heur-dblext

[eiffel_655]

Da alcuni giorni ho problemi con il virus heur-dblext/crypted.Posto un log del file.Non sono molto esperto di pc se riuscite a spiegarmi passo per passo cosa fare ve ne sarei grato.Grazie mille




Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12.27.53, on 21/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\DOCUME~1\OEM\IMPOST~1\Temp\nsoC.tmp\tjytvmuctp. exe
C:\Documents and Settings\OEM\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferito portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: *.whataboutadog.com
O15 - Trusted Zone: *.whataboutarabit.com
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://sasaworld1989.spaces.live.com...d/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3FE9C5FD-8CE0-4692-A5CF-07391DE5057C}: NameServer = 85.37.17.9 85.38.28.75
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7367 bytes

[tecnico24]

ciao,avvia di nuovo hijackthis,tra le vari opzioni,segli Do a system scan only poi seleziona a sinistra sulle seguenti voci:


O15 - Trusted Zone: *.whataboutarabit.com

O15 - Trusted Zone: *.whataboutadog.com

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)


poi clicca giu in basso su Fix checked.



poi scarica avenger--> http://swandog46.geekstogo.com/avenger.zip
clicca sull'opzione Input script manually,poi sulla lente di ingrandimento.
nella finestra vuota inserisci questo script in rosso con copia|incolla:


files to delete:
C:\DOCUME~1\OEM\IMPOST~1\Temp\nsoC.tmp\tjytvmuctp. exe
C:\WINDOWS\ALCMTR.EXE





dopodiche clicca su DONE,poi sul semaforo con luce verde,due volte SI,riavvia il pc e collegati al forum postando il resoconto di avenger in c:/avenger.txt
poi dimmi come va il pc.

[eiffel_655]

Il pc sembra andare bene ma a finale era sempre andato bene si apriva solo la finestra di antivir o almeno non mi sono accorto di nulla.Grazie mille se si fa vivo di nuovo ti faccio sapere.

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Service s\jtwjsxpm

*******************

Script file located at: \??\C:\^qiey^uv.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\DOCUME~1\OEM\IMPOST~1\Temp\nsoC.tmp\tjytvmuctp. exe deleted successfully.
File C:\WINDOWS\ALCMTR.EXE deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[tecnico24]

ok,comunque penso che il problema sia definitivamente risolto.

[eiffel_655]

scusa se disturbo ancora ma c'è un mio amico con lo stesso problema.Il suo file log è questo.Potresti dirmi cosa deve fixare ?

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12.58.03, on 21/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
c:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
c:\Programmi\File comuni\Symantec Shared\ccProxy.exe
c:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
c:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.e xe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Programmi\Logitech\Video\FxSvr2.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Windows Media Player\WMPNSCFG.exe
c:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\HP\Digital Imaging\bin\hpqgalry.exe
C:\Programmi\Windows Media Player\wmplayer.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\MSN Messenger\livecall.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\alicetuttoincluso\Impostazioni locali\Temporary Internet Files\Content.IE5\2QAH95SM\HiJackThis_v2[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programmi\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programmi\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Programmi\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ccApp] "c:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Programmi\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Programmi\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmi\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmi\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [RSS Reader] ""
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmi\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Programmi\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://martazhmarta.spaces.live.com/...d/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE224F12-58FC-44D4-93AC-2A65FA287FC4}: NameServer = 151.99.125.1 151.99.0.100
O20 - Winlogon Notify: OneCard - C:\Programmi\HPQ\IAM\Bin\AsWlnPkg.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Programmi\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Programmi\Norton Internet Security\comHost.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - c:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Servizio di Norton Protection Center (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.e xe

--
End of file - 12684 bytes

[eiffel_655]

Scusa il problema del mio amico è ircfast.Come lo si risolve ? Cmq il virus è rimasto e mi riappare.

[tecnico24]

deve fixare queste il tuo amico.

O4 - HKCU\..\Run: [RSS Reader] ""
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

a te il problema si e' ripresentato?

[Or@nge]

ciao, eiffel_655

la presenza delle voci:

O15 - Trusted Zone: *.whataboutarabit.com
O15 - Trusted Zone: *.whataboutadog.com

molto spesso indica l'infezione con Instant Access.

per essere sicuro fai questo controllo: scarica FindAWF e salvalo sul desktop
avvialo. seleziona 1+ Invio. il tool farà uno scan veloce ed aprirà il blocco note con dentro il tuo log.
copia tutto il contenuto del blocco note e mettilo qui.

