Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Chiave registro infetta da Spyware.Agent.A

Chiave registro infetta da Spyware.Agent.A Opzioni
Topic Precedente · Topic Sucessivo
nibiruenlil
Inviato: Saturday, January 17, 2009 3:54:44 PM
Rank: Member

Iscritto dal : 1/3/2005
Posts: 0
Chiedo ausilio per risolvre il problema indicato in oggetto. Facendo la scansione con il programma VIRIT mi viene segnalata la presenza di questo messaggio: [SCANSIONE DEL REGISTRO] {18226BF8-DC0B-4D81-80E9-A41AE37BB73A} Infetto da Spyware.Agent.A che lo stesso antivirus non ha eliminato perchè visualizza solamente i problemi ma non li elimina. L'antivirus che uso AVAST non lo rileva, anche SPYBOT è risultato inutile...non capisco cosa può essere accaduto e come fare ad eliminare il fastidioso problema.

Invio anche un log HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 15.51.22, on 17/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\WINDOWS\RaUI.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\PROGRA~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\antonio\Desktop\Vari programmi Spywere\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programmi\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Encarta Web Companion Oggetto helper - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmi\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [RaidTool] C:\Programmi\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [E06IXLRD_173656] "C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE" -m
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\WINDOWS\RaUI.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://webcam1.ttu.ee/activex/AMC.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.41.18.51/activex/AxisCamControl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://web.tpa.it/activex/AMC.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Programmi\Java\jre6\bin\jqs.exe" -service -config "C:\Programmi\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
Torna in alto
 
Sponsor
Inviato: Saturday, January 17, 2009 3:54:44 PM

 
Torna in alto
 
antonpaco
Inviato: Saturday, January 17, 2009 4:12:06 PM
Rank: AiutAmico

Iscritto dal : 11/7/2006
Posts: 1,180
prova a vedere se lo rileva il malwarebytes, lo scarichi dall'omonimo sito, (.org), fai una scansione completa.
Torna in alto
 
shapiro
Inviato: Saturday, January 17, 2009 4:36:49 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ciao

come ti ha consigliato antonpaco fai una scansione con malwarebytes

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completa, fai clic su OK => Mostra i Risultati.

Posta il report qui nel forum



Scarica Lop S&D | http://eric.71.mespages.googlepages.com/LopSD.exe
con tutte le applicazioni chiuse e disconnesso
doppio click su LopSD
scegli la lingua E (invio)
1 (ricerca) invio

al termine dello scan riavvia LopSD
questa volta scegli l'opzione 2 (invio)

allega il report C:\LopR.txt insieme ad un nuovo log di hijackthis
Torna in alto
 
nibiruenlil
Inviato: Saturday, January 17, 2009 4:51:03 PM
Rank: Member

Iscritto dal : 1/3/2005
Posts: 0
Grazie. terrò conto di questi consigli e mi farò sentire per le novità
Torna in alto
 
nibiruenlil
Inviato: Sunday, January 18, 2009 12:58:47 PM
Rank: Member

Iscritto dal : 1/3/2005
Posts: 0
Come richiesto invio i file .txt che mi sono stati indicati:


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Sempron(tm) Processor 3100+ )
BIOS : BIOS Date: 09/12/05 16:51:13 Ver: 08.00.09
USER : antonio ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 090114-0] 4.8.1229 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:38 Go (Free:10 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (Local Disk) - NTFS - Total:114 Go (Free:32 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 18/01/2009|12.44 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in DATIAP~1

[08/01/2006|21.41] C:\DOCUME~1\ADMINI~1\DATIAP~1\Lavasoft
[09/01/2006|16.14] C:\DOCUME~1\ADMINI~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\ADMINI~1\DATIAP~1\byte
[4|Directory] C:\DOCUME~1\ADMINI~1\DATIAP~1\byte disponibili

