Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Bagle Gravissimo

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Bagle Gravissimo

Messaggioda Spaccy » mer nov 05, 2008 10:04 am

Il mio problema è gravissimo....Soliti sintomi...wifi scollegato...avast che non parte più...ma la cosa peggiore è che tutto mi va in errore...GMER errore Win32...HijackThis inizia la scanzione poi il programma si chiude da solo prima che finisca....e poi Kaspersky on-line va in errore nell'update e non mi fa fare la scansione....sono con le mani tra i capelli e non sò come mostrarvi i log non avendo la possibilità di crearli...HELP ME...Grazie mille
Avatar utente
Spaccy
Aficionado
Aficionado
 
Messaggi: 121
Iscritto il: ven feb 01, 2008 5:15 pm
Località: Roma

Re: Bagle Gravissimo

Messaggioda Amantide » mer nov 05, 2008 11:43 am

Scarica FindyKill ed installalo (è in francese però è di facile comprensione).
Una volta installato chiudi tutte le applicazioni attive e disconnettiti dal internet, poi clicca sull'icona di FindyKill e nella finestra dos che si aprirà scrivi 1 e premi Invio. Attendi il termine della scansione e posta qui il log che trovi in C:\FindyKill.txt
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: Bagle Gravissimo

Messaggioda Spaccy » mer nov 05, 2008 11:49 am

Allora inanto ecco il lig del FindyKill

----------------- FindyKill V4.095 ------------------

* User : Administrator - PC558248743147
* Emplacement : C:\Programmi\FindyKill
* Outils Mis a jours le 05/11/08 par Chiquitine29
* Recherche effectuée à 11:45:57 le 05/11/2008
* Windows XP - Internet Explorer 7.0.5730.13

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\PDF Complete\pdfsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Administrator\Documenti\Utility\Programmi Antivisur - Bagle\MegaLab_copia_hijack.exe
C:\WINDOWS\system32\wuauclt.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:


»»»» Presence des fichiers dans C:\WINDOWS


»»»» Presence des fichiers dans C:\WINDOWS\Prefetch


»»»» Presence des fichiers dans C:\WINDOWS\system32


»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers


»»»» Presence des fichiers dans C:\Documents and Settings\Administrator\Dati applicazioni


»»»» Presence des fichiers dans C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp


--------------- [ Registre / Startup ] ----------------


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
MsmqIntCert REG_SZ regsvr32 /s mqrt.dll
SoundMAX REG_SZ C:\Programmi\Analog Devices\SoundMAX\Smax4.exe /tray
SunJavaUpdateSched REG_SZ "C:\Programmi\Java\jre6\bin\jusched.exe"
Recguard REG_SZ C:\WINDOWS\Sminst\Recguard.exe
Scheduler REG_SZ C:\WINDOWS\SMINST\Scheduler.exe
Cpqset REG_SZ C:\Programmi\Hewlett-Packard\Default Settings\cpqset.exe
SynTPStart REG_SZ C:\Programmi\Synaptics\SynTP\SynTPStart.exe
SoundMAXPnP REG_SZ C:\Programmi\Analog Devices\Core\smax4pnp.exe
SynTPEnh REG_SZ C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
QuickTime Task REG_SZ "C:\Programmi\QuickTime\qttask.exe" -atboottime

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
MsnMsgr REG_SZ "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
DeskSpace REG_SZ C:\Programmi\DeskSpace\deskspace.exe
LClock REG_SZ C:\Programmi\LClock\LClock.exe
H/PC Connection Agent REG_SZ "C:\Programmi\Microsoft ActiveSync\wcescomm.exe"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater

--------------- [ Registre / Clés infectieuses ] ----------------



--------------- [ Etat / Services ] ----------------



+- Services : [ Auto=2 Demande=3 Désactivé=4 ]

Ndisuio - Type de démarrage = 3

EapHost - Type de démarrage = 2

Ip6Fw - Type de démarrage = 2

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

wscsvc - Type de démarrage = 2



--------------- [ Recherche dans supports amovibles] ----------------


+- Informations :

C: - Unit… fissa

D: - Unit… fissa


+- presence des fichiers :



--------------- [ Registre / Moutpoint2 ] ----------------


-> Recherche négative.