[eiffel_655]

Si il problema mi si è ripresentato.Questo è il report.

Find AWF report by noahdfear ©2006
Version 1.40



bak folders found
~~~~~~~~~~~

Il volume nell'unit… C Š DSK1_VOL1
Numero di serie del volume: 9022-E900

Directory di C:\PROGRA~1\ANTIVI~1\BAK

16/09/2007 14.02 249.896 avgnt.exe
1 File 249.896 byte
2 Directory 10.156.449.792 byte disponibili
Il volume nell'unit… C Š DSK1_VOL1
Numero di serie del volume: 9022-E900

Directory di C:\PROGRA~1\ITUNES\BAK

25/09/2006 14.54 229.952 iTunesHelper.exe
1 File 229.952 byte
2 Directory 10.156.449.792 byte disponibili
Il volume nell'unit… C Š DSK1_VOL1
Numero di serie del volume: 9022-E900

Directory di C:\PROGRA~1\MESSEN~1\BAK

0 File 0 byte
2 Directory 10.156.445.696 byte disponibili
Il volume nell'unit… C Š DSK1_VOL1
Numero di serie del volume: 9022-E900

Directory di C:\PROGRA~1\MICROS~4\BAK

21/06/2006 03.52 1.211.176 wcescomm.exe
1 File 1.211.176 byte
2 Directory 10.156.445.696 byte disponibili
Il volume nell'unit… C Š DSK1_VOL1
Numero di serie del volume: 9022-E900

Directory di C:\PROGRA~1\MSNMES~1\BAK

0 File 0 byte
2 Directory 10.156.445.696 byte disponibili
Il volume nell'unit… C Š DSK1_VOL1
Numero di serie del volume: 9022-E900

Directory di C:\PROGRA~1\QUICKT~1\BAK

24/09/2006 03.24 282.624 qttask.exe
1 File 282.624 byte
2 Directory 10.156.445.696 byte disponibili
Il volume nell'unit… C Š DSK1_VOL1
Numero di serie del volume: 9022-E900

Directory di C:\WINDOWS\SYSTEM32\BAK

19/08/2004 15.39 15.360 ctfmon.exe
09/07/2001 10.50 155.648 NeroCheck.exe
2 File 171.008 byte
2 Directory 10.156.445.696 byte disponibili
Il volume nell'unit… C Š DSK1_VOL1
Numero di serie del volume: 9022-E900

Directory di C:\PROGRA~1\CANON\EASY-P~2\BAK

14/01/2004 03.10 409.600 BJPSMAIN.EXE
1 File 409.600 byte
2 Directory 10.156.445.696 byte disponibili
Il volume nell'unit… C Š DSK1_VOL1
Numero di serie del volume: 9022-E900

Directory di C:\PROGRA~1\GRISOFT\AVGFRE~1\BAK

10/10/2006 20.31 369.664 avgcc.exe
1 File 369.664 byte
2 Directory 10.156.445.696 byte disponibili
Il volume nell'unit… C Š DSK1_VOL1
Numero di serie del volume: 9022-E900

Directory di C:\PROGRA~1\NOKIA\NOKIAP~1\BAK

08/11/2006 14.27 222.208 LaunchApplication.exe
09/11/2006 18.15 1.634.304 PcSync2.exe
2 File 1.856.512 byte
2 Directory 10.156.445.696 byte disponibili
Il volume nell'unit… C Š DSK1_VOL1
Numero di serie del volume: 9022-E900

Directory di C:\PROGRA~1\FILECO~1\AHEAD\LIB\BAK

28/10/2005 16.25 94.208 NMBgMonitor.exe
1 File 94.208 byte
2 Directory 10.156.445.696 byte disponibili
Il volume nell'unit… C Š DSK1_VOL1
Numero di serie del volume: 9022-E900

Directory di C:\PROGRA~1\FILECO~1\REAL\UPDATE~1\BAK

10/04/2007 22.08 185.784 realsched.exe
1 File 185.784 byte
2 Directory 10.156.441.600 byte disponibili
Il volume nell'unit… C Š DSK1_VOL1
Numero di serie del volume: 9022-E900

Directory di C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK

10/11/2005 13.03 36.975 jusched.exe
1 File 36.975 byte
2 Directory 10.156.441.600 byte disponibili


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

249896 20 Sep 2007 "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe"
249896 16 Sep 2007 "C:\Programmi\AntiVir PersonalEdition Classic\bak\avgnt.exe"
24592 17 Sep 2007 "C:\Programmi\iTunes\iTunesHelper.exe"
229952 25 Sep 2006 "C:\Programmi\iTunes\bak\iTunesHelper.exe"
102400 11 Oct 2006 "C:\WINDOWS\Installer\{5878FF02-3B8F-4309-B4E5-0D3DB6F2E8E6}\iTunesIco.exe"