[16/05/2008|17.18] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Adobe
[23/06/2007|17.07] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Adobe Systems
[09/10/2006|05.51] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Apple Computer
[21/06/2007|14.59] C:\DOCUME~1\ALLUSE~1\DATIAP~1\AVS4YOU
[19/11/2005|17.27] C:\DOCUME~1\ALLUSE~1\DATIAP~1\CyberLink
[09/12/2007|20.44] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Ferrero
[20/01/2008|08.49] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Google
[17/01/2009|16.28] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Malwarebytes
[11/01/2009|09.49] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Microsoft
[28/06/2007|16.40] C:\DOCUME~1\ALLUSE~1\DATIAP~1\MSScanAppDataDir
[22/11/2005|17.19] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Spybot - Search & Destroy
[10/03/2008|23.23] C:\DOCUME~1\ALLUSE~1\DATIAP~1\TechSmith
[06/12/2006|15.01] C:\DOCUME~1\ALLUSE~1\DATIAP~1\TEMP
[27/11/2005|15.32] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Windows Genuine Advantage
[16/02/2007|22.08] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Yahoo! Companion
[0|File] C:\DOCUME~1\ALLUSE~1\DATIAP~1\byte
[17|Directory] C:\DOCUME~1\ALLUSE~1\DATIAP~1\byte disponibili

[29/03/2008|19.36] C:\DOCUME~1\ANTONE~1\DATIAP~1\Adobe
[15/02/2008|17.39] C:\DOCUME~1\ANTONE~1\DATIAP~1\Google
[19/11/2008|10.33] C:\DOCUME~1\ANTONE~1\DATIAP~1\Help
[24/01/2008|12.14] C:\DOCUME~1\ANTONE~1\DATIAP~1\Identities
[15/02/2008|10.21] C:\DOCUME~1\ANTONE~1\DATIAP~1\Macromedia
[16/01/2009|23.52] C:\DOCUME~1\ANTONE~1\DATIAP~1\Microsoft
[18/12/2008|08.33] C:\DOCUME~1\ANTONE~1\DATIAP~1\Mozilla
[05/04/2008|17.15] C:\DOCUME~1\ANTONE~1\DATIAP~1\Sun
[04/09/2008|18.48] C:\DOCUME~1\ANTONE~1\DATIAP~1\vlc
[0|File] C:\DOCUME~1\ANTONE~1\DATIAP~1\byte
[11|Directory] C:\DOCUME~1\ANTONE~1\DATIAP~1\byte disponibili

[20/02/2008|17.25] C:\DOCUME~1\antonio\DATIAP~1\Adobe
[16/05/2008|17.20] C:\DOCUME~1\antonio\DATIAP~1\AdobeUM
[08/10/2006|07.49] C:\DOCUME~1\antonio\DATIAP~1\Apple Computer
[22/03/2007|23.57] C:\DOCUME~1\antonio\DATIAP~1\ArcSoft
[21/06/2007|14.59] C:\DOCUME~1\antonio\DATIAP~1\AVS4YOU
[01/12/2008|19.18] C:\DOCUME~1\antonio\DATIAP~1\Azureus
[20/01/2008|12.04] C:\DOCUME~1\antonio\DATIAP~1\Google
[28/11/2005|13.08] C:\DOCUME~1\antonio\DATIAP~1\Help
[19/11/2005|01.36] C:\DOCUME~1\antonio\DATIAP~1\Identities
[07/10/2006|17.31] C:\DOCUME~1\antonio\DATIAP~1\iScreensaver
[22/11/2005|15.45] C:\DOCUME~1\antonio\DATIAP~1\Lavasoft
[09/05/2006|19.09] C:\DOCUME~1\antonio\DATIAP~1\Leadertech
[01/07/2007|14.17] C:\DOCUME~1\antonio\DATIAP~1\Macromedia
[17/01/2009|16.28] C:\DOCUME~1\antonio\DATIAP~1\Malwarebytes
[06/01/2009|20.04] C:\DOCUME~1\antonio\DATIAP~1\Microsoft
[17/12/2008|18.47] C:\DOCUME~1\antonio\DATIAP~1\Mozilla
[26/11/2005|16.18] C:\DOCUME~1\antonio\DATIAP~1\Nikon
[30/06/2007|02.42] C:\DOCUME~1\antonio\DATIAP~1\Opera
[17/09/2007|08.48] C:\DOCUME~1\antonio\DATIAP~1\PPMate
[01/12/2005|22.21] C:\DOCUME~1\antonio\DATIAP~1\R-Wipe&Clean
[21/10/2008|20.45] C:\DOCUME~1\antonio\DATIAP~1\SopCast
[11/12/2005|23.21] C:\DOCUME~1\antonio\DATIAP~1\Sun
[16/12/2007|22.29] C:\DOCUME~1\antonio\DATIAP~1\TuxPaint
[23/12/2007|15.16] C:\DOCUME~1\antonio\DATIAP~1\TVU Networks
[27/09/2008|14.28] C:\DOCUME~1\antonio\DATIAP~1\U3
[23/11/2005|00.19] C:\DOCUME~1\antonio\DATIAP~1\vlc
[14/05/2006|07.42] C:\DOCUME~1\antonio\DATIAP~1\wsInspector
[0|File] C:\DOCUME~1\antonio\DATIAP~1\byte
[29|Directory] C:\DOCUME~1\antonio\DATIAP~1\byte disponibili

[19/11/2005|01.28] C:\DOCUME~1\DEFAUL~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\DEFAUL~1\DATIAP~1\byte
[3|Directory] C:\DOCUME~1\DEFAUL~1\DATIAP~1\byte disponibili

[20/02/2008|17.25] C:\DOCUME~1\federico\DATIAP~1\Adobe
[30/09/2007|07.00] C:\DOCUME~1\federico\DATIAP~1\AVS4YOU
[06/04/2008|10.18] C:\DOCUME~1\federico\DATIAP~1\dvdcss
[20/10/2007|17.44] C:\DOCUME~1\federico\DATIAP~1\Google
[22/09/2007|12.08] C:\DOCUME~1\federico\DATIAP~1\Identities
[22/09/2007|12.09] C:\DOCUME~1\federico\DATIAP~1\Macromedia
[16/03/2008|21.31] C:\DOCUME~1\federico\DATIAP~1\Microsoft
[19/10/2007|16.03] C:\DOCUME~1\federico\DATIAP~1\Sun
[17/12/2007|14.05] C:\DOCUME~1\federico\DATIAP~1\TuxPaint
[20/10/2007|17.33] C:\DOCUME~1\federico\DATIAP~1\vlc
[0|File] C:\DOCUME~1\federico\DATIAP~1\byte
[12|Directory] C:\DOCUME~1\federico\DATIAP~1\byte disponibili

[14/01/2007|22.21] C:\DOCUME~1\LOCALS~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\LOCALS~1\DATIAP~1\byte
[3|Directory] C:\DOCUME~1\LOCALS~1\DATIAP~1\byte disponibili

[19/11/2005|01.32] C:\DOCUME~1\NETWOR~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\NETWOR~1\DATIAP~1\byte
[3|Directory] C:\DOCUME~1\NETWOR~1\DATIAP~1\byte disponibili

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[18/01/2009 09.03][--ah-----] C:\WINDOWS\tasks\SA.DAT
[31/08/2001 13.00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
[19/08/2004 14.39][--ahs----] C:\WINDOWS\tasks\FOLDER.TSX

