Condividi:        

controllo log file x favore

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

controllo log file x favore

Postdi ventodelsud » 14/08/06 13:19

ciao a tutti

x favore qualcuno può dare un'occhiata al mio log file x un controllo???

c'è qualcosa da eliminare ????

grzie un abbraccio grande

Logfile of HijackThis v1.99.1
Scan saved at 14.18.41, on 14/08/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
c:\programmi\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
C:\PROGRA~1\MediaKey\MediaKey.EXE
C:\Program Files\Libero\Adsl\dslstat.exe
C:\Program Files\Libero\Adsl\dslagent.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Logitech\Video\LogiTray.exe
C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
C:\WINDOWS\System32\LVComsX.exe
C:\Programmi\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\giulia\Documenti\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://liberomail.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {79D5FD0B-EDC6-268C-D5B0-84099F83436C} - C:\WINDOWS\xlixg1.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LWBMOUSE] C:\Programmi\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [MediaKey] C:\PROGRA~1\MediaKey\MediaKey.EXE
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Libero\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Libero\Adsl\dslagent.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmi\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmi\Logitech\Video\ISStart.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmi\Logitech\Video\ManifestEngine.exe boot
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.olidata.it
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/ ... acscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 0424360437
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... Client.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://213.82.168.210:8001/activex/AxisCamControl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b31267.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Shared ... /cabsa.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylo ... loader.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescan ... roinst.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F49BFC6B-F2C0-4592-B0BF-3C82F332C2B2} (TwoWeb2.WebTwo2) - http://www.ilmiodomani.com/cab/TwoWeb2_oro.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{366866F6-4D08-468B-95B0-7151324D661D}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\programmi\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
O23 - Service: WebJao - Unknown owner - \\?\C:\Programmi\File comuni\System\lpt4.exe (file missing)
ventodelsud
Utente Junior
 
Post: 91
Iscritto il: 26/04/06 09:20

Sponsor
 

Postdi Luke57 » 14/08/06 13:43

Ciao, puoi fare questa verifica?Da risorse del computer>pannello di controllo>installazioni/applicazioni, verifica la presenza di LinkOptimizer; se ci fosse non provare a disistallarlo.

Da
start>esegui>control userpassword2>OK
nella finestra Account Utente, verifica le utenze (Administrators, Utente, Aspnet sono regolari), se la trovi una con nome casuale, tipo XPGZQ e via dicendo faccelo sapre sapere.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi ventodelsud » 14/08/06 13:47

ciaoluke grzie x avermi risposto....

ho controllato, purtroppo c'è :( mi appare in installazioni aplicazioni LInkOptimizer

sto effettuando una scansione con bitdifender

cosa devo fare ? :(
ventodelsud
Utente Junior
 
Post: 91
Iscritto il: 26/04/06 09:20

Postdi Luke57 » 14/08/06 14:00

Ciao, intanto finisci la scansione con bitdefender

Scarica MyUninstaller da qui:

http://www.nirsoft.net/utils/myuninst.html

con questo programmino potrai disistallare LinkOptimizer.
Apri il programma (click su myuninst.exe, attendi che vengono elencate le applicazioni presenti, evidenzi Linkoptimizer, click con il dx e scegli Delected)

Fammi sapere se la disistallazione è riuscita

Poi, scarica Gmer :
http://www.gmer.net/gmer110.zip
Dopo averlo scompattato, lo avvii, selezioni "Rootkit"
Clicca su "Scan"
Attendi la fine della scansione e clicca su "Copy"
Apri il block notes di windows, clicca su modifica e seleziona incolla
Adesso seleziona tutto il contenuto del block notes e fai un copia e incolla nel forum

Allega anche il log fatto dalla posizione Autostart, con le stesse procedure del precedente.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi ventodelsud » 14/08/06 14:58

Luke....

ho fatto la scansione con bit difender questo è il risultato

BitDefender Online Scanner



Scan report generated at: Mon, Aug 14, 2006 - 15:28:52





Scan path: A:\;C:\;D:\;E:\;







Statistics

Time
00:56:56

Files
371167

Folders
5885

Boot Sectors
2

Archives
7324

Packed Files
33285




Results

Identified Viruses
4

Infected Files
8

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
7




Engines Info

Virus Definitions
444449

Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Scan plugins
13

Archive plugins
39

Unpack plugins
5

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\WINDOWS\system32\bios.rom
Infected with: Backdoor.BotGet.FtpB.Gen

