Problemi Con Avast Home Edition

[Hikari-chan]

Salve a tutti, ho un piccolo problema con il mio antivirus, avast home edition. Premetto che l'antivirus è regolarmente aggiornato all'ultima versione, come anche per le firme. Da due giorni però continua a darmi un messaggio di avviso all'accensione del pc, ve lo riporto qui di seguito:

"Trovato un file sospetto!

E' stato rilevato un file sospetto (usando il metodo euristico). Potrebbe essere un segnale d'infezione virus. Si prega di inviare il file al nostro laboratorio virus per ulteriori anlisi.

Nome del file: C:\WINDOWS\SYSTEM32\drivers\smss.exe

Tipo: Rootkit: processo nascosto"

Fra le possibili azioni posso eliminare ora il cosiddetto file, oppure ignorare. Fra le azioni raccomandate c'è quella di ignorare. Ora io, per mia ignoranza, non sapendo se questo file sia realmente nocivo, non lo cancello, anche perchè non vorrei compromettere il corretto funzionamento del mio pc. D'altronde potrebbe anche essere un errore dell'antivirus no?

Quindi chiedo aiuto a voi, cosa dovrei fare con questo file?

Ringrazio in anticipo quanti mi daranno un pò d'aiuto.

Modificato December 18, 2008 da Hikari-chan

[$angelique!?]

Ciao Hikari-chan,

purtroppo non è un falso positivo.

Il nome (smss.exe) è simile ad un file legittimo

C:\WINDOWS\System32\smss.exe

ma questo file eseguito dalla cartella drivers è una variante di Trojan:Win32/Eson.C | info

c:\windows\system32\drivers\smss.exe

Segui le indicazioni per Sdfix (tool n.2) ed allega il report

[Hikari-chan]

Allora è proprio un Trojan ... In ogni caso ho fatto come mi hai consigliato e scaricato SmitFraudFix. Ho messo la prima opzione, il search (per il file di report). Solo che ho dovuto farlo con l'antivirus attivato, perchè non sono riuscita a capire come si disattivi avast ...

Ti incollo qui il risultato del report:

SmitFraudFix v2.387

Scan done at 18.05.15,71, 18/12/2008

Run from C:\Documents and Settings\Sergio\Desktop\SmitfraudFix

OS: Microsoft Windows XP [Versione 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmi\PC Tools Firewall Plus\FWService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Programmi\Analog Devices\Core\smax4pnp.exe

C:\Programmi\Analog Devices\SoundMAX\Smax4.exe

C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe

C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe

C:\Programmi\Logitech\QuickCam\Quickcam.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe

C:\Programmi\Java\jre6\bin\jusched.exe

C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe

C:\Programmi\Nokia\Nokia PC Suite 7\PCSync2.exe

C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe

C:\Programmi\Windows Desktop Search\WindowsSearch.exe

C:\Programmi\Alwil Software\Avast4\ashServ.exe

c:\Programmi\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\cisvc.exe

C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Programmi\Java\jre6\bin\jqs.exe

C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe

C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe

C:\Programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe

C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe

C:\Programmi\Alwil Software\Avast4\ashWebSv.exe

C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe

C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Programmi\Windows Live\Messenger\msnmsgr.exe

C:\Programmi\Windows Live\Messenger\usnsvc.exe

C:\Programmi\PeerGuardian2\pg2.exe

C:\Programmi\File comuni\Adobe\Updater5\AdobeUpdater.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Programmi\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

hosts file corrupted !

127.0.0.1 www.legal-at-spybot.info

127.0.0.1 legal-at-spybot.info

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sergio

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Sergio\IMPOST~1\Temp

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sergio\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Sergio\PREFER~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Programmi

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Pagina iniziale corrente"

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch

!!!Attention, following keys are not inevitably infected!!!

o4Patch

Credits: Malware Analysis & Diagnostic

Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

!!!Attention, following keys are not inevitably infected!!!

IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

!!!Attention, following keys are not inevitably infected!!!

VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

!!!Attention, following keys are not inevitably infected!!!

404Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon

!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NVIDIA nForce Networking Controller - Miniport dell'Utilità di pianificazione pacchetti

DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{48EE356E-62C9-4691-BFC6-440F2F2F2756}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{48EE356E-62C9-4691-BFC6-440F2F2F2756}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS2\Services\Tcpip\..\{48EE356E-62C9-4691-BFC6-440F2F2F2756}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS3\Services\Tcpip\..\{48EE356E-62C9-4691-BFC6-440F2F2F2756}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Ps grazie mille per l'aiuto che mi stai dando ^^

[$angelique!?]

Segui le indicazioni per Sdfix (tool n.2) ed allega il report

Non dovevi usare SmitFraudFix, ma Sdfix

[Hikari-chan]

Segui le indicazioni per Sdfix (tool n.2) ed allega il report

Non dovevi usare SmitFraudFix, ma Sdfix

Oops ^^" ... Scusa, è che quando ho cliccato sul link sotto la scritta di Sdfix mi è uscito il topic con quell'altro programma. Comunque ho provveduto ad usare il programma che mi hai detto, Sdfix, ho fatto tutto in modalità provvisoria e mi ha dato come risultato questo report:

SDFix: Version 1.240

Run by Sergio on 18/12/2008 at 18:58

Microsoft Windows XP [Versione 5.1.2600]

Running From: C:\SDFix

Checking Services :

Restoring Default Security Values

Restoring Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\drivers\smss.exe - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-18 19:16:22

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:2df9c43f

"s2"=dword:110480d0

"h0"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"h0"=dword:00000002

"ujdew"=hex:7f,1c,71,1f,7b,bf,34,03,34,a4,a6,d1,ac,b5,7a,18,2b,9f,7d,10,62,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]

"h0"=dword:00000000

"hdf12"=hex:1b,03,22,68,38,91,c4,8b,fc,96,cf,30,ba,13,26,b4,84,80,17,b9,9d,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000001

"khjeh"=hex:69,b7,b7,4a,86,7d,3d,3d,3f,4f,c8,da,1f,15,70,16,9d,7d,ed,3d,dc,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"h0"=dword:00000002

"ujdew"=hex:7f,1c,71,1f,7b,bf,34,03,34,a4,a6,d1,ac,b5,7a,18,2b,9f,7d,10,62,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]

"h0"=dword:00000000

"hdf12"=hex:1b,03,22,68,38,91,c4,8b,fc,96,cf,30,ba,13,26,b4,84,80,17,b9,9d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000001

"khjeh"=hex:69,b7,b7,4a,86,7d,3d,3d,3f,4f,c8,da,1f,15,70,16,9d,7d,ed,3d,dc,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"h0"=dword:00000002

"ujdew"=hex:7f,1c,71,1f,7b,bf,34,03,34,a4,a6,d1,ac,b5,7a,18,2b,9f,7d,10,62,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]

"h0"=dword:00000000

"hdf12"=hex:1b,03,22,68,38,91,c4,8b,fc,96,cf,30,ba,13,26,b4,84,80,17,b9,9d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000001

"khjeh"=hex:69,b7,b7,4a,86,7d,3d,3d,3f,4f,c8,da,1f,15,70,16,9d,7d,ed,3d,dc,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]

"DisplayName"="Alcohol 120%"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\CatalogNames\Windows\SystemIndex]

"pkm:catalog:LastCatalogCrawlId"=dword:0000016a

"pkm:catalog:LastCatalogCrawlModified"=dword:00000604

"pkm:catalog:LastCatalogCrawlErrors"=dword:0000000d

"pkm:catalog:LastCatalogCrawlExcludes"=dword:00000063

"pkm:catalog:LastCatalogCrawlKBytes"=dword:00005807

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex]

"CheckPointNumber"=dword:00000008

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\363]

"CrawlType"=dword:00000005

"InProgress"=dword:00000001

"DoneAddingCrawlSeeds"=dword:00000001

"LogName"="C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Crwl363.gthr"

"CheckPoint"=hex:be,4e,3b,00,00,00,00,00

"IsCatalogLevel"=dword:00000000

"LogStartAddId"=dword:00000000

"SuccessfulTransactions"=dword:00000001

"ErrorTransactions"=dword:00000000

"WarningTransactions"=dword:00000000

"ExcludedTransactions"=dword:00000065

"RetryTransactions"=dword:00000000

"KilobytesCrawled"=dword:00000000

"Modified"=dword:000003db

"UnvisitedItems"=dword:00000001

"ForcedFullCrawl"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\364]