------------------- ! Fin du rapport ! --------------------



Poi finalmente sono riuscito a far funzionare HijackThis ed ecco il log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11.43.08, on 05/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\PDF Complete\pdfsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Documenti\Utility\Programmi Antivisur - Bagle\MegaLab_copia_hijack.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alice.it
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.alice.it/search/home/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fffansworld.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programmi\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: ilcorsaronero Toolbar - {f4035115-6152-4901-a81d-f4e0a0479615} - C:\Programmi\ilcorsaronero\tbilco.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programmi\Winamp Toolbar\winamptb.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programmi\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ilcorsaronero Toolbar - {f4035115-6152-4901-a81d-f4e0a0479615} - C:\Programmi\ilcorsaronero\tbilco.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: ilcorsaronero Toolbar - {f4035115-6152-4901-a81d-f4e0a0479615} - C:\Programmi\ilcorsaronero\tbilco.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programmi\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SoundMAX] C:\Programmi\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Programmi\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DeskSpace] C:\Programmi\DeskSpace\deskspace.exe
O4 - HKCU\..\Run: [LClock] C:\Programmi\LClock\LClock.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user')
O4 - .DEFAULT User Startup: CCC.lnk = ? (User 'Default user')
O4 - Startup: CCC.lnk = ?
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dati applicazioni\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Programmi\File comuni\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferito portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programmi\File comuni\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programmi\File comuni\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {C42B23DF-334C-4AD0-9AB4-91FF53D04239} (AbImporter Class) - http://v.netlogstatic.com/v3.00/766//s/ ... porter.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E0511BF1-B5C0-4F1A-BB3D-036F6DE51C5C} (WebCamX Control) - http://192.168.2.250/WebCamX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FEB55D98-EB29-429D-BA74-78F24BE97BF9}: NameServer = 80.93.143.42,80.93.143.44
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ddcbbcc - C:\WINDOWS\
O20 - Winlogon Notify: OneCard - C:\Programmi\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Programmi\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Programmi\File comuni\SureThing Shared\stllssvr.exe

--
End of file - 11774 bytes
Avatar utente
Spaccy
Aficionado
Aficionado
 
Messaggi: 121
Iscritto il: ven feb 01, 2008 5:15 pm
Località: Roma


Re: Bagle Gravissimo

Messaggioda Amantide » mer nov 05, 2008 11:55 am

Ok, ora esegui anche la scansione completa con Malwarebytes' Anti-Malware.

EDIT:
Anzi, prima scarica il ComboFix da qui ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto.

P.S. Non si tratta di Bagle.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: Bagle Gravissimo

Messaggioda Spaccy » mer nov 05, 2008 12:39 pm

Ok operazione eseguita... ecco il log

ComboFix 08-11-04.02 - Administrator 2008-11-05 12.16.06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.1416 [GMT 1:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\nlehkckga_navfx.dat
c:\programmi\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\programmi\Windows Live\Messenger\MsnMsgr.exe
c:\windows\BM374d1177.txt
c:\windows\BM374d1177.xml
c:\windows\cookies.ini
c:\windows\pskt.ini
c:\windows\system32\artbvrlm.ini
c:\windows\system32\biveceko.ini
c:\windows\system32\iluhwkyx.ini
c:\windows\system32\mcrh.tmp
c:\windows\system32\mvmjmjgq.ini
c:\windows\system32\nvs2.inf
c:\windows\system32\vrwrnccf.ini
d:\recycler\Desktop.ini
d:\recycler\Folder.htt
d:\recycler\Protect.ed
d:\recycler\Warning.bmp

.
((((((((((((((((((((((((( Files Creati Da 2008-10-05 al 2008-11-05 )))))))))))))))))))))))))))))))))))
.