C:\WINDOWS\system32\bios.rom
Deleted

C:\WINDOWS\hosts
Infected with: Trojan.Qhosts.HE

C:\WINDOWS\hosts
Disinfection failed

C:\WINDOWS\hosts
Delete failed

C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\7HIJB3VW\idlkqaakm[1].txt
Infected with: Trojan.Qhosts.HE

C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\7HIJB3VW\idlkqaakm[1].txt
Deleted

C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\7HIJB3VW\qygseikhki[1].htm
Infected with: Trojan.SpySheriff.C

C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\7HIJB3VW\qygseikhki[1].htm
Disinfection failed

C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\7HIJB3VW\qygseikhki[1].htm
Deleted

C:\Documents and Settings\giulia\Impostazioni locali\Temp\ewido_quarantine\filFCF9FC64.dat=>(gzip)
Infected with: Trojan.PWS.Sinowal.F

C:\Documents and Settings\giulia\Impostazioni locali\Temp\ewido_quarantine\filFCF9FC64.dat=>(gzip)
Disinfection failed

C:\Documents and Settings\giulia\Impostazioni locali\Temp\ewido_quarantine\filFCF9FC64.dat=>(gzip)
Deleted

C:\Documents and Settings\giulia\Impostazioni locali\Temp\ewido_quarantine\filFCF9FC64.dat
Update failed

C:\Documents and Settings\giulia\Impostazioni locali\Temp\ewido_quarantine\filDE064F29.dat=>(gzip)
Infected with: Trojan.PWS.Sinowal.F

C:\Documents and Settings\giulia\Impostazioni locali\Temp\ewido_quarantine\filDE064F29.dat=>(gzip)
Disinfection failed

C:\Documents and Settings\giulia\Impostazioni locali\Temp\ewido_quarantine\filDE064F29.dat=>(gzip)
Deleted

C:\Documents and Settings\giulia\Impostazioni locali\Temp\ewido_quarantine\filDE064F29.dat
Update failed

C:\Documents and Settings\giulia\Impostazioni locali\Temp\ewido_quarantine\filA52557D1.dat=>(gzip)
Infected with: Trojan.PWS.Sinowal.F

C:\Documents and Settings\giulia\Impostazioni locali\Temp\ewido_quarantine\filA52557D1.dat=>(gzip)
Disinfection failed

C:\Documents and Settings\giulia\Impostazioni locali\Temp\ewido_quarantine\filA52557D1.dat=>(gzip)
Deleted

C:\Documents and Settings\giulia\Impostazioni locali\Temp\ewido_quarantine\filA52557D1.dat
Update failed

C:\Program Files\secure32.html
Infected with: Trojan.SpySheriff.C

C:\Program Files\secure32.html
Disinfection failed

C:\Program Files\secure32.html
Deleted



_______

poi ho disistallato il Linkoptimezer con il programma che mi hai detto unistaller, ho controllato in pannelo di controlo non c'è più.

_____

poi ho usato gmer questo è il log del Rootkit

GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-08-14 15:52:12
Windows 5.1.2600 Service Pack 1


---- System - GMER 1.0.10 ----

SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwCreateKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwDeleteKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwDeleteValueKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwEnumerateKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwEnumerateValueKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwOpenKey
SSDT \??\C:\Programmi\ewido anti-malware\guard.sys ZwOpenProcess
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwQueryKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwQueryValueKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwSetValueKey
SSDT \??\C:\WINDOWS\System32\DRIVERS\PavProc.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\System32\DRIVERS\PavProc.sys ZwTerminateThread
SSDT \??\C:\WINDOWS\System32\PavSRK.sys ZwWriteVirtualMemory

---- Devices - GMER 1.0.10 ----

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE [F9D4A7D2] ShldDrv.SYS
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA [F9D4AB9A] ShldDrv.SYS
Device \Driver\Modem \Device\00000062 IRP_MJ_QUERY_INFORMATION [F9F399D4] COMFiltr.sys
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F9D4A7D2] ShldDrv.SYS
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F9D4AB9A] ShldDrv.SYS
---- Processes - GMER 1.0.10 ----

Library C:\WINDOWS\xlixg1.dll (*** hidden *** ) @ C:\Programmi\Internet Explorer\iexplore.exe [1048] 0x021B0000 <-- ROOTKIT !!!
Library C:\WINDOWS\xlixg1.dll (*** hidden *** ) @ C:\WINDOWS\explorer.exe [1520] 0x01E00000 <-- ROOTKIT !!!