"InProgress"=dword:00000000

"DoneAddingCrawlSeeds"=dword:00000000

"LogStartAddId"=dword:ffffffff

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\0]

"CrawlNumberInProgress"=dword:0000016b

"CrawlNumberScheduled"=dword:0000016c

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Programmi\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"="C:\\Programmi\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

"C:\\Programmi\\BitTorrent\\bittorrent.exe"="C:\\Programmi\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"

"C:\\Programmi\\utorrent\\utorrent.exe"="C:\\Programmi\\utorrent\\utorrent.exe:*:Enabled:æTorrent"

"C:\\Documents and Settings\\Sergio\\Desktop\\Nuova cartella\\utorrent.exe"="C:\\Documents and Settings\\Sergio\\Desktop\\Nuova cartella\\utorrent.exe:*:Enabled:æTorrent"

"C:\\Programmi\\eMule\\emule.exe"="C:\\Programmi\\eMule\\emule.exe:*:Enabled:eMule"

"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner"

"C:\\Documents and Settings\\Sergio\\Desktop\\Varie Cartelle\\Varie\\utorrent.exe"="C:\\Documents and Settings\\Sergio\\Desktop\\Varie Cartelle\\Varie\\utorrent.exe:*:Enabled:æTorrent"

"C:\\Documents and Settings\\Sergio\\Desktop\\TVKoo_071222_by_Myp2p.eu.exe"="C:\\Documents and Settings\\Sergio\\Desktop\\TVKoo_071222_by_Myp2p.eu.exe:*:Enabled:ViViMediaPlay"

"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"="C:\\Programmi\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\\Programmi\\lphant\\eLePhantClient.exe"="C:\\Programmi\\lphant\\eLePhantClient.exe:*:Enabled:Lphant"

"C:\\Programmi\\Bonjour\\mDNSResponder.exe"="C:\\Programmi\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"="C:\\Programmi\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 22 Oct 2007 24 ..SH. --- "C:\WINDOWS\SE6789363.tmp"

Sun 13 Apr 2008 60,416 A.SH. --- "C:\Programmi\Outlook Express\msimn.exe"

Wed 22 Oct 2008 949,072 A.SHR --- "C:\Programmi\Spybot - Search & Destroy\advcheck.dll"

Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Programmi\Spybot - Search & Destroy\SDHelper.dll"

Wed 30 Jul 2008 1,429,840 A.SHR --- "C:\Programmi\Spybot - Search & Destroy\SDUpdate.exe"

Wed 30 Jul 2008 4,891,984 A.SHR --- "C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe"

Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe"

Wed 22 Oct 2008 962,896 A.SHR --- "C:\Programmi\Spybot - Search & Destroy\Tools.dll"

Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"

Wed 1 Aug 2007 2,516 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"

Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"

Sun 16 Mar 2008 216,064 ..SHR --- "C:\WINDOWS\system32\nbDX.dll"

Thu 27 Sep 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Sun 26 Jun 2005 616,448 ..SHR --- "C:\Programmi\eRightSoft\SUPER\cygwin1.dll"

Tue 21 Jun 2005 45,568 ..SHR --- "C:\Programmi\eRightSoft\SUPER\cygz.dll"

Wed 9 Jul 2008 72,704 ..SHR --- "C:\Programmi\eRightSoft\SUPER\Setup.exe"

Tue 2 Oct 2007 15,872 A.SHR --- "C:\Programmi\eRightSoft\SUPER\_Setup.dll"

Wed 1 Aug 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Wed 27 Jun 2007 3,448,562 A..H. --- "C:\Documents and Settings\Sergio\Documenti\Win Magazine\cmdline.exe"

Sun 5 Mar 2006 5,652,480 A..H. --- "C:\Documents and Settings\Sergio\Documenti\Win Magazine\mplayerc.exe"

Thu 19 Apr 2007 32,928 A..H. --- "C:\Documents and Settings\Sergio\Documenti\Win Magazine\uninstall.exe"

Wed 9 May 2007 3,363,603 A..H. --- "C:\Documents and Settings\Sergio\Documenti\Win Magazine\win_magazine.exe"

