Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

logfile hijackthis

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

logfile hijackthis

Postdi falcodellanotte » 11/10/06 22:27

ciao ragazzi x favore ho un problemino al pc... potete controllarmi il logfile di hijackthis e vedere se va tutto bene... vi posto di seguito il log:

Logfile of HijackThis v1.99.1
Scan saved at 23.01.32, on 11/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\VMware\VMware Workstation\vmware-authd.exe
C:\Programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Shareguard\ShareGuard.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
E:\d\software\MxMonitor ITA1\MxMonitor ITA\MXMoniE.exe
E:\d\software\WinMX\WinMX.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Shareguard\ShareGuard.exe
E:\mIRC\mirc.exe
H:\winmx\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.overture.com/d/search/p/befr ... omo=befree
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.overture.com/d/search/p/befr ... omo=befree
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,"c:\windows\lexmark-center.exe",
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {45FF61C5-BFA8-D105-A87A-F6F252964450} - C:\WINDOWS\vxuvh1.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll (file missing)
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Programmi\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Capture Page to Onfolio... - res://C:\Programmi\Onfolio\Onfolio.WindowsResources.dll/AddLinkEntryFromDocument.html
O8 - Extra context menu item: Capt&ure Target to Onfolio... - res://C:\Programmi\Onfolio\Onfolio.WindowsResources.dll/AddEntryFromDocumentElement.html
O8 - Extra context menu item: Capture &Snippet to Onfolio... - res://C:\Programmi\Onfolio\Onfolio.WindowsResources.dll/AddEntryFromDocumentSelection.html
O8 - Extra context menu item: Capture Ima&ge to Onfolio... - res://C:\Programmi\Onfolio\Onfolio.WindowsResources.dll/AddEntryFromDocumentElement.html
O8 - Extra context menu item: Capture Page and Selected &Links to Onfolio... - res://C:\Programmi\Onfolio\Onfolio.WindowsResources.dll/AddSiteSnippetFromDocumentSelection.html
O8 - Extra context menu item: Capture Selected Ite&ms to Onfolio... - res://C:\Programmi\Onfolio\Onfolio.WindowsResources.dll/AddMultipleEntriesFromDocumentSelection.html
O8 - Extra context menu item: Capture Site to &Onfolio... - res://C:\Programmi\Onfolio\Onfolio.WindowsResources.dll/AddSiteFromDocument.html
O14 - IERESET.INF: START_PAGE_URL=http://www.overture.com/d/search/p/befree/?Promo=befree00088981906563281284&Keywords=Home+Page&Go=Go&Promo=befree
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {EC52F7A4-27A7-4319-9BA1-E7FE5C90D3AC} - http://td8eau9td.com/f5705372/50310/1/xp/FreeAccess.ocx
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B081140-5585-45C3-B5E7-B03E9401D848}: NameServer = 213.205.36.70 213.205.32.70
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Programmi\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

in attesa di una vostra risposta vi ringrazio anticipatamente :-D
falcodellanotte
Newbie
 
Post: 9
Iscritto il: 11/10/06 22:22

Sponsor
 

Postdi Luke57 » 12/10/06 08:14

Ciao, scarica Virit da qui:
http://www.tgsoft.it/italy/index_ita.html
aggionalo alle ultime definizioni.

Scarica AVGPfix da qui:
http://www.nod32.it/cgi-bin/mapdl.pl?tool=Agent.VP

Apri il registro di sistema:
start>esegui>regedit (lo copi nello spazio bianco)>OK

Aperto l’ediror del registro, ciccando sul segno + accanto alle singole voci, segui questo percorso:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsot\WindowsNT\CurrentVersion\Winlogon, doppio click sullacartella Winlogon, cerchi sulla destra questo valore:
c:\windows\system32\userinit.exe,"c:\windows\lexmark-center.exe

doppio click su di esso, nella finestra Modifica stringa che si apre, nello spazio apposito, troverai scritto:
c:\windows\system32\userinit.exe,c:\windows\lexmark-center.exe
selezioni
,c:\windows\lexmark-center.exe (virgola compresa)
premi il tasto canc>OK
Attento a non cancellare
c:\windows\system32\userinit.exe,il computer non sarebbe in grado di riavviarsi

Rendi visibili file e cartelle nascosti (vai in start>impostazioni>pannello di controllo>opzioni cartella, e clicca su "visualizzazione". Seleziona "visualizza file e cartelle nascosti", "visualizza il contenuto delle cartelle di sistema" e deseleziona "nascondi file protetti e di sistema". Clicca su OK