---- Files - GMER 1.0.10 ----

File C:\WINDOWS\system32\com2.szq
File C:\WINDOWS\xlixg1.dll

---- EOF - GMER 1.0.10 ----
________

questo invece il log dell' Autostart

GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-08-14 15:57:24
Windows 5.1.2600 Service Pack 1


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@Shellexplorer.exe = explorer.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avldr@DLLName = avldr.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs = \\?\C:\WINDOWS\System32\com2.szq

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
ewido security suite control /*ewido security suite control*/@ = C:\Programmi\ewido anti-malware\ewidoctrl.exe
MDM /*Machine Debug Manager*/@ = "C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe"
NVSvc /*NVIDIA Driver Helper Service*/@ = %SystemRoot%\System32\nvsvc32.exe
PAVFNSVR /*Panda Function Service*/@ = "C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe"
PavPrSrv /*Panda Process Protection Service*/@ = "C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe"
PAVSRV /*Panda anti-virus service*/@ = "C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe"
PNMSRV /*Panda Network Manager*/@ = "c:\programmi\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE"
PSIMSVC /*Panda IManager Service*/@ = "C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe"
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
TPSrv /*Panda TPSrv*/@ = "C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe"
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\System32\wdfmgr.exe
WebJao /*WebJao*/@ = "\\?\C:\Programmi\File comuni\System\lpt4.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@LWBMOUSEC:\Programmi\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE = C:\Programmi\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
@MediaKeyC:\PROGRA~1\MediaKey\MediaKey.EXE = C:\PROGRA~1\MediaKey\MediaKey.EXE
@DSLSTATEXEC:\Program Files\Libero\Adsl\dslstat.exe icon /*file not found*/ = C:\Program Files\Libero\Adsl\dslstat.exe icon /*file not found*/
@DSLAGENTEXEC:\Program Files\Libero\Adsl\dslagent.exe = C:\Program Files\Libero\Adsl\dslagent.exe
@APVXDWIN"C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s = "C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
@SunJavaUpdateSchedC:\Programmi\Java\jre1.5.0_06\bin\jusched.exe = C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@LogitechVideoTrayC:\Programmi\Logitech\Video\LogiTray.exe = C:\Programmi\Logitech\Video\LogiTray.exe
@LogitechVideoRepairC:\Programmi\Logitech\Video\ISStart.exe = C:\Programmi\Logitech\Video\ISStart.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run@LogitechSoftwareUpdate = C:\Programmi\Logitech\Video\ManifestEngine.exe boot

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{54D9498B-CF93-414F-8984-8CE7FDE0D391} = C:\Programmi\ewido anti-malware\shellhook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll
@{A4DF5659-0801-4A60-9607-1C48695EFDA9} /*Cartella di caricamento Share-to-Web*/C:\Programmi\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL = C:\Programmi\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\Programmi\Microsoft Office\Office10\OLKFSTUB.DLL = C:\Programmi\Microsoft Office\Office10\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\Office10\msohev.dll = C:\Programmi\Microsoft Office\Office10\msohev.dll
@{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3} /*Immagini Logitech*/C:\Programmi\Logitech\Video\Namespc2.dll = C:\Programmi\Logitech\Video\Namespc2.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{65756541-C65C-11CD-0000-4B656E696100} /*Panda Antivirus*/C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\ShellTit.DLL = C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\ShellTit.DLL
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0792.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0792.00.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
ewido@{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Programmi\ewido anti-malware\context.dll
IMMenuShellExt@{F8984111-38B6-11D5-8725-0050DA2761C4} = C:\Programmi\IncrediMail\bin\IMShExt.dll
Panda Antivirus@{65756541-C65C-11CD-0000-4B656E696100} = C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\ShellTit.DLL
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
ewido@{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Programmi\ewido anti-malware\context.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
Panda Antivirus@{65756541-C65C-11CD-0000-4B656E696100} = C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\ShellTit.DLL
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx = C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
@{79D5FD0B-EDC6-268C-D5B0-84099F83436C}C:\WINDOWS\xlixg1.dll = C:\WINDOWS\xlixg1.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\System32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Plugins\Extension\.spop@Location = C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URL =
@Start Pagehttp://www.msn.com = http://www.msn.com
@Local Page =

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URL =
@Start Pagehttp://liberomail.libero.it/ = http://liberomail.libero.it/
@Local Page =