2008-11-05 12:11 . 2008-11-05 12:11 <DIR> d-------- C:\pincopallino
2008-11-05 11:29 . 2008-11-05 11:46 <DIR> d-------- c:\programmi\FindyKill
2008-11-05 10:09 . 2008-11-05 10:08 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-05 09:52 . 2008-11-05 09:52 <DIR> d-------- c:\programmi\CDex_150
2008-11-04 16:44 . 2008-11-04 16:44 <DIR> d-------- c:\programmi\ARWizard3
2008-11-02 12:30 . 2008-11-02 12:30 50 --a------ c:\windows\cdplayer.ini
2008-10-31 09:41 . 2008-10-31 09:41 <DIR> d--h----- C:\Nuova cartella
2008-10-24 10:04 . 2008-10-24 10:04 65 --a------ c:\windows\FISHUI.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-05 09:08 --------- d-----w c:\programmi\Java
2008-11-05 08:06 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\TeamViewer
2008-10-30 11:12 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\uTorrent
2008-10-24 08:53 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\DataCast
2008-10-03 13:48 --------- d-----w c:\programmi\Look@LAN
2008-10-02 07:06 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\Skype
2008-10-01 11:10 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\TVU Networks
2008-09-22 06:57 --------- d-----w c:\programmi\CCleaner
2008-09-22 06:52 --------- d-----w c:\programmi\Winamp
2008-09-20 12:03 --------- d-----w c:\programmi\Samsung
2008-09-20 11:39 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-09-20 11:39 --------- d-----w c:\programmi\MarkAny
2008-09-17 15:23 --------- d-----w c:\programmi\TOSHIBA
2008-09-17 15:19 --------- d-----w c:\programmi\TOSHIBA Viewer V2
2008-09-17 08:58 --------- d-----w c:\programmi\Winamp Toolbar
2008-09-17 08:58 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Winamp Toolbar
2008-09-16 10:41 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Cogniview
2008-09-16 10:41 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\Cogniview
2008-09-15 13:43 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2008-09-11 14:39 --------- d-----w c:\programmi\SkyStoneACD
2008-09-11 14:31 --------- d-----w c:\programmi\SkyStone
2008-09-10 13:38 --------- d-----w c:\programmi\3CX Phone
2008-09-10 13:38 --------- d-----w c:\programmi\3CX
2008-05-16 09:19 32,768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008051620080517\index.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\programmi\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]
"{f4035115-6152-4901-a81d-f4e0a0479615}"= "c:\programmi\ilcorsaronero\tbilco.dll" [2008-07-27 1606680]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{f4035115-6152-4901-a81d-f4e0a0479615}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f4035115-6152-4901-a81d-f4e0a0479615}]
2008-07-27 20:11 1606680 --a------ c:\programmi\ilcorsaronero\tbilco.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{f4035115-6152-4901-a81d-f4e0a0479615}"= "c:\programmi\ilcorsaronero\tbilco.dll" [2008-07-27 1606680]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{F4035115-6152-4901-A81D-F4E0A0479615}"= "c:\programmi\ilcorsaronero\tbilco.dll" [2008-07-27 1606680]

[HKEY_CLASSES_ROOT\clsid\{f4035115-6152-4901-a81d-f4e0a0479615}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DeskSpace"="c:\programmi\DeskSpace\deskspace.exe" [2007-09-18 1066496]
"LClock"="c:\programmi\LClock\LClock.exe" [2004-09-19 65536]
"H/PC Connection Agent"="c:\programmi\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 1211176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-11-05 136600]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-10-09 697976]
"Cpqset"="c:\programmi\Hewlett-Packard\Default Settings\cpqset.exe" [2007-05-03 57344]
"SynTPStart"="c:\programmi\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1028096]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-05 78008]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-05-27 413696]
"MsmqIntCert"="mqrt.dll" [2008-04-14 c:\windows\system32\mqrt.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\windows\system32\config\systemprofile\Menu Avvio\Programmi\Esecuzione automatica\
CCC.lnk - c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]

c:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\
CCC.lnk - c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 06:00 33648 c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-06-21 03:52 1211176 c:\progra~1\MI3AA1~1\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2007-01-29 20:10 46632 c:\programmi\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-06-02 10:13 267048 c:\programmi\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
--a------ 2006-10-25 08:03 210472 c:\programmi\File comuni\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-08-04 00:02 36352 c:\programmi\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\programmi\Microsoft ActiveSync\rapimgr.exe"= c:\programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmi\Microsoft ActiveSync\wcescomm.exe"= c:\programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programmi\Microsoft ActiveSync\WCESMgr.exe"= c:\programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programmi\\Look@LAN\\LookAtLan.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\GlobalSCAPE\\CuteFTP 7 Professional\\ftpte.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 ASChannel;Canale di comunicazione locale;c:\windows\System32\svchost.exe [2008-04-14 14336]
R2 Dnscache;Client DNS;c:\windows\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter;c:\programmi\Java\jre6\bin\jqs.exe [2008-11-05 152984]
R2 pdfcDispatcher;PDF Document Manager;c:\programmi\PDF Complete\pdfsvc.exe [2007-05-08 540448]
R2 WILPAR;Wordcraft Parallel Driver;c:\windows\system32\Drivers\WILPAR.SYS [2001-12-14 14096]
S1 sK9Ou0s;sK9Ou0s;c:\windows\system32\drivers\srosa2.sys [ ]
S2 ASBroker;Operatore della sessione di accesso;c:\windows\System32\svchost.exe [2008-04-14 14336]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [ ]
S3 USBSTOR;Driver archiviazione di massa USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Cognizance REG_MULTI_SZ ASBroker ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a8c0956-a724-11dd-a07a-001a4b85ce53}]
\Shell\AutoRun\command - WD_Windows_Tools\Setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {09258F12-48E7-B18E-C414-1F48C215685F} /qb

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\programmi\File comuni\LightScribe\LSRunOnce.exe"
.
- - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-MsnMsgr - c:\programmi\Windows Live\Messenger\MsnMsgr.Exe
Notify-ddcbbcc - (no file)


.
------- Supplementare di scansione -------
.
FireFox -: Profile - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\6j9eo9ge.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.it
FF -: plugin - c:\programmi\DNA\plugins\npbtdna.dll
FF -: plugin - c:\programmi\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-05 12:20:52
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\programmi\Hewlett-Packard\Default Settings\cpqset.exe? ??????????T??????????????|?M?|?????M?|&?@

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\pdfcDispatcher]
"ImagePath"="c:\programmi\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\agrsmsvc.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
c:\programmi\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2008-11-05 12:29:06 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-11-05 11:29:03

Pre-Run: 118.878.216.192 byte disponibili
Post-Run: 119,054,491,648 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

221 --- E O F --- 2008-07-23 13:38:26


Voglio far notare che dopo l'operazione e il riavvio del pc il WIFI ha ripreso a funzionare...ho provato comunque a lanciare AVAST ma mi da sempre errore Win32...in compenso mi rifunziona GMER e sto provando a far funzionare kaspersky on-line....
Avatar utente
Spaccy
Aficionado
Aficionado
 
Messaggi: 121
Iscritto il: ven feb 01, 2008 5:15 pm
Località: Roma

Re: Bagle Gravissimo

Messaggioda Spaccy » mer nov 05, 2008 12:58 pm

Aggiungo che Kaspersky on-line ora funziona e sta scansionando!...rifunzionano i vari programmi come CCLEANER ecc...forse avast va reistallato?!?!

comunque appena finiscono pubblico i log di GMER e KASPERSKY e magari mi dite se c'è qualcosa da fixare con avenger e co.
Avatar utente
Spaccy
Aficionado
Aficionado
 
Messaggi: 121
Iscritto il: ven feb 01, 2008 5:15 pm
Località: Roma

Re: Bagle Gravissimo

Messaggioda Amantide » mer nov 05, 2008 1:05 pm

Avast continua a non funzionare perché è stato danneggiato da worm o chessia ed ora lo devi reinstallare, ma già che ci sei ti consiglio di passare ad un altro antivirus, per esempio Avira.

