Internet Connection

[Angelodj]

Ragazzi, innanzitutto saluti a tutti, primo post... mi date una mano per favore? .Ho il maledetto DIALER INTERNET CONNECTION. Ho scaricato AWF, AVENGER e HIJACKTHIS.. questo è il log di AWF

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

3273216 18 Jun 2004 "C:\Programmi\Foxmail\Foxmail.exe"
3273216 18 Jun 2004 "C:\Programmi\Foxmail\bak\Foxmail.exe"
14348 6 Jan 2008 "C:\Programmi\iTunes\iTunesHelper.exe"
267048 15 Nov 2007 "C:\Programmi\iTunes\bak\iTunesHelper.exe"
102400 30 Nov 2007 "C:\WINDOWS\Installer\{4F5CE18C-D97D-48FF-A510-A0D90C918294}\iTunesIco.exe"
116008 30 Nov 2007 "C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 7.5.0.20\iTunesSetupAdmin.exe"
116024 26 Oct 2007 "C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\4967C9EF\iTunesSetupAdmin[1].exe"
116024 26 Sep 2007 "C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\GHEJGHIN\iTunesSetupAdmin[1].exe"
116024 22 Aug 2007 "C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\OPMNSPQR\iTunesSetupAdmin[1].exe"
14348 6 Jan 2008 "C:\Programmi\QuickTime\qttask.exe"
286720 14 Nov 2007 "C:\Programmi\QuickTime\bak\qttask.exe"
866584 3 Nov 2006 "C:\Programmi\Windows Defender\MSASCui.exe"
866584 3 Nov 2006 "C:\Programmi\Windows Defender\bak\MSASCui.exe"
14348 6 Jan 2008 "C:\WINDOWS\SMINST\RECGUARD.EXE"
233472 14 Apr 2004 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
15360 7 Sep 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 7 Sep 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
14348 6 Jan 2008 "C:\WINDOWS\system32\hphmon06.exe"
659456 7 Jun 2004 "C:\WINDOWS\system32\bak\hphmon06.exe"
14348 6 Jan 2008 "C:\WINDOWS\system32\ps2.exe"
81920 16 Oct 2002 "C:\hp\drivers\keyboard\PS2.EXE"
81920 16 Oct 2002 "C:\WINDOWS\system32\bak\ps2.exe"
14348 6 Jan 2008 "C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe"
253952 14 Oct 2004 "C:\hp\drivers\hplsbwatcher\bak\lsburnwatcher. exe"
79224 4 Dec 2007 "C:\Programmi\Alwil Software\Avast4\ashDisp.exe"
79224 4 Dec 2007 "C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe"
14348 6 Jan 2008 "C:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe"
49152 7 Jun 2004 "C:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\bak\hphupd06.exe"
14348 6 Jan 2008 "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
39792 10 Oct 2007 "C:\Programmi\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
32881 1 Jan 2004 "C:\Programmi\Java\j2re1.4.2_03\bin\jusched.ex e"
36975 4 Mar 2005 "C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe "
49263 9 Nov 2006 "C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe "
36975 3 Jun 2005 "C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe "
75520 15 Dec 2006 "C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe "
36975 10 Nov 2005 "C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe "
49263 12 Oct 2006 "C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe "
83608 14 Mar 2007 "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe "
132496 12 Jul 2007 "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe "
14348 6 Jan 2008 "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe "
132496 25 Sep 2007 "C:\Programmi\Java\jre1.6.0_03\bin\bak\jusched .exe "

e questo quello di HIJACKTHIS:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.21.53, on 09/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
c:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\Foxmail\Foxmail.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Java\jre1.6.0_03\bin\bak\jusched.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\HP_Administrator\Desktop\HijackThis\Hijac kThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY... on&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?T...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?T...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://notizie.virgilio.it/informazione/home/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Vista HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmi\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [HPHUPD06] c:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Foxmail] C:\Programmi\Foxmail\Foxmail.exe -min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: ZDelete Auto-Cleaner - {EB7F329E-F14E-48ae-AB69-4E28C492D382} - C:\PROGRA~1\LSOFTT~1\ACTIVE~1\ZDelete.exe (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource...scbase5059.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A7F14E65-0560-4B09-B816-0F6BCF0E1A97}: NameServer = 62.211.69.150 212.48.4.15
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - c:\Programmi\File comuni\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe (file missing)

--
End of file - 9551 bytes


da quello che ho capito devo sostituire con avenger i file infetti con quelli puliti che sono nelle cartelle BAK...ma prima che devo fare? Mi date una mano per favore? Sono abbastanza nella mer...

grazie!!

Angelo

[Angelodj]

Ho letto un po' di post in giro, ho sostituito con Avenger alcuni file delle cartelle BAK mettendoli al posto di quelli infetti. Ecco un nuovo log di AWF e di HijackThis...mi potete dire cosa devo fare ancora per pulire tutto il marcio? (da notare che la connessione "internet connection" cancellata a mano prima del reboot non c'è piu'..)

