sys
2008-07-20 18:51 . 2003-09-23 16:42 7,296 --a------ C:\WINDOWS\system32\drivers\grmnusb.sys
2008-07-20 18:43 . 2008-07-20 19:01 <DIR> d-------- C:\Garmin
2008-07-12 16:14 . 2008-07-12 16:14 <DIR> d-------- C:\Documents and Settings\Filippo\Dati applicazioni\Microsoft Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-26 20:07 --------- d-----w C:\Documents and Settings\Filippo\Dati applicazioni\Skype
2008-07-26 17:09 --------- d-----w C:\Documents and Settings\Filippo\Dati applicazioni\skypePM
2008-07-19 18:26 --------- d-----w C:\Programmi\eMule
2008-07-07 22:27 --------- d-----w C:\Documents and Settings\Filippo\Dati applicazioni\Hamachi
2008-06-27 00:00 0 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\PKP_DLbx.DAT
2008-06-27 00:00 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Ultima_T15
2008-06-27 00:00 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\EnterNHelp
2008-06-15 23:25 --------- d-----w C:\Documents and Settings\Filippo\Dati applicazioni\GetRightToGo
2008-06-14 14:48 --------- d-----w C:\Programmi\MessengerDiscovery
2008-04-29 00:05 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-04-29 00:05 22,328 ----a-w C:\Documents and Settings\Filippo\Dati applicazioni\PnkBstrK.sys
2008-04-29 00:05 2,337,865 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-04-29 00:05 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-08-19 15:51 1667584]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-11-24 15:38 94208]
"LogitechSoftwareUpdate"="C:\Programmi\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-08-13 19:05 2532576]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"PCSuiteTrayApplication"="C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"LogitechVideoRepair"="C:\Programmi\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="C:\Programmi\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"StartCCC"="C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:39 15360]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]

C:\Documents and Settings\Filippo\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2007-05-16 15:54:29 113664]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2007-05-16 15:54:29 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
"vidc.VSPX"= vspxvfw.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKLM\~\startupfolder\C:^Documents and Settings^Filippo^Menu Avvio^Programmi^Esecuzione automatica^DeskPins.lnk]
path=C:\Documents and Settings\Filippo\Menu Avvio\Programmi\Esecuzione automatica\DeskPins.lnk
backup=C:\WINDOWS\pss\DeskPins.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
-ra------ 2007-11-05 06:32 61440 C:\Programmi\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
--------- 2004-10-05 09:52 98304 C:\Programmi\Creative\MediaSource\Detector\CTDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 14:44 196608 C:\Programmi\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 18:20 866584 C:\Programmi\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\MSN BackUp\\MSNBackup.exe"=
"C:\\Programmi\\RealVNC\\VNC4\\vncviewer.exe"=
"G:\\Programmi\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"G:\\Programmi\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"G:\\Programmi\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\FlashFXP\\FlashFXP.exe"= C:\\Programmi\\FlashFXP\\flashfxp.exe
"G:\\Programmi\\32nd America's Cup\\VskAC32.exe"=
"C:\\Programmi\\Azureus\\Azureus.exe"=
"G:\\Programmi\\Codemasters\\DiRT\\DiRT.exe"=
"C:\\WINDOWS\\system32\\javaw.exe"=
"G:\\Programmi\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=
"G:\\Programmi\\FileZilla\\FileZilla.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"G:\\Programmi\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);C:\WINDOWS\system32\drivers\pe3ah4nc.sys [2007-05-18 21:53]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);C:\WINDOWS\system32\drivers\ps6ah4nc.sys [2007-05-18 21:52]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 18:08]
R1 UGURU;UGURU;C:\WINDOWS\system32\drivers\uGuru.sys [2006-05-03 13:46]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);C:\WINDOWS\system32\pr2ah4nc.exe svc []
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{442a5acb-92ca-11dc-9120-00508d95f976}]
\Shell\AutoRun\command - wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d322854-f147-11dc-923f-00508d95f976}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c79c8984-4e86-11dc-9063-00508d95f976}]
\Shell\AutoRun\command - H:\autorun.exe
\Shell\setup\command - H:\setup.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenuto della cartella 'Scheduled Tasks'

2008-07-28 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Programmi\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
- - - - ORFÃOS REMOVIDOS - - - -

MSConfigStartUp-SweetIM - C:\Programmi\Macrogaming\SweetIM\SweetIM.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank
R0 -: HKLM-Main,Start Page = hxxp://home.sweetim.com
O8 -: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{718140E6-AD9B-493C-BE77-D872627FBE81}: NameServer = 212.216.112.112,212.216.172.62,195.14.96.135,194.242.154.51,195.31.190.31,151.99.125.1,151.99.125.3,
151.99.250.2,193.70.192.100,195.210.91.100,193.70.192.25,212.245.255.2,212.245.158.66
O17 -: HKLM\CCS\Interface\{AA6588F8-DAC5-4B42-ABAA-C54A25B9CABE}: NameServer = 193.205.245.5,151.1.1.1


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-28 03:41:18
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


C:\WINDOWS\TEMP\TMP0000009E5A2D8C759EE0DE04


**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Ora fine scansione: 2008-07-28 3:44:18
ComboFix-quarantined-files.txt 2008-07-28 01:43:15

Pre-Run: 11,695,091,712 byte disponibili
Post-Run: 12,425,052,160 byte disponibili

172

[xcdegasp]

perchè non segui i consigli? il pc è tuo quindi libero arbitrio a te di farci cio che ritieni più opportuno ma se chiedi assistenza almeno segui cio che ti viene consigliato

se decidess di seguire i miei consigli ricordati di ridisabilitare il ripristino di sistema
in caso li trovi qui: http://www.hwupgrade.it/forum/showpo...3&postcount=11

[wizard1993]

Quote:

Originariamente inviato da xcdegasp

perchè non segui i consigli?

sai è un po difficile seguire due procedure che richiedono cose diverse


comunque diamo tempo al tempo

[xcdegasp]

capito... mi domando se si divertano a fare i paragoni