Qualche traccia di Bagle sul pc si vede, forse si tratta di una nuova versione [uhm]

Scarica OtMoveIt3, avvialo ed assicurati che la voce Unregister Dll's and Ocx's sia spuntata.
Nello spazio bianco sotto alla voce Paste Instructions for items to be Moved incolla seguente script e clicca su MoveIt!:

Codice: Seleziona tutto
:services
sK9Ou0s

:files
c:\windows\system32\drivers\srosa2.sys

:commands
[purity]
[emptytemp]
[Reboot]


Il log dell'operazione verrà salvato nella cartella C:\_OtMoveIt\MovedFiles sotto la forma del file [nome_e_data].LOG
Copia il suo contenuto ed inseriscilo qui.

Questo c:\programmi\ilcorsaronero\tbilco.dll, sai di cosa si tratta?
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: Bagle Gravissimo

Messaggioda Spaccy » mer nov 05, 2008 2:59 pm

Allora questo è il log del programma che mi hai detto di usare dove ho inserito la stringa dettata da te ^_^

========= SERVICES/DRIVERS ==========
Service sK9Ou0s stopped successfully.
Service sK9Ou0s deleted successfully.
========== FILES ==========
File/Folder c:\windows\system32\drivers\srosa2.sys not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\Arj.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\avlib.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\Avp1.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\AvpMgr.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\btimages.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\CAB.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\dmap.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\dtreg.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\FsDrvPlg.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\FSSync.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\HashCont.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\HashMD5.PPL scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\HCCMP.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\ichk2.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\iChkSA.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\Inflate.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\IWGen.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\kave.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\kosglue-7.0.25.0.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\lha.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\L_llio.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\mdb.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\MDMAP.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\MemModSc.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\MemScan.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\minizip.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\MKavIO.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\msoe.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\nfio.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\NTFSstrm.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\prKernel.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\prLoader.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\prseqio.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\PrUtil.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\rar.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\ScanningProcess.exe scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\sfdb.PPL scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\TempFile.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\thpimpl.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\UniArc.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\UnLZX.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\UnStored.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\WDiskIO.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\hsperfdata_Administrator\684 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\hsperfdata_Administrator\688 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\WCESLog.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\~DF2AD6.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\~DF2AE4.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\~DF41ED.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\~DF4215.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\~DF509.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\~DF554E.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\~DFDA09.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6ac.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. C:\Documents and Settings\Administrator\Dati applicazioni\Sun\Java\Deployment\cache\6.0\14\757e808e-6307e6f6 scheduled to be deleted on reboot.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11052008_131439