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
cdo@CLSID = C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL
dvd@CLSID = C:\WINDOWS\System32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
tv@CLSID = C:\WINDOWS\System32\msvidctl.dll
vnd.ms.radio@CLSID = C:\WINDOWS\System32\msdxm.ocx
wia@CLSID = C:\WINDOWS\System32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavlsp.dll
000000000002@PackedCatalogItem = C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavlsp.dll
000000000003@PackedCatalogItem = C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavlsp.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021@PackedCatalogItem = C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavlsp.dll

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Microsoft Office.lnk = Microsoft Office.lnk
Adobe Gamma Loader.lnk = Adobe Gamma Loader.lnk
NkbMonitor.exe.lnk = NkbMonitor.exe.lnk
officejet 6100.lnk = officejet 6100.lnk
hp psc 2000 Series.lnk = hp psc 2000 Series.lnk

---- EOF - GMER 1.0.10 ----

_______

infine ti aggiungo il nuovo logfile con HijachThis, dimmi se devo spulciare qualche voce.

Logfile of HijackThis v1.99.1
Scan saved at 15.58.30, on 14/08/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
c:\programmi\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
C:\PROGRA~1\MediaKey\MediaKey.EXE
C:\Program Files\Libero\Adsl\dslstat.exe
C:\Program Files\Libero\Adsl\dslagent.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Logitech\Video\LogiTray.exe
C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
C:\WINDOWS\System32\LVComsX.exe
C:\Programmi\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\giulia\Documenti\gmer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\giulia\Documenti\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://liberomail.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {79D5FD0B-EDC6-268C-D5B0-84099F83436C} - C:\WINDOWS\xlixg1.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LWBMOUSE] C:\Programmi\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [MediaKey] C:\PROGRA~1\MediaKey\MediaKey.EXE
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Libero\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Libero\Adsl\dslagent.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmi\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmi\Logitech\Video\ISStart.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmi\Logitech\Video\ManifestEngine.exe boot
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.olidata.it
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/ ... acscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 0424360437
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... Client.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://213.82.168.210:8001/activex/AxisCamControl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b31267.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Shared ... /cabsa.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylo ... loader.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescan ... roinst.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F49BFC6B-F2C0-4592-B0BF-3C82F332C2B2} (TwoWeb2.WebTwo2) - http://www.ilmiodomani.com/cab/TwoWeb2_oro.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{366866F6-4D08-468B-95B0-7151324D661D}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\programmi\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
O23 - Service: WebJao - Unknown owner - \\?\C:\Programmi\File comuni\System\lpt4.exe (file missing)
ventodelsud
Utente Junior
 
Post: 91
Iscritto il: 26/04/06 09:20

Postdi Luke57 » 14/08/06 15:46

Ciao, prova a eseguire queste operazioni:

1)Start>esegui>control userpasswords2>OK
Nella finestra Account utente, dovresti avere un'utenza sospetta con nome casuale (oltre le consuete Administrators e Utente, Aspnet), tipo XYZFG. Segnati il nome dell'utenza ed eliminala (click con il destro e scegli elimina);

2) Rendi visibili file e cartelle nascosti:

da gestione del computer>strumenti>Opzioni Cartella
Seleziona Visualizza
Spunta "mostra file e cartelle nascoste"
Togli la spunta da "nascondi file protetti di sistema (consigliato)
Premi OK
Vai in C:\Documents and Settings, dovresti trovare una cartella con lo stesso nome dell'utenza, elimina anch'essa

4) scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip
scompatta il file.zip
Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte in neretto:


Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\WebJao
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{79D5FD0B-EDC6-268C-D5B0-84099F83436C}}

Files to delete:
C:\WINDOWS\system32\com2.szq
File C:\WINDOWS\xlixg1.dll
C:\Programmi\File comuni\System\lpt4.exe



Clicca sul pulsante Done
Clicca 2 volte sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente


Posta il log di Avenger (C:/avenger.txt) con l´esito dello script



con hijackthis, premi Open the misc tools section, poi clicca su Open Ads Spy e togli la spunta dalla casella Quick Scan, se trovi il file C:\WINDOWS\system32\com2.szq
lo selezioni e premi Remove Selected
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi ventodelsud » 14/08/06 16:35