Esegui AVGPfix, cercando ed eliminando il file:
c:\windows\lexmark-center.exe

Riavvia in modalità provvisoria
(Avviare il computer.Subito dopo il calcolo della RAM e prima che inizi a caricarsi Windows, iniziare a premere ripetutamente il tasto F8 sulla tastiera. Continuare a farlo fino a visualizzare il menu Opzioni avanzate di Windows. Usando i tasti freccia sulla tastiera, scorrere le opzioni e selezionare il menu Modalità Provvisoria, quindi premere Invio)

Fai una scansione completa del sistema con virit
Riavvia in mod.normale, nuova scansione con Virit, posta nuovo log di hiajcktghis e il report delle scansioni di Virit.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi falcodellanotte » 12/10/06 12:16

ciao luke 57 intanto ti ringrazio x aver risposto al mio topic...
Ho seguito passo passo quello ke mi hai detto e di seguito si riporto i due logfile di Hijackthis e di vir:

Logfile of HijackThis v1.99.1
Scan saved at 13.09.01, on 12/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\VEXPLITE\MONLITE.EXE
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\VMware\VMware Workstation\vmware-authd.exe
C:\Programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\VEXPLITE\VIRITEXP.EXE
C:\Programmi\VideoLAN\VLC\vlc.exe
C:\WINDOWS\system32\NOTEPAD.exe
H:\winmx\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.overture.com/d/search/p/befr ... omo=befree
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.overture.com/d/search/p/befr ... omo=befree
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,"c:\windows\lexmark-center.exe",
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {45FF61C5-BFA8-D105-A87A-F6F252964450} - C:\WINDOWS\vxuvh1.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll (file missing)
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Programmi\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Capture Page to Onfolio... - res://C:\Programmi\Onfolio\Onfolio.WindowsResources.dll/AddLinkEntryFromDocument.html
O8 - Extra context menu item: Capt&ure Target to Onfolio... - res://C:\Programmi\Onfolio\Onfolio.WindowsResources.dll/AddEntryFromDocumentElement.html
O8 - Extra context menu item: Capture &Snippet to Onfolio... - res://C:\Programmi\Onfolio\Onfolio.WindowsResources.dll/AddEntryFromDocumentSelection.html
O8 - Extra context menu item: Capture Ima&ge to Onfolio... - res://C:\Programmi\Onfolio\Onfolio.WindowsResources.dll/AddEntryFromDocumentElement.html
O8 - Extra context menu item: Capture Page and Selected &Links to Onfolio... - res://C:\Programmi\Onfolio\Onfolio.WindowsResources.dll/AddSiteSnippetFromDocumentSelection.html
O8 - Extra context menu item: Capture Selected Ite&ms to Onfolio... - res://C:\Programmi\Onfolio\Onfolio.WindowsResources.dll/AddMultipleEntriesFromDocumentSelection.html
O8 - Extra context menu item: Capture Site to &Onfolio... - res://C:\Programmi\Onfolio\Onfolio.WindowsResources.dll/AddSiteFromDocument.html
O14 - IERESET.INF: START_PAGE_URL=http://www.overture.com/d/search/p/befree/?Promo=befree00088981906563281284&Keywords=Home+Page&Go=Go&Promo=befree
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {EC52F7A4-27A7-4319-9BA1-E7FE5C90D3AC} - http://td8eau9td.com/f5705372/50310/1/xp/FreeAccess.ocx
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas http://www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Programmi\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



con virt ti riporto sia il logfile della scansione in modalità provvisoria ( riscontrati alcuni errori) e sia il logfile della scansione eseguita in ultimo in modalità normale



VirIT eXplorer Lite Log

[SCANSIONE DELLA MEMORIA]
VIRUS ATTIVO IN MEMORIA: Trojan.Win32.RootKit.E
[SCANSIONE DELLA MEMORIA]
VIRUS ATTIVO IN MEMORIA: Trojan.Win32.RootKit.E
--------------------------------------------------------
12/10/2006 - 11:09:24

[SCANSIONE DELLA MEMORIA]
VIRUS ATTIVO IN MEMORIA: Trojan.Win32.RootKit.E

[SCANSIONE DEL REGISTRO]
{2a6af021-17a2-4014-8624-cf6015f82fad} Infetto da BHO.Agent.BA
* * * RIMOSSO * * *