Files moved on Reboot...
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\Arj.ppl moved successfully.
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\avlib.ppl moved successfully.
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\Avp1.ppl moved successfully.
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\AvpMgr.ppl moved successfully.
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\btimages.ppl moved successfully.
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\CAB.ppl moved successfully.
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\dmap.ppl moved successfully.
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\dtreg.ppl moved successfully.
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\FsDrvPlg.ppl moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\FSSync.dll
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\FSSync.dll NOT unregistered.
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\FSSync.dll moved successfully.
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\HashCont.ppl moved successfully.
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\HashMD5.PPL moved successfully.
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\HCCMP.ppl moved successfully.
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\ichk2.ppl moved successfully.
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\iChkSA.ppl moved successfully.
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\Inflate.ppl moved successfully.
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\IWGen.ppl moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\kave.dll
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\kave.dll NOT unregistered.
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\kave.dll moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\kosglue-7.0.25.0.dll
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\kosglue-7.0.25.0.dll NOT unregistered.
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\kosglue-7.0.25.0.dll moved successfully.
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\lha.ppl moved successfully.
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\L_llio.ppl moved successfully.
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\mdb.ppl moved successfully.
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\MDMAP.ppl moved successfully.
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\MemModSc.ppl moved successfully.
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\MemScan.ppl moved successfully.
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\minizip.ppl moved successfully.
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\MKavIO.ppl moved successfully.
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\msoe.ppl moved successfully.
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\nfio.ppl moved successfully.
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\NTFSstrm.ppl moved successfully.
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\prKernel.ppl moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\prLoader.dll
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\prLoader.dll NOT unregistered.
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\prLoader.dll moved successfully.
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\prseqio.ppl moved successfully.
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\PrUtil.ppl moved successfully.
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\rar.ppl moved successfully.
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\ScanningProcess.exe moved successfully.
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\sfdb.PPL moved successfully.
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\TempFile.ppl moved successfully.
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\thpimpl.ppl moved successfully.
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\UniArc.ppl moved successfully.
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\UnLZX.ppl moved successfully.
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\UnStored.ppl moved successfully.
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\jkos-Administrator\binaries\WDiskIO.ppl moved successfully.
File C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\hsperfdata_Administrator\684 not found!
File C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\hsperfdata_Administrator\688 not found!
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\WCESLog.log moved successfully.
File C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\~DF2AD6.tmp not found!
File C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\~DF2AE4.tmp not found!
File C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\~DF41ED.tmp not found!
File C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\~DF4215.tmp not found!
File C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\~DF509.tmp not found!
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\~DF554E.tmp moved successfully.
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\~DFDA09.tmp moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_6ac.dat not found!
C:\Documents and Settings\Administrator\Dati applicazioni\Sun\Java\Deployment\cache\6.0\14\757e808e-6307e6f6 moved successfully.


Per sicurezza (lo sò che rompo parecchio xD) vorrei postarti anche i log (fatti ora ora dopo il riavvio) di Gmer e Hijatiks cosìmi dici se c'è altra zozzeria da togliere ehehehe

Questo è quello di HijackThis:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14.50.24, on 05/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\PDF Complete\pdfsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\DeskSpace\deskspace.exe
C:\Programmi\LClock\LClock.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Documenti\Utility\Programmi Antivisur - Bagle\gmer.exe
C:\Programmi\Audacity\audacity.exe
C:\Documents and Settings\Administrator\Documenti\Utility\Programmi Antivisur - Bagle\MegaLab_copia_hijack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fffansworld.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programmi\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: ilcorsaronero Toolbar - {f4035115-6152-4901-a81d-f4e0a0479615} - C:\Programmi\ilcorsaronero\tbilco.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programmi\Winamp Toolbar\winamptb.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programmi\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ilcorsaronero Toolbar - {f4035115-6152-4901-a81d-f4e0a0479615} - C:\Programmi\ilcorsaronero\tbilco.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: ilcorsaronero Toolbar - {f4035115-6152-4901-a81d-f4e0a0479615} - C:\Programmi\ilcorsaronero\tbilco.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programmi\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Programmi\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DeskSpace] C:\Programmi\DeskSpace\deskspace.exe
O4 - HKCU\..\Run: [LClock] C:\Programmi\LClock\LClock.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user')
O4 - .DEFAULT User Startup: CCC.lnk = ? (User 'Default user')
O4 - Startup: CCC.lnk = ?
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dati applicazioni\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Programmi\File comuni\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferito portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programmi\File comuni\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programmi\File comuni\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {C42B23DF-334C-4AD0-9AB4-91FF53D04239} (AbImporter Class) - http://v.netlogstatic.com/v3.00/766//s/ ... porter.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E0511BF1-B5C0-4F1A-BB3D-036F6DE51C5C} (WebCamX Control) - http://192.168.2.250/WebCamX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FEB55D98-EB29-429D-BA74-78F24BE97BF9}: NameServer = 80.93.143.42,80.93.143.44
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Programmi\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Programmi\File comuni\SureThing Shared\stllssvr.exe

--
End of file - 11042 bytes


Questo invece è quello di GMER

GMER 1.0.14.14205 - http://www.gmer.net
Rootkit scan 2008-11-05 14:59:36
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT sptd.sys ZwCreateKey [0xF729F0D0]
SSDT sptd.sys ZwEnumerateKey [0xF72A4E2C]
SSDT sptd.sys ZwEnumerateValueKey [0xF72A51BA]
SSDT sptd.sys ZwOpenKey [0xF729F0B0]
SSDT sptd.sys ZwQueryKey [0xF72A5292]
SSDT sptd.sys ZwQueryValueKey [0xF72A5112]
SSDT sptd.sys ZwSetValueKey [0xF72A5324]