allora ho fatto quello che mi hai deto fino all'utilizzo di avenger

quando il pc si è riavviato mi è apparsa questa schermata all'avvio
Immagine

ti posto così il nuovo log file con hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 17.35.40, on 14/08/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
c:\programmi\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\apvxdwin.exe
C:\Programmi\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
C:\PROGRA~1\MediaKey\MediaKey.EXE
C:\Program Files\Libero\Adsl\dslstat.exe
C:\Program Files\Libero\Adsl\dslagent.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Logitech\Video\LogiTray.exe
C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\WINDOWS\System32\LVComsX.exe
C:\Programmi\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\giulia\Documenti\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://liberomail.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=explorer.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LWBMOUSE] C:\Programmi\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [MediaKey] C:\PROGRA~1\MediaKey\MediaKey.EXE
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Libero\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Libero\Adsl\dslagent.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmi\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmi\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [kuuklpfq] C:\tulcobxs.bat
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmi\Logitech\Video\ManifestEngine.exe boot
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.olidata.it
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/ ... acscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 0424360437
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... Client.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://213.82.168.210:8001/activex/AxisCamControl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b31267.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Shared ... /cabsa.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylo ... loader.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescan ... roinst.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F49BFC6B-F2C0-4592-B0BF-3C82F332C2B2} (TwoWeb2.WebTwo2) - http://www.ilmiodomani.com/cab/TwoWeb2_oro.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{366866F6-4D08-468B-95B0-7151324D661D}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\programmi\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Programmi\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe



HO ANCORA PROBLEMI ????
ventodelsud
Utente Junior
 
Post: 91
Iscritto il: 26/04/06 09:20

Postdi ventodelsud » 14/08/06 17:48

questo è il log di avenger



//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 1813
Line: {79D5FD0B-EDC6-268C-D5B0-84099F83436C}}


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\kafuqdag

*******************

Script file located at: \??\C:\Documents and Settings\tuuqrcpa.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Registry key HKLM\SYSTEM\CurrentControlSet\Services\WebJao deleted successfully.
File C:\WINDOWS\system32\com2.szq deleted successfully.


Could not open file File C:\WINDOWS\xlixg1.dll for deletion
Deletion of file File C:\WINDOWS\xlixg1.dll failed!

Could not process line:
File C:\WINDOWS\xlixg1.dll
Status: 0xc000003a

File C:\Programmi\File comuni\System\lpt4.exe deleted successfully.
Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
ventodelsud
Utente Junior
 
Post: 91
Iscritto il: 26/04/06 09:20

Postdi Luke57 » 15/08/06 10:07

Ciao, con hiajckthis elimina queste voci:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing

Se hai fatto tutte le altre operazioni, dovresti essere a posto. Comunque, nella cartella
C:\Programmi\File comuni\System
verifica se ci sono altri files con estensioni .exe colorati di verde. Fammelo sapere.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi ventodelsud » 15/08/06 13:37

ciao luke non ho nessun elemento colorato di verde con estensione .exe nella cartella che mi hai indicato.

ho fatto quelo che mi hai detto.

ho anche scaricato di mia iniziativa la patch per impedire altri attacchi di linkoptimizer

tuttavia adesso ogni volta che riavvio mi esce questa schermata.

come devo fare ???? non è che dipende da qualche comando scritto male che mi hai suggerito ??? :(

Immagine
ventodelsud
Utente Junior
 
Post: 91
Iscritto il: 26/04/06 09:20

Postdi Luke57 » 15/08/06 16:12

Ciao, guarda in:
start>esegui>msconfig>OK, nella tabella Avvio, se hai qualche riferimento ad Avenger, se così fosse togli la spunta.
Nella cartella C:\Avenger che cosa hai?
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi ventodelsud » 15/08/06 17:10

ciao

all'avvio non mi parte nulal di avenger ma mi sono accorta che mi parte un file tulcobsx.bat

l'ho fissato con hijackthis...... ma intanto ho notato che continuo ad averlo sul pc.....
ventodelsud
Utente Junior
 
Post: 91
Iscritto il: 26/04/06 09:20

Postdi Luke57 » 15/08/06 18:55

Ciao, eliminalo anche dal pc, dovrebbe essere di Avenger. Ti partiva in esecuzione automatica.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi ventodelsud » 15/08/06 21:22

penso di aver risolto finalmente....

Luke senza di te non so come farei....ti ringrazio fortissimamemnte per tutta la procedura che mi hai suggerito e le azioni da fare

sei bravissimo tu e tutti gli altri moderatori del forum...siete dei grandi

:)
ventodelsud
Utente Junior
 
Post: 91
Iscritto il: 26/04/06 09:20


Torna a Sicurezza e Privacy


Topic correlati a "controllo log file x favore":


Chi c’è in linea

Visitano il forum: Nessuno e 33 ospiti