[A:]
BOOT SECTOR: OK


[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

C:\Documents and Settings\francesco\Preferiti\Collegamenti\Office XP.url Infetto da HTML.LinkShare.A
* * * RIMOSSO * * *
C:\Documents and Settings\francesco\Preferiti\Collegamenti\Search.url Infetto da HTML.LinkShare.A
* * * RIMOSSO * * *
C:\Documents and Settings\francesco\Preferiti\Collegamenti\Streaming Music.url Infetto da HTML.LinkShare.A
* * * RIMOSSO * * *
C:\Documents and Settings\francesco\Preferiti\Collegamenti\Streaming Video.url Infetto da HTML.LinkShare.A
* * * RIMOSSO * * *
C:\Documents and Settings\francesco\Preferiti\Collegamenti\Technical Wizard.url Infetto da HTML.LinkShare.A
* * * RIMOSSO * * *
C:\Documents and Settings\francesco\Preferiti\Collegamenti\Windows XP.url Infetto da HTML.LinkShare.A
* * * RIMOSSO * * *
C:\Documents and Settings\francesco\Preferiti\Downloads.url Infetto da HTML.LinkShare.A
* * * RIMOSSO * * *
C:\Documents and Settings\francesco\Preferiti\Search.url Infetto da HTML.LinkShare.A
* * * RIMOSSO * * *
C:\WINDOWS\127.tmp Infetto da BHO.LinkOptimizer.I
* * * RIMOSSO * * *
C:\WINDOWS\166.tmp Infetto da BHO.Agent.BC
* * * RIMOSSO * * *

[D:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


[E:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


[F:]


[G:]


[H:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


[I:]


[J:]
BOOT SECTOR: OK


[K:]
BOOT SECTOR: OK


[L:]
BOOT SECTOR: OK


[M:]
BOOT SECTOR: OK


Chiavi Registro infette: 1.
Files Infetti: 10.
Files Sospetti: 0.
Files Analizzati: 139801.
Files Totali: 139801.
Chiavi Registro rimosse: 1.
Virus Rimossi: 10.

[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
12/10/2006 - 11:59:39

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

C:\WINDOWS\vxuvh1.dll Infetto da BHO.LinkOptimizer.I
* * * RIMOSSO * * *

Chiavi Registro infette: 0.
Files Infetti: 1.
Files Sospetti: 0.
Files Analizzati: 89520.
Files Totali: 89520.
Chiavi Registro rimosse: 0.
Virus Rimossi: 1.

--------------------------------------------------------
12/10/2006 - 12:25:07

[SCANSIONE DEL REGISTRO]
OK

[A:]
BOOT SECTOR: OK


[G:]


[H:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 601.
Files Totali: 601.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.

--------------------------------------------------------
12/10/2006 - 12:26:01

[SCANSIONE DEL REGISTRO]
OK

[A:]
BOOT SECTOR: OK


[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


[D:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


[E:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


[F:]


[G:]


[H:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


[I:]


[J:]
BOOT SECTOR: OK


[K:]
BOOT SECTOR: OK


[L:]
BOOT SECTOR: OK


[M:]
BOOT SECTOR: OK


Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 139752.
Files Totali: 139752.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
falcodellanotte
Newbie
 
Post: 9
Iscritto il: 11/10/06 22:22

Postdi falcodellanotte » 12/10/06 16:57

ciao ragazzuoli qlk può darmi uno sguardo a quest ultimi logfile? vi ringrazio anticipatamente... (x i log leggete al post precedente).
falcodellanotte
Newbie
 
Post: 9
Iscritto il: 11/10/06 22:22

Postdi Luke57 » 12/10/06 18:54

Ciao, apri hiajckthis, premi "do a system scan only", cerca e spunta:
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,"c:\windows\lexmark-center.exe",
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll (file missing)

premi fix checked.

Esegui i tool per link optimizer segnalati da Andorra24 in cima alla sezione:
http://www.pc-facile.com/forum/viewtopic.php?t=49816


Posta i report delle scansioni (quello della Prevx lo trovi in C:\Gromozon_Removal.log, quello della symantec in FixLinkopt.log)
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi falcodellanotte » 13/10/06 00:03

ok luke57 come sempre ho seguito quello ke mi hai detto. prima di tutto ho eliminato quei tre file ke mi hai detto con hiajckthis, poi ho fatto una scansione con i due tool ke mi hai consigliato. di seguito ti riporto i due logfile..

gromozon_removal.log

Removal tool loaded into memory
Gromozon rootkit component not detected - searching for other components
Removal tool loaded into memory
Gromozon rootkit component not detected - searching for other components
Scanning: C:\WINDOWS
Scanning: C:\Programmi\File comuni
Removing protected file: C:\Programmi\File comuni\System\arFuNq.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\aVgs.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\AWS.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\beFLd.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\BNtVxk.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\CBtmz.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\cDd.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\cqg.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\dlU.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\DWz.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\eEW.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\fBo.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\fEZkS.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\FiKA.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\FNwJ.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\GAfp.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\GhZ.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\gop.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\GoU.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\GRYg.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\GyQqxL.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\HfdWD.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\hZQ.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\JAxwUu.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\JDo.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\JGL.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\kckl.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\kElwF.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\Kim.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\kNU.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\kOK.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\KrQ.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\lbv.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\LcT.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\lctet.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\leq.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\lGM.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\mHt.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\MORhe.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\nSr.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\OCF.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\OVzpiU.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\pHZ.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\PLNz.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\pod.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\PXM.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\PYx.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\qGF.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\qgjvxx.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\qKbUwr.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\RvM.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\rxB.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\SFvRF.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\Szm.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\ThX.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\UuLfcn.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\vOR.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\vrUrW.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\vTLnM.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\wes.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\whK.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\Xjz.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\xkQu.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\XPOpG.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\YEz.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\yne.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\Yovlc.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\yqb.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\YRK.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR
Removing protected file: C:\Programmi\File comuni\System\ZDpAC.exe
Removing directory: C:\Documents and Settings\\mvAjlBvR


Trojan.Gromozon Removed!

FixLinkopt.log

Symantec Trojan.Linkoptimizer Removal Tool 1.0.2
SeTakeOwnershipPrivilege acquired
SeDebugPrivilege acquired

Trojan.Linkoptimizer has not been found on your computer.

questo è quello ke ho fatto sotto tuo suggerimento... :-D
falcodellanotte
Newbie
 
Post: 9
Iscritto il: 11/10/06 22:22

Postdi falcodellanotte » 13/10/06 12:33

...
falcodellanotte
Newbie
 
Post: 9
Iscritto il: 11/10/06 22:22

Postdi Luke57 » 13/10/06 12:39

Ciao, scusa il ritardo, hai ancora problemi
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi falcodellanotte » 13/10/06 12:56

il mio problema era ke mi si disconneteva sempre da internet, ma è da ieri ke nn lo fa più. Però adesso nn so se tu da quei logfile riesci ad individuare altri problemi.... Dimmi tu...
falcodellanotte
Newbie
 
Post: 9
Iscritto il: 11/10/06 22:22

Postdi Luke57 » 13/10/06 14:21

Ciao, fai questo controllo:
apri hijackthis, premi "open the misc tools section", "open unistall manager", cechi tra le applicazioni
linkoptimizer
Connection services
Power Verify
qualsiasi voce trovi di queste, la evidenzi e premi "delete this entry".
Se non trovi niente, meglio. Posta poi nuovo log di hiajckthis per ulteriore controllo.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi falcodellanotte » 13/10/06 16:40

tra le voce ke mi hai segnato ho trovato solo questa Connection services e l ho eliminata... questo è il nuovo log