---- Kernel code sections - GMER 1.0.14 ----

? C:\WINDOWS\system32\drivers\sptd.sys Impossibile accedere al file. Il file è utilizzato da un altro processo.
.text USBPORT.SYS!DllUnload F6AD08AC 5 Bytes JMP 8A6A91C8

---- User code sections - GMER 1.0.14 ----

.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[2352] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 435FF301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[2352] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 43791667 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[2352] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 437915E8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[2352] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 4379162C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[2352] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 43791574 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[2352] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 437915AE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[2352] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 437916A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[2352] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 436216B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\SMINST\Scheduler.exe[2900] USER32.dll!GetSysColor 7E398E78 5 Bytes JMP 0041C110 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[2900] USER32.dll!GetSysColorBrush 7E398EAB 5 Bytes JMP 0041C180 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[2900] USER32.dll!SetScrollInfo 7E399056 7 Bytes JMP 0041C000 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[2900] USER32.dll!GetScrollInfo 7E3ADFE2 7 Bytes JMP 0041BF50 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[2900] USER32.dll!ShowScrollBar 7E3AF2F2 5 Bytes JMP 0041C0D0 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[2900] USER32.dll!GetScrollPos 7E3AF704 5 Bytes JMP 0041BF90 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[2900] USER32.dll!SetScrollPos 7E3AF750 5 Bytes JMP 0041C040 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[2900] USER32.dll!GetScrollRange 7E3AF787 5 Bytes JMP 0041BFC0 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[2900] USER32.dll!SetScrollRange 7E3AF99B 5 Bytes JMP 0041C080 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[2900] USER32.dll!EnableScrollBar 7E3E8005 7 Bytes JMP 0041BF10 C:\WINDOWS\SMINST\Scheduler.exe

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F729FAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F729FC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F729FB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F72A0748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F72A061E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F72B4ACA] sptd.sys

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 8A85D1E8

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)

Device \Driver\usbohci \Device\USBPDO-0 8A78B7A0
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A8D11E8
Device \Driver\dmio \Device\DmControl\DmConfig 8A8D11E8
Device \Driver\dmio \Device\DmControl\DmPnP 8A8D11E8
Device \Driver\dmio \Device\DmControl\DmInfo 8A8D11E8
Device \Driver\usbohci \Device\USBPDO-1 8A78B7A0
Device \Driver\usbohci \Device\USBPDO-2 8A78B7A0
Device \Driver\NetBT \Device\NetBT_Tcpip_{07CC4A92-3C0C-4AF4-BC09-636047BA7E5C} 8A5C17A0
Device \Driver\usbehci \Device\USBPDO-3 8A6581E8
Device \Driver\usbohci \Device\USBPDO-4 8A78B7A0
Device \Driver\usbohci \Device\USBPDO-5 8A78B7A0
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A85F1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A85F1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A5C17A0
Device \Driver\NetBT \Device\NetbiosSmb 8A5C17A0
Device \Driver\usbohci \Device\USBFDO-0 8A78B7A0
Device \Driver\usbohci \Device\USBFDO-1 8A78B7A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A5CC1E8
Device \Driver\usbohci \Device\USBFDO-2 8A78B7A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A5CC1E8
Device \Driver\usbohci \Device\USBFDO-3 8A78B7A0
Device \Driver\NetBT \Device\NetBT_Tcpip_{FEB55D98-EB29-429D-BA74-78F24BE97BF9} 8A5C17A0
Device \Driver\usbohci \Device\USBFDO-4 8A78B7A0
Device \Driver\Ftdisk \Device\FtControl 8A85F1E8
Device \Driver\usbehci \Device\USBFDO-5 8A6581E8
Device \FileSystem\Cdfs \Cdfs 8A5B7458