--------------------\\ Listing Folders in C:\Programmi

[02/02/2008|18.06] C:\Programmi\150 Giochi del GameBoy Advance
[01/07/2007|14.23] C:\Programmi\Adobe
[19/11/2005|02.10] C:\Programmi\Ahead
[09/01/2006|16.14] C:\Programmi\AIDA32 - Enterprise System Information
[26/11/2005|18.02] C:\Programmi\Alcohol Soft
[19/11/2005|02.08] C:\Programmi\Alwil Software
[19/11/2005|01.48] C:\Programmi\Analog Devices
[20/02/2007|12.57] C:\Programmi\ArcSoft
[19/11/2005|02.22] C:\Programmi\ASUS
[19/11/2005|17.27] C:\Programmi\ASUSTek
[03/10/2006|11.55] C:\Programmi\AV Vcs 4.0 DIAMOND
[18/01/2008|20.07] C:\Programmi\AVS4YOU
[04/02/2008|21.07] C:\Programmi\Axis Communications
[28/10/2007|05.52] C:\Programmi\Azureus
[22/06/2007|07.53] C:\Programmi\BearShare Applications
[07/10/2007|17.10] C:\Programmi\CamStudio
[19/11/2005|01.24] C:\Programmi\ComPlus Applications
[19/11/2005|17.27] C:\Programmi\CyberLink
[07/10/2007|15.40] C:\Programmi\DebugMode
[20/02/2007|12.54] C:\Programmi\directx
[19/11/2005|02.15] C:\Programmi\DivX
[04/07/2007|16.28] C:\Programmi\DTV(2)
[19/11/2005|02.15] C:\Programmi\DVD Decrypter
[13/12/2005|00.48] C:\Programmi\eBay
[29/01/2008|14.57] C:\Programmi\Eidos Interactive
[19/11/2005|02.13] C:\Programmi\Elaborate Bytes
[26/05/2007|06.43] C:\Programmi\Eltima Software
[18/01/2009|12.09] C:\Programmi\eMule
[09/12/2007|20.44] C:\Programmi\Ferrero
[11/01/2009|09.49] C:\Programmi\File comuni
[15/01/2009|11.21] C:\Programmi\File Scanner Library (Spybot - Search & Destroy)
[04/12/2005|19.17] C:\Programmi\Finson
[04/12/2005|20.31] C:\Programmi\Finson Live Update
[30/11/2006|21.58] C:\Programmi\FLVPlayer
[22/09/2007|11.41] C:\Programmi\Football Tigers
[15/01/2007|20.20] C:\Programmi\Free WMA to MP3 Converter
[04/02/2007|12.21] C:\Programmi\GlobFX Technologies
[20/01/2008|08.49] C:\Programmi\Google
[14/12/2008|21.11] C:\Programmi\InstallShield Installation Information
[19/08/2008|06.31] C:\Programmi\Internet Explorer
[21/11/2005|04.11] C:\Programmi\I-Storm USB ADSL Modem
[17/12/2008|18.18] C:\Programmi\Java
[20/09/2007|10.25] C:\Programmi\JLC's Software
[24/01/2007|22.30] C:\Programmi\Lavalys
[22/11/2005|15.44] C:\Programmi\Lavasoft
[14/12/2008|09.04] C:\Programmi\Makayama Interactive
[17/01/2009|16.28] C:\Programmi\Malwarebytes' Anti-Malware
[05/03/2006|22.18] C:\Programmi\Mediacenter
[10/01/2009|00.38] C:\Programmi\Messenger
[11/01/2009|09.59] C:\Programmi\Microsoft
[19/11/2005|17.32] C:\Programmi\Microsoft Encarta
[19/11/2005|01.29] C:\Programmi\microsoft frontpage
[18/11/2006|07.02] C:\Programmi\Microsoft Games
[19/11/2005|02.19] C:\Programmi\Microsoft Office
[19/11/2005|02.19] C:\Programmi\Microsoft Visual Studio
[13/01/2009|08.44] C:\Programmi\Microsoft Works
[15/01/2009|11.21] C:\Programmi\Misc. Support Library (Spybot - Search & Destroy)
[19/08/2008|06.18] C:\Programmi\Movie Maker
[18/01/2009|12.43] C:\Programmi\Mozilla Firefox
[19/11/2005|01.23] C:\Programmi\MSN Gaming Zone
[11/01/2009|10.01] C:\Programmi\MSN Messenger
[17/08/2007|19.45] C:\Programmi\MSXML 4.0
[19/08/2008|06.13] C:\Programmi\NetMeeting
[22/09/2007|11.43] C:\Programmi\Nikon
[08/04/2007|11.52] C:\Programmi\Northworks Solutions Ltd
[18/12/2005|09.36] C:\Programmi\Ontrack
[19/08/2008|06.13] C:\Programmi\Outlook Express
[19/11/2005|18.18] C:\Programmi\PowerQuest
[14/12/2008|21.10] C:\Programmi\RALINK
[13/01/2008|13.40] C:\Programmi\Riva
[01/12/2005|22.22] C:\Programmi\R-Wipe&Clean
[13/10/2008|21.33] C:\Programmi\SDHelper (Spybot - Search & Destroy)
[19/11/2005|01.26] C:\Programmi\Servizi in linea
[20/02/2008|20.17] C:\Programmi\simcon
[04/07/2007|16.33] C:\Programmi\SlySoft
[23/09/2007|20.32] C:\Programmi\SopCast
[17/09/2007|08.01] C:\Programmi\Spybot - Search & Destroy
[14/05/2006|07.57] C:\Programmi\Startup Inspector for Windows
[18/12/2005|13.36] C:\Programmi\Stellar Phoenix Recovery Suite
[26/08/2008|06.04] C:\Programmi\Sun
[13/10/2008|21.33] C:\Programmi\TeaTimer (Spybot - Search & Destroy)
[10/03/2008|23.23] C:\Programmi\TechSmith
[16/12/2007|22.29] C:\Programmi\TuxPaint
[20/02/2008|20.18] C:\Programmi\TVAnts
[23/12/2007|15.16] C:\Programmi\TVUPlayer
[19/11/2005|01.36] C:\Programmi\Uninstall Information
[26/11/2006|09.37] C:\Programmi\USB all-in-one game controller
[20/02/2007|12.54] C:\Programmi\VGA USB Camera
[19/11/2005|01.43] C:\Programmi\VIA
[23/11/2005|00.19] C:\Programmi\VideoLAN
[23/04/2007|17.40] C:\Programmi\WIDCOMM
[11/01/2009|09.59] C:\Programmi\Windows Live
[11/01/2009|09.59] C:\Programmi\Windows Live SkyDrive
[07/10/2007|12.34] C:\Programmi\Windows Media Connect 2
[19/08/2008|06.13] C:\Programmi\Windows Media Player
[19/08/2008|06.13] C:\Programmi\Windows NT
[19/11/2005|01.26] C:\Programmi\WindowsUpdate
[22/06/2007|23.47] C:\Programmi\WinRAR
[19/11/2005|02.15] C:\Programmi\WinZip
[19/11/2005|01.29] C:\Programmi\xerox
[19/11/2005|02.15] C:\Programmi\XviD
[16/02/2007|22.05] C:\Programmi\Yahoo!
[0|File] C:\Programmi\byte
[104|Directory] C:\Programmi\byte disponibili

--------------------\\ Listing Folders in C:\Programmi\File comuni

[16/05/2008|17.18] C:\Programmi\File comuni\Adobe
[23/06/2007|17.07] C:\Programmi\File comuni\Adobe Systems Shared
[19/11/2005|02.10] C:\Programmi\File comuni\Ahead
[18/01/2008|20.07] C:\Programmi\File comuni\AVSMedia
[19/11/2005|02.19] C:\Programmi\File comuni\DESIGNER
[26/05/2007|06.43] C:\Programmi\File comuni\Eltima Shared
[19/11/2005|02.22] C:\Programmi\File comuni\InstallShield
[11/12/2005|23.18] C:\Programmi\File comuni\Java
[04/12/2005|19.17] C:\Programmi\File comuni\Kapitol
[13/01/2009|08.43] C:\Programmi\File comuni\Microsoft Shared
[19/11/2005|01.25] C:\Programmi\File comuni\MSSoap
[22/09/2007|11.42] C:\Programmi\File comuni\Nikon
[08/02/2007|15.34] C:\Programmi\File comuni\NSV
[08/02/2007|15.33] C:\Programmi\File comuni\Nullsoft
[19/11/2005|02.17] C:\Programmi\File comuni\ODBC
[15/01/2009|11.48] C:\Programmi\File comuni\Services
[19/11/2005|02.17] C:\Programmi\File comuni\SpeechEngines
[13/01/2008|13.40] C:\Programmi\File comuni\SWF Studio
[17/09/2007|08.48] C:\Programmi\File comuni\Synacast
[19/08/2008|06.13] C:\Programmi\File comuni\System
[11/01/2009|09.49] C:\Programmi\File comuni\Windows Live
[11/03/2008|07.18] C:\Programmi\File comuni\Wise Installation Wizard
[0|File] C:\Programmi\File comuni\byte
[24|Directory] C:\Programmi\File comuni\byte disponibili

--------------------\\ Process

( 35 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-18 12:45:16
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\antonio\Dati applicazioni\Microsoft\FS9\fs9 (crack).CFG
C:\DOCUME~1\antonio\Dati applicazioni\Microsoft\FS9\fs9 (crack).CFG.txt
C:\DOCUME~1\antonio\Desktop\Vari programmi Spywere\virit + crack
C:\DOCUME~1\antonio\Desktop\Vari programmi Spywere\virit + crack\VirIT eXplorer Pro v5.2.55 + crack
C:\DOCUME~1\antonio\Desktop\Vari programmi Spywere\virit + crack\vnlt6137.exe
C:\DOCUME~1\antonio\Desktop\Vari programmi Spywere\virit + crack\VirIT eXplorer Pro v5.2.55 + crack\tbevep55
C:\DOCUME~1\antonio\Desktop\Vari programmi Spywere\virit + crack\VirIT eXplorer Pro v5.2.55 + crack\Utilizzo del CRACK.txt
C:\DOCUME~1\antonio\Desktop\Vari programmi Spywere\virit + crack\VirIT eXplorer Pro v5.2.55 + crack\VirIT eXplorer Pro 5.2.55 .exe
C:\DOCUME~1\antonio\Desktop\Vari programmi Spywere\virit + crack\VirIT eXplorer Pro v5.2.55 + crack\tbevep55\Crack.eXe
C:\DOCUME~1\antonio\Desktop\Vari programmi Spywere\virit + crack\VirIT eXplorer Pro v5.2.55 + crack\tbevep55\file_id.diz
C:\DOCUME~1\antonio\Desktop\Vari programmi Spywere\virit + crack\VirIT eXplorer Pro v5.2.55 + crack\tbevep55\tbe.nfo
C:\DOCUME~1\antonio\Preferiti\siti computer\CRACK.MS - All CRACKs and SERIALs on ONE Site.url
C:\DOCUME~1\antonio\Preferiti\siti computer\CrackzPlanet.com - Serials - V1.url


[F:152][D:48]-> C:\DOCUME~1\antonio\IMPOST~1\Temp
[F:2][D:0]-> C:\DOCUME~1\antonio\Cookies
[F:413][D:9]-> C:\DOCUME~1\antonio\IMPOST~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 18/01/2009|12.40 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 18/01/2009|12.46 - Option : [2]

--------------------\\ Scan completed at 12.46.05




Logfile of HijackThis v1.99.1
Scan saved at 12.51.52, on 18/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\WINDOWS\RaUI.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\PROGRA~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE
C:\Documents and Settings\antonio\Desktop\Vari programmi Spywere\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programmi\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Encarta Web Companion Oggetto helper - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmi\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [RaidTool] C:\Programmi\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [E06IXLRD_173656] "C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE" -m
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\WINDOWS\RaUI.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://webcam1.ttu.ee/activex/AMC.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.41.18.51/activex/AxisCamControl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://web.tpa.it/activex/AMC.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Programmi\Java\jre6\bin\jqs.exe" -service -config "C:\Programmi\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
Torna in alto
 
nibiruenlil
Inviato: Sunday, January 18, 2009 1:07:53 PM
Rank: Member

Iscritto dal : 1/3/2005
Posts: 0
...scusate ma avevo dimenticato di inviare anche il report di malwarebytes, eccolo:

Malwarebytes' Anti-Malware 1.33
Versione del database: 1659
Windows 5.1.2600 Service Pack 3

17/01/2009 19.05.41
mbam-log-2009-01-17 (19-05-41).txt

Tipo di scansione: Scansione completa (C:\|F:\|)
Elementi scansionati: 169484
Tempo trascorso: 2 hour(s), 35 minute(s), 59 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)
Torna in alto
 
shapiro
Inviato: Sunday, January 18, 2009 3:21:43 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
questi eliminali, non servono a niente nel pc

apri hjt, spunta le voci relative e premi fix checked

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
Torna in alto
 
nibiruenlil
Inviato: Sunday, January 18, 2009 3:56:24 PM
Rank: Member

Iscritto dal : 1/3/2005
Posts: 0
Fatto, grazie.....ma come mai sembra che con le procedure attuate non ci sia alcun problema mentre VIRIT me lo segnala?
Torna in alto
 
shapiro
Inviato: Sunday, January 18, 2009 3:59:05 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
potrebbe essere proprio un bug del programma

fai una scansione col tuo antivirus....anzi colgo l'occasione per dirti che e' meglio se togli un antivirus - potrebbero crearti dei problemi due antivirus

altra cosa - virit ti dice il percorso di questa eventuale infezione?
Torna in alto
 
nibiruenlil
Inviato: Sunday, January 18, 2009 4:20:09 PM
Rank: Member

Iscritto dal : 1/3/2005
Posts: 0
In realtà ho tolto VIRIT.....ma non so se sbagliando....!!!!
Il percorso non lo indica, dice solo quello che ho scritto.
Ma cosa significa quella stringa del registro? Posso essere sicuro che il problema si sia risolto ovvero posso pensare che non sia un vero problema come potrebbe risultare?
Torna in alto
 
nibiruenlil
Inviato: Sunday, January 18, 2009 4:20:42 PM
Rank: Member

Iscritto dal : 1/3/2005
Posts: 0
Cosa sarebbe un bug del programma?
Torna in alto
 
shapiro
Inviato: Sunday, January 18, 2009 5:07:39 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ti ho inviato un messaggio privato

dammi la risposta sempre in privato
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Chiave registro infetta da Spyware.Agent.A


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.