Logfile of HijackThis v1.99.1
Scan saved at 17.36.45, on 13/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\VEXPLITE\MONLITE.EXE
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\VMware\VMware Workstation\vmware-authd.exe
C:\Programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\wscntfy.exe
E:\d\software\MxMonitor ITA1\MxMonitor ITA\MXMoniE.exe
E:\d\software\WinMX\WinMX.exe
C:\Programmi\Shareguard\ShareGuard.exe
E:\mIRC\mirc.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Mozilla Firefox\plugins\GetFlash.exe
C:\Programmi\Mozilla Firefox\firefox.exe
H:\winmx\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.overture.com/d/search/p/befr ... omo=befree
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.overture.com/d/search/p/befr ... omo=befree
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {45FF61C5-BFA8-D105-A87A-F6F252964450} - C:\WINDOWS\vxuvh1.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Programmi\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Capture Page to Onfolio... - res://C:\Programmi\Onfolio\Onfolio.WindowsResources.dll/AddLinkEntryFromDocument.html
O8 - Extra context menu item: Capt&ure Target to Onfolio... - res://C:\Programmi\Onfolio\Onfolio.WindowsResources.dll/AddEntryFromDocumentElement.html
O8 - Extra context menu item: Capture &Snippet to Onfolio... - res://C:\Programmi\Onfolio\Onfolio.WindowsResources.dll/AddEntryFromDocumentSelection.html
O8 - Extra context menu item: Capture Ima&ge to Onfolio... - res://C:\Programmi\Onfolio\Onfolio.WindowsResources.dll/AddEntryFromDocumentElement.html
O8 - Extra context menu item: Capture Page and Selected &Links to Onfolio... - res://C:\Programmi\Onfolio\Onfolio.WindowsResources.dll/AddSiteSnippetFromDocumentSelection.html
O8 - Extra context menu item: Capture Selected Ite&ms to Onfolio... - res://C:\Programmi\Onfolio\Onfolio.WindowsResources.dll/AddMultipleEntriesFromDocumentSelection.html
O8 - Extra context menu item: Capture Site to &Onfolio... - res://C:\Programmi\Onfolio\Onfolio.WindowsResources.dll/AddSiteFromDocument.html
O14 - IERESET.INF: START_PAGE_URL=http://www.overture.com/d/search/p/befree/?Promo=befree00088981906563281284&Keywords=Home+Page&Go=Go&Promo=befree
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {EC52F7A4-27A7-4319-9BA1-E7FE5C90D3AC} - http://td8eau9td.com/f5705372/50310/1/xp/FreeAccess.ocx
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B081140-5585-45C3-B5E7-B03E9401D848}: NameServer = 213.205.36.70 213.205.32.70
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas http://www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Programmi\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Ancora un ringraziamento x le tue risposte datemi...
falcodellanotte
Newbie
 
Post: 9
Iscritto il: 11/10/06 22:22

Postdi Luke57 » 14/10/06 07:35

Ciao, con hijackthis, premi "do a system scan only", cerca e spunta questa voce:
O2 - BHO: Class - {45FF61C5-BFA8-D105-A87A-F6F252964450} - C:\WINDOWS\vxuvh1.dll (file missing)

premi fix checked.

Riavvia il computer e posta nuvo log.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi falcodellanotte » 14/10/06 13:39

eccomi qua e di seguito posto il nuovo logfile:

Logfile of HijackThis v1.99.1
Scan saved at 14.38.50, on 14/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\VEXPLITE\MONLITE.EXE
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\VMware\VMware Workstation\vmware-authd.exe
C:\Programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\wscntfy.exe
E:\d\software\MxMonitor ITA1\MxMonitor ITA\MXMoniE.exe
E:\d\software\WinMX\WinMX.exe
C:\Programmi\Shareguard\ShareGuard.exe
E:\mIRC\mirc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Mozilla Firefox\plugins\GetFlash.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
H:\mirc\BOT_FOSSA\BOT FOSSA\mirc.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
H:\winmx\HijackThis.exe
C:\Programmi\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.overture.com/d/search/p/befr ... omo=befree
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.overture.com/d/search/p/befr ... omo=befree
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Programmi\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Capture Page to Onfolio... - res://C:\Programmi\Onfolio\Onfolio.WindowsResources.dll/AddLinkEntryFromDocument.html
O8 - Extra context menu item: Capt&ure Target to Onfolio... - res://C:\Programmi\Onfolio\Onfolio.WindowsResources.dll/AddEntryFromDocumentElement.html
O8 - Extra context menu item: Capture &Snippet to Onfolio... - res://C:\Programmi\Onfolio\Onfolio.WindowsResources.dll/AddEntryFromDocumentSelection.html
O8 - Extra context menu item: Capture Ima&ge to Onfolio... - res://C:\Programmi\Onfolio\Onfolio.WindowsResources.dll/AddEntryFromDocumentElement.html
O8 - Extra context menu item: Capture Page and Selected &Links to Onfolio... - res://C:\Programmi\Onfolio\Onfolio.WindowsResources.dll/AddSiteSnippetFromDocumentSelection.html
O8 - Extra context menu item: Capture Selected Ite&ms to Onfolio... - res://C:\Programmi\Onfolio\Onfolio.WindowsResources.dll/AddMultipleEntriesFromDocumentSelection.html
O8 - Extra context menu item: Capture Site to &Onfolio... - res://C:\Programmi\Onfolio\Onfolio.WindowsResources.dll/AddSiteFromDocument.html
O14 - IERESET.INF: START_PAGE_URL=http://www.overture.com/d/search/p/befree/?Promo=befree00088981906563281284&Keywords=Home+Page&Go=Go&Promo=befree
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {EC52F7A4-27A7-4319-9BA1-E7FE5C90D3AC} - http://td8eau9td.com/f5705372/50310/1/xp/FreeAccess.ocx
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B081140-5585-45C3-B5E7-B03E9401D848}: NameServer = 213.205.36.70 213.205.32.70
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas http://www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Programmi\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Grazie ancora
falcodellanotte
Newbie
 
Post: 9
Iscritto il: 11/10/06 22:22

Postdi Luke57 » 14/10/06 14:14

Ciao, adesso sembra sgombro da infezioni.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi falcodellanotte » 14/10/06 15:14

Uhmmm... ok finalmente. Grazie luke57 sei stato molto gentile ad aiutarmi...
forum molto interessante grazie ancora.
falcodellanotte
Newbie
 
Post: 9
Iscritto il: 11/10/06 22:22

Postdi arcenciel » 17/10/06 13:27

Buon giorno a tutti,
qlc puo' gentilmente leggere il mio log? da un paio di gg mi si disconnettepesso....penso un dialer ....Grazie Mille!



sLogfile of HijackThis v1.99.1
Scan saved at 14.26.27, on 17/10/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\TEMP\idd1D.tmp.exe
C:\WINDOWS\TEMP\win24.tmp.exe
C:\Documents and Settings\antonella\Desktop\jack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ludonet.leonardo.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programmi\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programmi\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [NoAdware4] "C:\Programmi\NoAdware4\NoAdware4.exe" :Min:
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programmi\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1145836580
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://arcade.icq.com/online2/bejeweled ... der_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A243E8B-AD2D-4C3A-A25D-68100BF2D10B}: NameServer = 213.205.32.70 213.205.36.70
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: winyod32 - C:\WINDOWS\SYSTEM32\winyod32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
arcenciel
Utente Junior
 
Post: 15
Iscritto il: 20/07/06 15:28

Postdi andorra24 » 17/10/06 14:37

Apri hijackthis, premi su ''open the misc tools section'', poi premi ''open process manager'', individua le voci indicate sotto e premi ''kill process'':

C:\WINDOWS\TEMP\idd1D.tmp.exe
C:\WINDOWS\TEMP\win24.tmp.exe

Poi vai in basso e premi il tasto back e subito dopo il tasto scan. Metti la spunta nella casellina accanto alla voce indicata sotto e dopo aver chiuso il browser e ogni altro programma aperto premi ''fix checked'':

O20 - Winlogon Notify: winyod32 - C:\WINDOWS\SYSTEM32\winyod32.dll

Vai su start/risorse del computer/strumenti/opzioni cartella/visualizzazione e metti la spunta su visualizza cartelle file nascosti e togli la spunta da ''nascondi i file protetti di sistema''.

Scarica ATF Cleaner da qui:
http://www.atribune.org/ccount/click.php?id=1
Avvia ATF cleaner, clicca sul menu "main" e poi seleziona la casella
"Select All". Adesso clicca sul pulsante "Empty selected" e aspetta il
messaggio "Done Cleaning!".

Scarica killbox da qui: http://www.killbox.net/downloads/KillBox.exe
con killbox elimina i seguenti files:
C:\WINDOWS\TEMP\idd1D.tmp.exe
C:\WINDOWS\TEMP\win24.tmp.exe
C:\WINDOWS\SYSTEM32\winyod32.dll

Fai una scansione con superantispyware:
http://www.superantispyware.com/downloa ... PYWAREFREE
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo


Torna a Sicurezza e Privacy


Topic correlati a "logfile hijackthis":

Analisi log HijackThis
Autore: Sanko
Forum: Sicurezza e Privacy
Risposte: 2
Pc lento e Hijackthis
Autore: Flopez
Forum: Assistenza Hardware
Risposte: 3
HijackThis
Autore: franco58
Forum: Sistemi Operativi Windows
Risposte: 0
HijackThis
Autore: rino86
Forum: Sicurezza e Privacy
Risposte: 4

Chi c’è in linea

Visitano il forum: Nessuno e 12 ospiti