beep

Credo di avere risolto. Sia Virit che l'antivirus non trovano più nulla. Grazie a tutti per l'aiuto non so come avrei potuto fare senza.

fatto. Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\qygghyjf ******************* Script file located at: \??\C:\WINDOWS\system32\yivhevlj.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\SERVICES.EXE deleted successfully. File C:\WINDOWS\tanservice.exe deleted successfully. File C:\WINDOWS\farservice.exe deleted successfully. File C:\WINDOWS\svcq16.exe deleted successfully. Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully. Completed script processing. ******************* Finished! Terminate.

nel regedit aprendo le cartelle che mi hai indicato arrivo alla stringa finale che dovrebbe essere C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\SERVICES.EXE ma la parte che dovrei cancellare non c'è. Questo è quello che c'è C:\WINDOWS\system32\userinit.exe, guardando nella cartella windows i files che ogni volta mi riforma sono: farservice.exe tanservice.exe svcq16.exe proseguo comunque con avenger?

eccolo: Logfile of RunAlyzer 0.3. Copyright © 2000-2005 Safer Networking Limited. Tutti i diritti sono riservati. Scan saved at 21/12/2006 12.32.10 Platform: Windows XP (Build: 2600) Service Pack 2 (5.1.2600) Running processes: [system] System C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe C:\Programmi\AvaFind\AvaFind.exe C:\WINDOWS\System32\smss.exe C:\VEXPLITE\MONLITE.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\csrss.exe C:\Programmi\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Programmi\ewido\security suite\ewidoctrl.exe C:\Programmi\ewido\security suite\ewidoguard.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\VEXPLITE\viritsvc.exe C:\Programmi\Safer Networking\RunAlyzer\RunAlyzer.exe C:\Programmi\ATnotes\ATnotes.exe C:\WINDOWS\system32\alg.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\SERVICES.EXE O4 - Startup: ATnotes.lnk = C:\Programmi\ATnotes\ATnotes.exe O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe O4 - HKLM\..\Run: [AvaFind] C:\Programmi\AvaFind\AvaFind.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE O23 - Service: Driver ACPI Microsoft (ACPI) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ACPI.sys O23 - Service: Adobe LM Service (Adobe LM Service) - /owner unsupported/ - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Eliminatore di eco acustico del kernel Microsoft (aec) - /owner unsupported/ - C:\WINDOWS\system32\drivers\aec.sys O23 - Service: AFD (AFD) - /owner unsupported/ - C:\WINDOWS\System32\drivers\afd.sys O23 - Service: Avvisi (Alerter) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe O23 - Service: Servizio Gateway di livello applicazione (ALG) - /owner unsupported/ - C:\WINDOWS\System32\alg.exe O23 - Service: Gestione applicazione (AppMgmt) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe O23 - Service: ASP.NET State Service (aspnet_state) - /owner unsupported/ - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe O23 - Service: Driver per supporti asincroni RAS (AsyncMac) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\asyncmac.sys O23 - Service: Controller disco rigido IDE/ESDI standard (atapi) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\atapi.sys O23 - Service: Protocollo client ARP ATM (Atmarpc) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\atmarpc.sys O23 - Service: Audio Windows (AudioSrv) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe O23 - Service: Driver stub audio (audstub) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\audstub.sys O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - /owner unsupported/ - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Kernel (Avg7Core) - /owner unsupported/ - C:\WINDOWS\System32\Drivers\avg7core.sys O23 - Service: AVG7 Wrap Driver (Avg7RsW) - /owner unsupported/ - C:\WINDOWS\System32\Drivers\avg7rsw.sys O23 - Service: AVG7 Resident Driver XP (Avg7RsXP) - /owner unsupported/ - C:\WINDOWS\System32\Drivers\avg7rsxp.sys O23 - Service: AVG7 Update Service (Avg7UpdSvc) - /owner unsupported/ - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - /owner unsupported/ - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: AVG Network Redirector (AvgTdi) - /owner unsupported/ - C:\WINDOWS\System32\Drivers\avgtdi.sys O23 - Service: Servizio trasferimento intelligente in background (BITS) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe O23 - Service: Browser di computer (Browser) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe O23 - Service: Driver del CD-ROM (Cdrom) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\cdrom.sys O23 - Service: Servizio di indicizzazione (CiSvc) - /owner unsupported/ - C:\WINDOWS\system32\cisvc.exe O23 - Service: ClipBook (ClipSrv) - /owner unsupported/ - C:\WINDOWS\system32\clipsrv.exe O23 - Service: Applicazione di sistema COM+ (COMSysApp) - /owner unsupported/ - C:\WINDOWS\system32\dllhost.exe O23 - Service: Servizi di crittografia (CryptSvc) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe O23 - Service: Utilità di avvio processo server DCOM (DcomLaunch) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe O23 - Service: Client DHCP (Dhcp) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe O23 - Service: Driver del disco (Disk) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\disk.sys O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - /owner unsupported/ - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Driver Gestione dischi logici (dmio) - /owner unsupported/ - C:\WINDOWS\System32\drivers\dmio.sys O23 - Service: Gestione dischi logici (dmserver) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe O23 - Service: Sintetizzatore DLS Microsoft Kernel (DMusic) - /owner unsupported/ - C:\WINDOWS\system32\drivers\DMusic.sys O23 - Service: Client DNS (Dnscache) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe O23 - Service: Decodificatore audio DRM del kernel Microsoft (drmkaud) - /owner unsupported/ - C:\WINDOWS\system32\drivers\drmkaud.sys O23 - Service: Servizio di segnalazione errori (ERSvc) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe O23 - Service: Registro eventi (Eventlog) - /owner unsupported/ - C:\WINDOWS\system32\services.exe O23 - Service: Sistema di eventi COM+ (EventSystem) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe O23 - Service: ewido security suite control (ewido security suite control) - /owner unsupported/ - C:\Programmi\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite driver (ewido security suite driver) - /owner unsupported/ - C:\Programmi\ewido\security suite\guard.sys O23 - Service: ewido security suite guard (ewido security suite guard) - /owner unsupported/ - C:\Programmi\ewido\security suite\ewidoguard.exe O23 - Service: Compatibilità di Cambio rapido utente (FastUserSwitchingCompatibility) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe O23 - Service: Driver controller disco floppy (Fdc) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\fdc.sys O23 - Service: Driver disco floppy (Flpydisk) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\flpydisk.sys O23 - Service: FltMgr (FltMgr) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\fltMgr.sys O23 - Service: Driver archiviazione volumi (Ftdisk) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ftdisk.sys O23 - Service: Enumeratore porta giochi (gameenum) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\gameenum.sys O23 - Service: Utilità di classificazione pacchetti generica (Gpc) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\msgpc.sys O23 - Service: Guida in linea e supporto tecnico (helpsvc) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe O23 - Service: Accesso periferica Human Interface (HidServ) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe O23 - Service: HTTP (HTTP) - /owner unsupported/ - C:\WINDOWS\System32\Drivers\HTTP.sys O23 - Service: SSL HTTP (HTTPFilter) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe O23 - Service: Driver di porta mouse PS/2 e tastiera i8042 (i8042prt) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\i8042prt.sys O23 - Service: Driver filtro masterizzazione CD (Imapi) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\imapi.sys O23 - Service: Servizio COM di masterizzazione CD IMAPI (ImapiService) - /owner unsupported/ - C:\WINDOWS\system32\imapi.exe O23 - Service: Driver Windows Firewall IPv6 (Ip6Fw) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys O23 - Service: Driver filtro traffico IP (IpFilterDriver) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys O23 - Service: Driver tunnel IP in IP (IpInIp) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ipinip.sys O23 - Service: Traduttore indirizzi di rete IP (IpNat) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ipnat.sys O23 - Service: Driver IPSEC (IPSec) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ipsec.sys O23 - Service: Protocollo IrDA (irda) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\irda.sys O23 - Service: Servizio enumeratore infrarossi (IRENUM) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\irenum.sys O23 - Service: Monitor infrarossi (Irmon) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe O23 - Service: Driver bus PnP ISA/EISA (isapnp) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\isapnp.sys O23 - Service: Driver classe tastiera (Kbdclass) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\kbdclass.sys O23 - Service: HOYA Computer Co., (KC180) - /owner unsupported/ - C:\WINDOWS\System32\Drivers\kcirusb.sys O23 - Service: %KCIRDA.ServiceDesc% (KCIRDA) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\KCIrNet.sys O23 - Service: Mixer wave audio del kernel Microsoft (kmixer) - /owner unsupported/ - C:\WINDOWS\system32\drivers\kmixer.sys O23 - Service: Server (lanmanserver) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe O23 - Service: Workstation (lanmanworkstation) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe O23 - Service: Helper NetBIOS di TCP/IP (LmHosts) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe O23 - Service: Messenger (Messenger) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe O23 - Service: Condivisione desktop remoto di NetMeeting (mnmsrvc) - /owner unsupported/ - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: Driver classe mouse (Mouclass) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\mouclass.sys O23 - Service: Redirector del client WebDav (MRxDAV) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\mrxdav.sys O23 - Service: MRXSMB (MRxSmb) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys O23 - Service: Distributed Transaction Coordinator (MSDTC) - /owner unsupported/ - C:\WINDOWS\system32\msdtc.exe O23 - Service: Windows Installer (MSIServer) - /owner unsupported/ - C:\WINDOWS\system32\msiexec.exe O23 - Service: Proxy di servizio di flusso Microsoft (MSKSSRV) - /owner unsupported/ - C:\WINDOWS\system32\drivers\MSKSSRV.sys O23 - Service: Proxy clock di flusso Microsoft (MSPCLOCK) - /owner unsupported/ - C:\WINDOWS\system32\drivers\MSPCLOCK.sys O23 - Service: Proxy di gestione qualità di flusso Microsoft (MSPQM) - /owner unsupported/ - C:\WINDOWS\system32\drivers\MSPQM.sys O23 - Service: Driver BIOS Microsoft System Management (mssmbios) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\mssmbios.sys O23 - Service: Driver Microsoft MPU-401 MIDI UART (ms_mpu401) - /owner unsupported/ - C:\WINDOWS\system32\drivers\msmpu401.sys O23 - Service: Mup (Mup) - /owner unsupported/ - O23 - Service: Driver di sistema NDIS (NDIS) - /owner unsupported/ - O23 - Service: Driver TAPI NDIS di accesso remoto (NdisTapi) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ndistapi.sys O23 - Service: Protocollo I/O modalità utente su NDIS (Ndisuio) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ndisuio.sys O23 - Service: Driver WAN NDIS di accesso remoto (NdisWan) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ndiswan.sys O23 - Service: Interfaccia NetBIOS (NetBIOS) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\netbios.sys O23 - Service: NetBios su Tcpip (NetBT) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\netbt.sys O23 - Service: DDE di rete (NetDDE) - /owner unsupported/ - C:\WINDOWS\system32\netdde.exe O23 - Service: DDE DSDM di rete (NetDDEdsdm) - /owner unsupported/ - C:\WINDOWS\system32\netdde.exe O23 - Service: Accesso rete (Netlogon) - /owner unsupported/ - C:\WINDOWS\system32\lsass.exe O23 - Service: Connessioni di rete (Netman) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe O23 - Service: NLA (Network Location Awareness) (Nla) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe O23 - Service: Nokia USB Generic (Nokia USB Generic) - /owner unsupported/ - C:\WINDOWS\system32\drivers\nmwcdc.sys O23 - Service: Nokia USB Modem (Nokia USB Modem) - /owner unsupported/ - C:\WINDOWS\system32\drivers\nmwcdcm.sys O23 - Service: Nokia USB Phone Parent (Nokia USB Phone Parent) - /owner unsupported/ - C:\WINDOWS\system32\drivers\nmwcd.sys O23 - Service: Nokia USB Port (Nokia USB Port) - /owner unsupported/ - C:\WINDOWS\system32\drivers\nmwcdcj.sys O23 - Service: Provider supporto protezione LM NT (NtLmSsp) - /owner unsupported/ - C:\WINDOWS\system32\lsass.exe O23 - Service: Archivi rimovibili (NtmsSvc) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe O23 - Service: Driver filtro traffico IPX (NwlnkFlt) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys O23 - Service: Driver inoltratore traffico IPX (NwlnkFwd) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys O23 - Service: Driver della porta parallela (Parport) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\parport.sys O23 - Service: Driver bus PCI (PCI) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\pci.sys O23 - Service: Plug and Play (PlugPlay) - /owner unsupported/ - C:\WINDOWS\system32\services.exe O23 - Service: Servizi IPSEC (PolicyAgent) - /owner unsupported/ - C:\WINDOWS\system32\lsass.exe O23 - Service: WAN Miniport (PPTP) (PptpMiniport) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\raspptp.sys O23 - Service: Archiviazione protetta (ProtectedStorage) - /owner unsupported/ - C:\WINDOWS\system32\lsass.exe O23 - Service: Utilità di pianificazione pacchetti QoS (PSched) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\psched.sys O23 - Service: Driver Direct Parallel Link (Ptilink) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ptilink.sys O23 - Service: Driver connessione automatica Accesso remoto (RasAcd) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\rasacd.sys O23 - Service: Auto Connection Manager di Accesso remoto (RasAuto) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe O23 - Service: WAN Miniport (IrDA) (Rasirda) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\rasirda.sys O23 - Service: WAN Miniport (L2TP) (Rasl2tp) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\rasl2tp.sys O23 - Service: Connection Manager di Accesso remoto (RasMan) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe O23 - Service: Driver PPPOE di accesso remoto (RasPppoe) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\raspppoe.sys O23 - Service: Direct Parallel (Raspti) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\raspti.sys O23 - Service: Rdbss (Rdbss) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\rdbss.sys O23 - Service: Driver redirector periferica Terminal Server (rdpdr) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\rdpdr.sys O23 - Service: Gestione sessione di assistenza mediante desktop remoto (RDSessMgr) - /owner unsupported/ - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Driver filtro riproduzione CD-ROM audio digitale (redbook) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\redbook.sys O23 - Service: Routing e Accesso remoto (RemoteAccess) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe O23 - Service: Registro di sistema remoto (RemoteRegistry) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe O23 - Service: RPC Locator (RpcLocator) - /owner unsupported/ - C:\WINDOWS\system32\locator.exe O23 - Service: RPC (Remote Procedure Call) (RpcSs) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe O23 - Service: QoS RSVP (RSVP) - /owner unsupported/ - C:\WINDOWS\system32\rsvp.exe O23 - Service: Driver NT scheda Fast Ethernet PCI Realtek basata su RTL8139 (rtl8139) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\RTL8139.SYS O23 - Service: Gestione account di protezione (SAM) (SamSs) - /owner unsupported/ - C:\WINDOWS\system32\lsass.exe O23 - Service: smart card (SCardSvr) - /owner unsupported/ - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Utilità di pianificazione (Schedule) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe O23 - Service: Secdrv (Secdrv) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\secdrv.sys O23 - Service: Accesso secondario (seclogon) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe O23 - Service: Notifica eventi di sistema (SENS) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe O23 - Service: Driver filtro Serenum (serenum) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\serenum.sys O23 - Service: Driver della porta seriale (Serial) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\serial.sys O23 - Service: Unità disco floppy ad alta capacità (Sfloppy) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\sfloppy.sys O23 - Service: Windows Firewall / Condivisione connessione Internet (ICS) (SharedAccess) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe O23 - Service: Rilevamento hardware shell (ShellHWDetection) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe O23 - Service: Service for AC'97 Sample Driver (WDM) (SiS7012) - /owner unsupported/ - C:\WINDOWS\system32\drivers\sis7012.sys O23 - Service: Filtro bus SIS AGP (sisagp) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\sisagp.sys O23 - Service: Frazionatore audio del kernel Microsoft (splitter) - /owner unsupported/ - C:\WINDOWS\system32\drivers\splitter.sys O23 - Service: Spooler di stampa (Spooler) - /owner unsupported/ - C:\WINDOWS\system32\spoolsv.exe O23 - Service: Driver filtro Ripristino configurazione di sistema (sr) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\sr.sys O23 - Service: Servizio Ripristino configurazione di sistema (srservice) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe O23 - Service: Srv (Srv) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\srv.sys O23 - Service: Servizio di rilevamento SSDP (SSDPSRV) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe O23 - Service: Acquisizione di immagini di Windows (WIA) (stisvc) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe O23 - Service: Driver bus software (swenum) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\swenum.sys O23 - Service: Sintetizzatore Wavetable GS kernel Microsoft (swmidi) - /owner unsupported/ - C:\WINDOWS\system32\drivers\swmidi.sys O23 - Service: MS Software Shadow Copy Provider (SwPrv) - /owner unsupported/ - C:\WINDOWS\system32\dllhost.exe O23 - Service: Periferica audio di sistema Microsoft Kernel (sysaudio) - /owner unsupported/ - C:\WINDOWS\system32\drivers\sysaudio.sys O23 - Service: Avvisi e registri di prestazioni (SysmonLog) - /owner unsupported/ - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Telefonia (TapiSrv) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe O23 - Service: Driver protocollo TCP/IP (Tcpip) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\tcpip.sys O23 - Service: Driver della periferica terminale (TermDD) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\termdd.sys O23 - Service: Servizi terminal (TermService) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe O23 - Service: Temi (Themes) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe O23 - Service: Telnet (TlntSvr) - /owner unsupported/ - C:\WINDOWS\system32\tlntsvr.exe O23 - Service: Manutenzione collegamenti distribuiti client (TrkWks) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe O23 - Service: Windows User Mode Driver Framework (UMWdf) - /owner unsupported/ - C:\WINDOWS\system32\wdfmgr.exe O23 - Service: Driver aggiornamento microcodice (Update) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\update.sys O23 - Service: Host di periferiche Plug and Play universali (upnphost) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe O23 - Service: Gruppo di continuità (UPS) - /owner unsupported/ - C:\WINDOWS\System32\ups.exe O23 - Service: Driver Miniport controller enhanced host USB 2.0 Microsoft (usbehci) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\usbehci.sys O23 - Service: Driver hub USB standard Microsoft (usbhub) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\usbhub.sys O23 - Service: Driver miniport per controller open host USB Microsoft (usbohci) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\usbohci.sys O23 - Service: Classe stampanti USB Microsoft (usbprint) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\usbprint.sys O23 - Service: Driver scanner USB (usbscan) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\usbscan.sys O23 - Service: Driver archiviazione di massa USB (USBSTOR) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS O23 - Service: Virit eXplorer Lite (viritsvclite) - /owner unsupported/ - C:\VEXPLITE\viritsvc.exe O23 - Service: Copia replicata del volume (VSS) - /owner unsupported/ - C:\WINDOWS\System32\vssvc.exe O23 - Service: Ora di Windows (W32Time) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe O23 - Service: Driver ARP IP di accesso remoto (Wanarp) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\wanarp.sys O23 - Service: Driver di compatibilità audio Microsoft WINMM WDM (wdmaud) - /owner unsupported/ - C:\WINDOWS\system32\drivers\wdmaud.sys O23 - Service: ISDN PCI CAPI (WDMCAPI) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\WDMCAPI.sys O23 - Service: NDIS WAN miniport (WDMWANMP) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\wdmwanmp.sys O23 - Service: WebClient (WebClient) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe O23 - Service: Strumentazione gestione Windows (winmgmt) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe O23 - Service: Servizio Numero di serie per dispositivi multimediali portatili (WmdmPmSN) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe O23 - Service: Estensioni driver di Strumentazione gestione Windows (Wmi) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe O23 - Service: Scheda WMI Performance (WmiApSrv) - /owner unsupported/ - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: WpdUsb (WpdUsb) - /owner unsupported/ - C:\WINDOWS\System32\Drivers\wpdusb.sys O23 - Service: Centro sicurezza PC (wscsvc) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe O23 - Service: Aggiornamenti automatici (wuauserv) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe O23 - Service: Zero Configuration reti senza fili (WZCSVC) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe O23 - Service: Servizio Provisioning di rete (xmlprov) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} () - http://office.microsoft.com/templates/ieawsdc.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

prova ad avviarlo con il file bat come spiegato nel quote, ma scarica l'ultima versione del programma (6.1.42) era già stato fatto Gromozon Rootkit Removal Tool : al riavvio mi da un errore e si ferma Trojan.Linkoptimizer Removal Tool non ha trovato nulla!!!! Symantec Trojan.Linkoptimizer Removal Tool 1.0.8 Trojan.Linkoptimizer has not been found on your computer. Cosa resta? Il suicidio?

Nella scansione di Virit appena trova il virus si interrompe la scansione e mi termina il programma. Questo il file log: (ho provato 2 scansioni con lo stesso risultato) VirIT eXplorer Lite Log [sCANSIONE DELLA MEMORIA] OK [sCANSIONE DELLA MEMORIA] OK -------------------------------------------------------- 20/12/2006 - 10:29:12 [sCANSIONE DEL REGISTRO] OK [A:] BOOT SECTOR: OK [C:] MASTER BOOT RECORD: OK BOOT SECTOR: OK C:\WINDOWS\system32:lzx32.sys:$DATA Possibile infezione da virus di nuova generazione C:\WINDOWS\tanservice.exe Infetto da Trojan.Win32.Dialer.ID :] MASTER BOOT RECORD: OK BOOT SECTOR: OK C:\WINDOWS\system32:lzx32.sys:$DATA Possibile infezione da virus di nuova generazione C:\WINDOWS\tanservice.exe Infetto da Trojan.Win32.Dialer.ID [sCANSIONE DELLA MEMORIA] OK [sCANSIONE DELLA MEMORIA] OK -------------------------------------------------------- 20/12/2006 - 10:43:21

eccolo: Logfile of HijackThis v1.99.1 Scan saved at 18.21.03, on 19/12/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) (Unable to list running processes) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.marcoferretti.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [AvaFind] "C:\Programmi\AvaFind\AvaFind.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: ATnotes.lnk = C:\Programmi\ATnotes\ATnotes.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{C9753AAC-99D7-4103-803B-C0101EA75F03}: NameServer = 193.70.192.25 193.70.152.25 O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido\security suite\ewidoguard.exe In AVG anche dopo la scansione in mod. provv. non trova nulla. Rimangono solo nella sez. VIRUS VAULT con queste caratteristiche: NAME: Trojan Horse Dialer.CKN FILE: C:\WINDOWS\system32\svcj16.exe Mi ha installato una connessione chiamata 0202 quando chiama esce un file di nome FARSERVICE Che fo?

Ciao a tutti. Mi sono iscritto a questo forum per sapere se (e soprattutto COME) posso eliminare un trojan horse dialer (ckn). chiedo scusa della mia profonda ignoranza sia in fatto di risoluzione di questo tipo di problemi sia in fatto di forum (è il primo al quale partecipo ). Chiedo anticipatamente scusa se farò errori :sick: come postare nella sez. sbagliata e così via. Ho l'antivirus AVG che mi rileva questo dialer ma non lo può eliminare. Spybot viene bloccato nella scansione :sigh: . Sono disperato. Aiuuuuuuuuto