108096 25 Sep 2006 "C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 7.0.1.8\iTunesSetupAdmin.exe"
24592 17 Sep 2007 "C:\Programmi\Microsoft ActiveSync\wcescomm.exe"
1211176 21 Jun 2006 "C:\Programmi\Microsoft ActiveSync\bak\wcescomm.exe"
24592 17 Sep 2007 "C:\Programmi\QuickTime\qttask.exe"
282624 24 Sep 2006 "C:\Programmi\QuickTime\bak\qttask.exe"
15360 19 Aug 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 19 Aug 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
24592 17 Sep 2007 "C:\WINDOWS\system32\NeroCheck.exe"
155648 9 Jul 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe"
24592 17 Sep 2007 "C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE"
409600 14 Jan 2004 "C:\Programmi\Canon\Easy-PrintToolBox\bak\BJPSMAIN.EXE"
24592 17 Sep 2007 "C:\Programmi\Grisoft\AVG Free\avgcc.exe"
369664 10 Oct 2006 "C:\Programmi\Grisoft\AVG Free\bak\avgcc.exe"
24592 17 Sep 2007 "C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe"
222208 8 Nov 2006 "C:\Programmi\Nokia\Nokia PC Suite 6\bak\LaunchApplication.exe"
24592 17 Sep 2007 "C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe"
1634304 9 Nov 2006 "C:\Programmi\Nokia\Nokia PC Suite 6\bak\PcSync2.exe"
24592 17 Sep 2007 "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
94208 28 Oct 2005 "C:\Programmi\File comuni\Ahead\Lib\bak\NMBgMonitor.exe"
24592 17 Sep 2007 "C:\Programmi\File comuni\Real\Update_OB\realsched.exe"
185784 10 Apr 2007 "C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe"
24592 17 Sep 2007 "C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe "
36975 10 Nov 2005 "C:\Programmi\Java\jre1.5.0_06\bin\bak\jusched.exe "
49263 26 Jul 2006 "C:\Programmi\Nokia\Carbide.ui S60 Theme Edition 3.1\JRE\bin\jusched.exe"


end of report

Per ircfast basta fixare quei file ?

[tecnico24]

Scarica The Avenger
http://swandog46.geekstogo.com/avenger.zip

estrai l’archivio nel desktop.

Poi avvia il file Avenger.exe.
Seleziona l'opzione Input Script Manually, clicca sulla lente di ingrandimento e all'interno dello spazio bianco copia ed incolla questo script:




files to move:
C:\Programmi\AntiVir PersonalEdition Classic\bak\avgnt.exe | C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\iTunes\bak\iTunesHelper.exe | C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Microsoft ActiveSync\bak\wcescomm.exe | C:\Programmi\Microsoft ActiveSync\wcescomm.exe
C:\Programmi\QuickTime\bak\qttask.exe | C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\bak\ctfmon.exe | C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\bak\NeroCheck.exe | C:\WINDOWS\system32\NeroCheck.exe
C:\Programmi\Canon\Easy-PrintToolBox\bak\BJPSMAIN.EXE | C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
C:\Programmi\Grisoft\AVG Free\bak\avgcc.exe | C:\Programmi\Grisoft\AVG Free\avgcc.exe
C:\Programmi\Nokia\Nokia PC Suite 6\bak\LaunchApplication.exe | C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\Nokia\Nokia PC Suite 6\bak\PcSync2.exe | C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmi\File comuni\Ahead\Lib\bak\NMBgMonitor.exe | C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe | C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Java\jre1.5.0_06\bin\bak\jusched.exe | C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe







poi clicca su DONE,sul semaforo con luce verde,poi due volte si,riavvia il pc e posta qui il log di avenger(c:/avenger.txt)
per il problema del tuo amico,invece,facci fare una scansione con questo:
www.tgsoft.it/italy/index_ita.html