Tue 4 Jun 2002 84,992 ...HR --- "C:\Programmi\eRightSoft\SUPER\mencoder\14_43260.dll"

Tue 4 Jun 2002 44,032 ...HR --- "C:\Programmi\eRightSoft\SUPER\mencoder\28_83260.dll"

Tue 10 Dec 2002 73,766 ...HR --- "C:\Programmi\eRightSoft\SUPER\mencoder\atrc3260.dll"

Tue 10 Dec 2002 65,575 ...HR --- "C:\Programmi\eRightSoft\SUPER\mencoder\cook3260.dll"

Sun 9 Jun 2002 36,864 ...HR --- "C:\Programmi\eRightSoft\SUPER\mencoder\ddnt3260.dll"

Tue 4 Jun 2002 20,480 ...HR --- "C:\Programmi\eRightSoft\SUPER\mencoder\dnet3260.dll"

Tue 10 Dec 2002 102,437 ...HR --- "C:\Programmi\eRightSoft\SUPER\mencoder\drv13260.dll"

Tue 10 Dec 2002 176,165 ...HR --- "C:\Programmi\eRightSoft\SUPER\mencoder\drv23260.dll"

Tue 10 Dec 2002 208,935 ...HR --- "C:\Programmi\eRightSoft\SUPER\mencoder\drv33260.dll"

Tue 10 Dec 2002 217,127 ...HR --- "C:\Programmi\eRightSoft\SUPER\mencoder\drv43260.dll"

Sun 9 Jun 2002 40,448 ...HR --- "C:\Programmi\eRightSoft\SUPER\mencoder\dspr3260.dll"

Sat 3 Nov 2001 225,280 ...HR --- "C:\Programmi\eRightSoft\SUPER\mencoder\ivvideo.dll"

Tue 10 Apr 2001 225,280 ...HR --- "C:\Programmi\eRightSoft\SUPER\mencoder\qtmlClient.dll"

Fri 20 Feb 2004 232,960 ...HR --- "C:\Programmi\eRightSoft\SUPER\mencoder\raac.dll"

Sun 9 Jun 2002 525,824 ...HR --- "C:\Programmi\eRightSoft\SUPER\mencoder\rnco3260.dll"

Tue 10 Dec 2002 245,805 ...HR --- "C:\Programmi\eRightSoft\SUPER\mencoder\rnlt3260.dll"

Tue 10 Dec 2002 45,093 ...HR --- "C:\Programmi\eRightSoft\SUPER\mencoder\rv103260.dll"

Tue 10 Dec 2002 98,341 ...HR --- "C:\Programmi\eRightSoft\SUPER\mencoder\rv203260.dll"

Tue 10 Dec 2002 94,247 ...HR --- "C:\Programmi\eRightSoft\SUPER\mencoder\rv303260.dll"

Tue 10 Dec 2002 90,151 ...HR --- "C:\Programmi\eRightSoft\SUPER\mencoder\rv403260.dll"

Tue 10 Dec 2002 102,439 ...HR --- "C:\Programmi\eRightSoft\SUPER\mencoder\sipr3260.dll"

Sun 9 Jun 2002 49,152 ...HR --- "C:\Programmi\eRightSoft\SUPER\mencoder\tokr3260.dll"

Thu 20 Mar 2008 5,632 ..SHR --- "C:\Programmi\eRightSoft\SUPER\spk\1stRun.exe"

Fri 28 Mar 2008 165,232 A..H. --- "C:\Documents and Settings\Sergio\Dati applicazioni\Microsoft\Virtual PC\VPCKeyboard.dll"

Thu 9 Oct 2008 1,332 ...HR --- "C:\Documents and Settings\Sergio\Dati applicazioni\SecuROM\UserData\securom_v7_01.bak"

Finished!

Ps grazie ancora per l'aiuto e la pazienza ^^"

[$angelique!?]

Il link a Sdfix era giusto, avevo anche specificato tool n.2,

comunque l'importante è che siamo riusciti ad eliminare l'intruso...e dai report risulta che non ci sono altre infezioni.

[Hikari-chan]

Sono io la solita incapace, scusa ^^"! Si sembra essersi risolto tutto, Avast non mi da più la finestrella di errore. Mi sento sollevata, grazie tantissimo per l'aiuto che mi hai dato,davvero

[$angelique!?]