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFB 0x45 0x3F 0x41 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xAF 0x55 0x33 0xEE ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@d0 1
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x50 0x32 0xF5 0x94 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFB 0x45 0x3F 0x41 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xAF 0x55 0x33 0xEE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@d0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x50 0x32 0xF5 0x94 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x12 0x24 0x1A 0x06 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xAF 0x55 0x33 0xEE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@d0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x57 0x01 0x39 0x8C ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x12 0x24 0x1A 0x06 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xAF 0x55 0x33 0xEE ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@d0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x57 0x01 0x39 0x8C ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x12 0x24 0x1A 0x06 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xAF 0x55 0x33 0xEE ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@d0 1
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x57 0x01 0x39 0x8C ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\D

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\D
@DisplayName ??
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\D
@DeviceDesc ??
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\D
@ProviderName ???????
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\D
@MFG ?????
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\D
@ReinstallString .10.1000.7
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\D
@DeviceInstanceIds c:\swsetup\video\sbdrv\smbus\smbusati.inf

---- Files - GMER 1.0.14 ----

File C:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\C18N0J6J\reqs[1].htm 0 bytes
File C:\Documents and Settings\Administrator\Impostazioni locali\Temporary Internet Files\Content.IE5\HHSD02OU\login[1].htm 0 bytes

---- EOF - GMER 1.0.14 ----
Avatar utente
Spaccy
Aficionado
Aficionado
 
Messaggi: 121
Iscritto il: ven feb 01, 2008 5:15 pm
Località: Roma

Re: Bagle Gravissimo

Messaggioda Amantide » mer nov 05, 2008 4:21 pm

Amantide ha scritto:Questo c:\programmi\ilcorsaronero\tbilco.dll, sai di cosa si tratta?

Non mi hai risposto a questa domanda, per il resto i log sono puliti. Reinstalla anche i software di sicurezza ove necessario.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: Bagle Gravissimo

Messaggioda Spaccy » mer nov 05, 2008 4:47 pm

Amantide ha scritto:
Amantide ha scritto:Questo c:\programmi\ilcorsaronero\tbilco.dll, sai di cosa si tratta?

Non mi hai risposto a questa domanda, per il resto i log sono puliti. Reinstalla anche i software di sicurezza ove necessario.


A si scusami...guarda credo sia parte del toolbar del sito IL CORSARO NERO un sito dove si trovano torrent e informazioni riguardo uscite di film ecc ecc...

Io ti ringrazio veramente per l'aiuto!!! Sei stato gentilissimo e spero di contraccambiare un giorno!! Grazie Mille!
Avatar utente
Spaccy
Aficionado
Aficionado
 
Messaggi: 121
Iscritto il: ven feb 01, 2008 5:15 pm
Località: Roma

Re: Bagle Gravissimo

Messaggioda Amantide » mer nov 05, 2008 4:54 pm

...però statA... [rolleyes]

Sono una Immagine
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: Bagle Gravissimo

Messaggioda Spaccy » ven nov 07, 2008 5:34 pm

oddiooooooooooooo [cry+] [cry+] che figuraccia perdonamiiii!!!
Avatar utente
Spaccy
Aficionado
Aficionado
 
Messaggi: 121
Iscritto il: ven feb 01, 2008 5:15 pm
Località: Roma

Re: Bagle Gravissimo

Messaggioda enea83 » sab nov 08, 2008 4:24 pm

Amantide ha scritto:Avast continua a non funzionare perché è stato danneggiato da worm o chessia ed ora lo devi reinstallare, ma già che ci sei ti consiglio di passare ad un altro antivirus, per esempio Avira.





come non essere d'accordo... [^] avst e' davvero pessimo.... [nonono]

ciao [brindisi]
Nella vita gli esami non finiscono mai... e se finissero... preoccupati...
Avatar utente
enea83
Senior Member
Senior Member
 
Messaggi: 296
Iscritto il: sab ott 11, 2008 4:46 am
Località: lima


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 16 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising