Sono un nuovo iscritto e grazie al vostro materiale e forum ho finalmente capito dove sta il problema nel mio pc, in pratica è affetto dal virus in oggetto.
Ho fatto la scansione tramite gmer del rookit e autostart che riporto qui di seguito per chiedervi il corretto script per avenger. Vi ringrazio per la collaborazione e disponibilità.
GMER 1.0.12.12011 - http://www.gmer.net
Autostart scan 2007-01-26 19:07:43
Windows 5.1.2600 Service Pack 2
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@Systemcsted.exe = csted.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
WgaLogon@DLLName = WgaLogon.dll
WRNotifier@DLLName = WRLogonNTF.dll
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
ALG /*Servizio Gateway di livello applicazione*/@ = %SystemRoot%\System32\alg.exe
aspnet_state /*ASP.NET State Service*/@ = %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
aswUpdSv /*avast! iAVS4 Control Service*/@ = "C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe" /*file not found*/
avast! Antivirus /*avast! Antivirus*/@ = "C:\Programmi\Alwil Software\Avast4\ashServ.exe" /*file not found*/
avast! Mail Scanner /*avast! Mail Scanner*/@ = "C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service /*file not found*/
avast! Web Scanner /*avast! Web Scanner*/@ = "C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service /*file not found*/
ClipSrv /*ClipBook*/@ = %SystemRoot%\system32\clipsrv.exe
COM+ Messages /*COM+ Messages*/@ = "C:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000245 /*file not found*/
MDM /*Machine Debug Manager*/@ = "C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe"
NetDDE /*DDE di rete*/@ = %SystemRoot%\system32\netdde.exe
NetDDEdsdm /*DDE DSDM di rete*/@ = %SystemRoot%\system32\netdde.exe
SLService /*SmartLinkService*/@ = slserv.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
StarWindService /*StarWind iSCSI Service*/@ = C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Utilità di pianificazione di LiveUpdate automatico /*Utilità di pianificazione di LiveUpdate automatico*/@ = "C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" /*file not found*/
WebrootSpySweeperService /*Sistema Webroot Spy Sweeper*/@ = "C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe"
WinDefend /*Windows Defender*/@ = "C:\Programmi\Windows Defender\MsMpEng.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@hldrrrC:\WINDOWS\system32\hldrrr.exe = C:\WINDOWS\system32\hldrrr.exe
@WinampAgent:C:\Programmi\Winamp\winampa.exe /*file not found*/ = :C:\Programmi\Winamp\winampa.exe /*file not found*/
@SunJavaUpdateSched:"C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe" /*file not found*/ = :"C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe" /*file not found*/
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@PHIME2002ASync:"C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC /*file not found*/ = :"C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC /*file not found*/
@PHIME2002A:"C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName /*file not found*/ = :"C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName /*file not found*/
@PCMService"c:\Apps\Powercinema\PCMService.exe" = "c:\Apps\Powercinema\PCMService.exe"
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@IMJPMIG8.1"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
@DownloadAccelerator"C:\PROGRA~1\DAP\DAP.EXE" /STARTUP = "C:\PROGRA~1\DAP\DAP.EXE" /STARTUP
@DAEMON Tools"C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033 = "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
@Collegamento alla pagina delle propriet? di High Definition Audio(null) =
@ATIPTA"C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" = "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
@AlcWzrd:ALCWZRD.EXE /*file not found*/ = :ALCWZRD.EXE /*file not found*/
@Alcmtr:ALCMTR.EXE /*file not found*/ = :ALCMTR.EXE /*file not found*/
@ACTIVBOARDc:\apps\ABoard\ABoard.exe = c:\apps\ABoard\ABoard.exe
@CaISSDT"C:\Programmi\CA\eTrust Internet Security Suite\caissdt.exe" = "C:\Programmi\CA\eTrust Internet Security Suite\caissdt.exe"
@eTrustPPAP"C:\Programmi\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" = "C:\Programmi\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
@TkBellExe"C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot = "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
@SoundMan:SOUNDMAN.EXE /*file not found*/ = :SOUNDMAN.EXE /*file not found*/
@Windows Defender"C:\Programmi\Windows Defender\MSASCui.exe" -hide = "C:\Programmi\Windows Defender\MSASCui.exe" -hide
@SpySweeper"C:\Programmi\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray = "C:\Programmi\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
@avast!:C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe /*file not found*/ = :C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe /*file not found*/
@a-squared"C:\Programmi\a-squared Anti-Malware\a2guard.exe" /*file not found*/ = "C:\Programmi\a-squared Anti-Malware\a2guard.exe" /*file not found*/
@a-squared Anti-Dialer"C:\Programmi\a-squared Anti-Dialer\a2adguard.exe" = "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@drvsyskitC:\Documents and Settings\DANIELE\Dati applicazioni\hidires\hidr.exe = C:\Documents and Settings\DANIELE\Dati applicazioni\hidires\hidr.exe
@hldrrrC:\WINDOWS\system32\hldrrr.exe = C:\WINDOWS\system32\hldrrr.exe
@Windows Registry Repair Pro"C:\Programmi\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe" 4 = "C:\Programmi\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe" 4
@updateMgr"C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 = "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7
@MsnMsgr"C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background = "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@german.exeC:\WINDOWS\system32\wintems.exe = C:\WINDOWS\system32\wintems.exe
@Uniblue Registry Booster"C:\Programmi\Uniblue\Registry Booster\RegistryBooster.exe" /S = "C:\Programmi\Uniblue\Registry Booster\RegistryBooster.exe" /S
@Uniblue SpyEraser: /*file not found*/ = : /*file not found*/
@SpamBully 3 for Outlook Express"C:\Programmi\Axaware\Spam Bully 3 for OE\sb3oe.exe" install = "C:\Programmi\Axaware\Spam Bully 3 for OE\sb3oe.exe" install
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>>
@cholecyst(null) =
@WPDShServiceObjC:\WINDOWS\system32\WPDShServiceObj.dll = C:\WINDOWS\system32\WPDShServiceObj.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ >>>
SharedTaskScheduler@cholecyst =
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks >>>
@{57B86673-276A-48B2-BAE7-C6DBB3020EB8}C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
@{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}C:\PROGRA~1\WIFD1F~1\MpShHook.dll = C:\PROGRA~1\WIFD1F~1\MpShHook.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/(null) =
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Programmi\Real\RealPlayer\rpshell.dll = C:\Programmi\Real\RealPlayer\rpshell.dll
@{DEE12703-6333-4D4E-8F34-738C4DCC2E04} /*RecordNow! SendToExt*/C:\Apps\RecordNow\shlext.dll = C:\Apps\RecordNow\shlext.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\Programmi\Microsoft Office\Office10\MLSHEXT.DLL = C:\Programmi\Microsoft Office\Office10\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\Programmi\Microsoft Office\Office10\OLKFSTUB.DLL = C:\Programmi\Microsoft Office\Office10\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\Office10\msohev.dll = C:\Programmi\Microsoft Office\Office10\msohev.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{5464D816-CF16-4784-B9F3-75C0DB52B499} /*Yahoo! Mail*/C:\PROGRA~1\Yahoo!\Common\ymmapi.dll = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll = C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{7C9D5882-CB4A-4090-96C8-430BFE8B795B} /*Webroot Spy Sweeper Context Menu Integration*/C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
@{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/C:\Programmi\Alwil Software\Avast4\ashShell.dll = C:\Programmi\Alwil Software\Avast4\ashShell.dll
@{AB77609F-2178-4E6F-9C4B-44AC179D937A} /*a-squared Context Menu Shell Extension*/C:\PROGRA~1\A-SQUA~1\A2CONT~1.DLL = C:\PROGRA~1\A-SQUA~1\A2CONT~1.DLL
@{A155339D-CCCD-4714-85EB-3754B804C9DF} /*a-squared Free Context Menu Shell Extension*/C:\PROGRA~1\A-SQUA~2\A2FREE~1.DLL = C:\PROGRA~1\A-SQUA~2\A2FREE~1.DLL
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\context.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
Yahoo! Mail@{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\context.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
a2ContMenu@{AB77609F-2178-4E6F-9C4B-44AC179D937A} = C:\PROGRA~1\A-SQUA~1\A2CONT~1.DLL
a2FreeContMenu@{A155339D-CCCD-4714-85EB-3754B804C9DF} = C:\PROGRA~1\A-SQUA~2\A2FREE~1.DLL
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
SpySweeper@{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{02478D38-C3F9-4EFB-9B51-7695ECA05670}:C:\Programmi\Yahoo!\Companion\Installs\cpn2\yt.dll /*file not found*/ = :C:\Programmi\Yahoo!\Companion\Installs\cpn2\yt.dll /*file not found*/
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\Programmi\Spybot - Search & Destroy\SDHelper.dll = C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
@{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll = C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\programmi\google\googletoolbar2.dll = c:\programmi\google\googletoolbar2.dll
@{B56A7D7D-6927-48C8-A975-17DF180C71AC}C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll = C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
HKCU\Control Panel\Desktop@SCRNSAVE.EXE = /*file not found*/
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://it.yahoo.com = http://it.yahoo.com
@Start Pagehttp://it.yahoo.com = http://it.yahoo.com
HKCU\Software\Microsoft\Internet Explorer\Main@Start Page = about:blank
HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
cdo@CLSID = C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL
msnim@CLSID = "C:\PROGRA~1\MSNMES~1\msgrapp.dll"
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\system32\wiascr.dll
C:\Documents and Settings\DANIELE\Menu Avvio\Programmi\Esecuzione automatica >>>
Trend Micro Anti-Spyware.lnk = Trend Micro Anti-Spyware.lnk
Tuttogratis Alert.lnk = Tuttogratis Alert.lnk
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
ADSL Diagnostic Tools.LNK = ADSL Diagnostic Tools.LNK
Avvio veloce di Adobe Reader.lnk = Avvio veloce di Adobe Reader.lnk
Digisoft AntiDialer.lnk = Digisoft AntiDialer.lnk
Microsoft Office.lnk = Microsoft Office.lnk
WinZip Quick Pick.lnk = WinZip Quick Pick.lnk
~Disabled = ~Disabled
---- EOF - GMER 1.0.12 ----