LOG AWF



Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

866584 3 Nov 2006 "C:\Programmi\Windows Defender\MSASCui.exe"
866584 3 Nov 2006 "C:\Programmi\Windows Defender\bak\MSASCui.exe"
15360 7 Sep 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 7 Sep 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
79224 4 Dec 2007 "C:\Programmi\Alwil Software\Avast4\ashDisp.exe"
79224 4 Dec 2007 "C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe"


end of report


e il log di hijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.46.42, on 09/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
c:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ps2.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\Foxmail\Foxmail.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Administrator\Desktop\HijackThis\Hijac kThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://notizie.virgilio.it/informazione/home/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Vista HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmi\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [HPHUPD06] c:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Foxmail] C:\Programmi\Foxmail\Foxmail.exe -min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: ZDelete Auto-Cleaner - {EB7F329E-F14E-48ae-AB69-4E28C492D382} - C:\PROGRA~1\LSOFTT~1\ACTIVE~1\ZDelete.exe (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource...scbase5059.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - c:\Programmi\File comuni\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe (file missing)

--
End of file - 9533 bytes


Grazie ancora per il vostro prezioso aiuto...

[Angelodj]

ora cancello queste cartelle:

C:\Programmi\Foxmail\bak
C:\Programmi\iTunes\bak
C:\Programmi\QuickTime\bak
C:\WINDOWS\SMINST\bak
C:\hp\drivers\hplsbwatcher\bak
C:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\bak
C:\Programmi\Adobe\Reader 8.0\Reader\bak
C:\Programmi\Java\jre1.6.0_03\bin\bak


non so cosa fare con
C:\WINDOWS\system32\bak perchè dentro c'è ancora il file ctfmon.exe...che faccio?

AIUTO!!

[Deifobe]

vai in C:\WINDOWS\system32 ed elimina ctfmon.exe. Poi vai in C:\WINDOWS\system32\bak\ctfmon.exe, clicca con il tasto destro del mouse, seleziona taglia, sali di un livello (C:\WINDOWS\system32) e incolla.

[Angelodj]

Ok fatto!

Ora pensi sia tutto a posto? Nelle connessioni non trovo nulla di strano, ho fatto girare Avast e mi ha trovato 6 o 7 porcherie ammazzate facilmente...io sono fiducioso ma attendo conferme dagli esperti del forum...grazie!!

Angelo

[Deifobe]

assodato che hai:
C:\WINDOWS\system32\ctfmon.exe e C:\WINDOWS\system32\bak \ctfmon.exe,
scarica Avenger.
Eseguilo e seleziona l'opzione "Input Script Manually".
Clicca sulla lente d'ingrandimento e all'interno della finestra "Wiew/edit script", nel box bianco, copia/incolla:

files to delete:
C:\WINDOWS\system32\ctfmon.exe

files to move:
C:\WINDOWS\system32\bak\ctfmon.exe | C:\WINDOWS\system32\ctfmon.exe

Clicca sul pulsante "Done", poi sul semaforo verde.
Rispondi 2 volte Yes. Il pc dovrebbe riavviarsi da solo, altrimenti riavvialo tu.
Posta il report rilasciato.

[Angelodj]

ecco il risultato:

Find AWF report by noahdfear ©2006


bak folders found
~~~~~~~~~~~

Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 7088-C2C1

Directory di C:\PROGRA~1\MESSEN~1\BAK

0 File 0 byte
2 Directory 116.359.991.296 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 7088-C2C1

Directory di C:\PROGRA~1\WIFD1F~1\BAK

03/11/2006 18.20 866.584 MSASCui.exe
1 File 866.584 byte
2 Directory 116.359.991.296 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 7088-C2C1

Directory di C:\PROGRA~1\ALWILS~1\AVAST4\BAK

04/12/2007 14.00 79.224 ashDisp.exe
1 File 79.224 byte
2 Directory 116.359.970.816 byte disponibili


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

866584 3 Nov 2006 "C:\Programmi\Windows Defender\MSASCui.exe"
866584 3 Nov 2006 "C:\Programmi\Windows Defender\bak\MSASCui.exe"
79224 4 Dec 2007 "C:\Programmi\Alwil Software\Avast4\ashDisp.exe"
79224 4 Dec 2007 "C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe"


end of report


attendo fiducioso...grazie ancora!

[Deifobe]

sempre con avenger, stavolta devi inserire questo script:

files to delete:
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\Alwil Software\Avast4\ashDisp.exe

files to move:
C:\Programmi\Windows Defender\bak\MSASCui.exe | C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe | C:\Programmi\Alwil Software\Avast4\ashDisp.exe

posta il report

[Angelodj]

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Service s\pjcphpxk

*******************

Script file located at: \??\C:\Program Files\armrersw.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Programmi\Windows Defender\MSASCui.exe deleted successfully.
File C:\Programmi\Alwil Software\Avast4\ashDisp.exe deleted successfully.
File move operation C:\Programmi\Windows Defender\bak\MSASCui.exe|C:\Programmi\Windows Defender\MSASCui.exe completed successfully.
File move operation C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe|C:\Programmi\Alwil Software\Avast4\ashDisp.exe completed successfully.

Completed script processing.

*******************

Finished! Terminate.


Sono buone notizie? Grazie per il prezioso aiuto!

Angelo

[Deifobe]

si..
ora cancella a mano le cartelle:
C:\Programmi\Windows Defender\bak
C:\Programmi\Alwil Software\Avast4\bak

fine..