Il mio log hijackThis

di **Shadow Dancer** » 21/09/06 21:13

Potete aiutarmi a "pulire" il mio pc? Un grazie in anticipo.

Logfile of HijackThis v1.99.1
Scan saved at 22.08.13, on 21/09/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\WINXP\System32\CTsvcCDA.EXE
C:\WINXP\system32\pctspk.exe
C:\WINXP\Explorer.EXE
C:\WINXP\System32\svchost.exe
C:\WINXP\System32\MsPMSPSv.exe
C:\Programmi\Creative\ShareDLL\CtNotify.exe
C:\WINXP\System32\rundll32.exe
C:\Programmi\DC1300\DCMnt1_0\DC1300mi.exe
C:\Programmi\Creative\ShareDLL\MediaDet.Exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINXP\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINXP\System32\devldr32.exe
C:\WINXP\System32\wuauclt.exe
C:\WINXP\System32\wuauclt.exe
C:\Programmi\Windows Live Toolbar\msn_sl.exe
C:\Programmi\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.otherchance.com/?rid=239
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINXP\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINXP\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Programmi\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AHQInit] C:\Programmi\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [RealTray] C:\Programmi\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [DC1300 Monitor] C:\Programmi\DC1300\DCMnt1_0\DC1300mi.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ÿ_zskAJQ^QN]AVBIKOBO] C:\WINXP\System32\_zskwrkni05\OBOKIBVA]NQ^QJA.exe
O4 - HKLM\..\RunServices: [ÿ_zskAJQ^QN]AVBIKOBO] C:\WINXP\System32\_zskwrkni05\OBOKIBVA]NQ^QJA.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINXP\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BPMInit] BpmInit.exe C:\PROGRA~1\ALCATech\BPM-ST~1
O4 - HKCU\..\Run: [ÿ_zskAJQ^QN]AVBIKOBO] C:\WINXP\System32\_zskwrkni05\OBOKIBVA]NQ^QJA.exe
O4 - HKCU\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINXP\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.archiviosex.net
O15 - Trusted Zone: http://www.otherchance.com
O15 - Trusted Zone: http://www.redfunny.com
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.alice.it/download/D ... ctiveX.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.trafficredlight.net/10714-23.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://deposito.hostance.net/dialer/10714-23.exe
O17 - HKLM\System\CS2\Services\Tcpip\..\{0423BC71-3273-4396-8E54-3272D9A61A79}: NameServer = 85.37.17.58 85.38.28.94
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINXP\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINXP\System32\CTsvcCDA.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NetFfn - Unknown owner - \\?\C:\Programmi\File comuni\Services\com2.exe (file missing)
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINXP\system32\pctspk.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\Sptisrv.exe

di **Luke57** » 21/09/06 21:33

Ciao, sospetto un'infezione da linkoptimizer; allora
scarica Gmer :
http://www.gmer.net/gmer111.zip

Dopo averlo scompattato, lo avvii, selezioni "Rootkit" nella tabella dei Menu
Clicca su "Scan"
Attendi la fine della scansione e clicca su "Copy"
Apri il block notes di windows, clicca su modifica e seleziona incolla

Poi fai una scansione con GMer dalla posizione Autostart, con le stesse procedure del precedente. Incolli il log generato nel suddetto block notes e poi incolli i due log in un post nel forum.

di **Shadow Dancer** » 22/09/06 08:27

Ora quando mi connetto a internet c'è una finestrella (W1inMoviePlugIn) che mi collega a un sito porno. :aaah

Allora, appena ho aperto Gmer c'erano queste voci scritte in rosso:

Type/Name/Value

Process SVCHOST.EXE (***hidden***) [744] 815C4558
Process CSRSS.EXE (***hidden***) [460] 81638D70
Process SPOOLSV.EXE (***hidden***) [1100] 81646DA8
Process SVCHOST.EXE (***hidden***) [1420] 8165ADA8
Process WINLOGON.EXE (***hidden***) [484] 815961E8
Process SVCHOST.EXE (***hidden***) [824] 8160BDA8
Process SVCHOST.EXE (***hidden***) [812] 814E3020
Process SERVICES.EXE (***hidden***) [536] 815EF3C8
Process LSASS.EXE (***hidden***) [548# 815F3B18
Process PCTSPK.EXE (***hidden***) [1352] 8171F6F0
Process wuauclt.exe (***hidden***) [988] 815D4020
Process SVCHOST.EXE (***hidden***) [700] 8161D980
Process System (***hidden***) [4] 817CEA08

E mi è apparso questo pop-up:

WARNING!

GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system?

SI – NO

Al termine della scansione quest'altro pop-up:

WARNING!
GMER has found system modification caused by ROOTKIT activity.

Scansione Autostart:

GMER 1.0.11.11349 - http://www.gmer.net
Autostart 2006-09-22 09:17:59
Windows 5.1.2600

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINXP\system32\userinit.exe,

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
aswUpdSv /*avast! iAVS4 Control Service*/@ = "C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe"
Creative Service for CDROM Access /*Creative Service for CDROM Access*/@ = C:\WINXP\System32\CTsvcCDA.EXE
NetFfn /*NetFfn*/@ = "\\?\C:\Programmi\File comuni\Services\com2.exe" /*file not found*/
Pctspk /*PCTEL Speaker Phone*/@ = %SystemRoot%\system32\pctspk.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
WMDM PMSP Service /*WMDM PMSP Service*/@ = C:\WINXP\System32\MsPMSPSv.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@NeroCheckC:\WINXP\System32\NeroCheck.exe = C:\WINXP\System32\NeroCheck.exe
@Disc DetectorC:\Programmi\Creative\ShareDLL\CtNotify.exe ??? X ? ? ? ? ? C ??? Disc Detector B ??A ? ??A p?? ??B ??@ $?@ ? C ??? U?@ ? ??? @?B ??A ? ??A ??? ??B ??@ P $?@ ??? ? ?E?w @ ? ? ? ? ? ?? ??B ??? ?????? ??B = C:\Programmi\Creative\ShareDLL\CtNotify.exe ??? X ? ? ? ? ? C ??? Disc Detector B ??A ? ??A p?? ??B ??@ $?@ ? C ??? U?@ ? ??? @?B ??A ? ??A ??? ??B ??@ P $?@ ??? ? ?E?w @ ? ? ? ? ? ?? ??B ??? ?????? ??B
@AHQInitC:\Programmi\Creative\SBLive\Program\AHQInit.exe = C:\Programmi\Creative\SBLive\Program\AHQInit.exe
@RealTrayC:\Programmi\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER /*file not found*/ = C:\Programmi\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER /*file not found*/
@AdslTaskBarrundll32.exe stmctrl.dll,TaskBar = rundll32.exe stmctrl.dll,TaskBar
@DC1300 MonitorC:\Programmi\DC1300\DCMnt1_0\DC1300mi.exe = C:\Programmi\DC1300\DCMnt1_0\DC1300mi.exe
@avast!C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@?_zskAJQ^QN]AVBIKOBO(null) =
@aoueiC:\Documents and Settings\Argentieri Donato\Dati applicazioni\ratorefaci\sysrtmvs.exe = C:\Documents and Settings\Argentieri Donato\Dati applicazioni\ratorefaci\sysrtmvs.exe
RunServices@?_zskAJQ^QN]AVBIKOBO =

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINXP\System32\ctfmon.exe = C:\WINXP\System32\ctfmon.exe
@MSMSGS"C:\Programmi\Messenger\msmsgs.exe" /background = "C:\Programmi\Messenger\msmsgs.exe" /background
@BPMInitBpmInit.exe C:\PROGRA~1\ALCATech\BPM-ST~1 = BpmInit.exe C:\PROGRA~1\ALCATech\BPM-ST~1
@?_zskAJQ^QN]AVBIKOBO(null) =
@SweetIMC:\Programmi\Macrogaming\SweetIM\SweetIM.exe /*file not found*/ = C:\Programmi\Macrogaming\SweetIM\SweetIM.exe /*file not found*/

HKLM\Software\Classes\.hta@ = HemeraThumbnail.Archive

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~1\Office\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~1\Office\OLKFSTUB.DLL
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WinZip\WZSHLSTB.DLL = C:\PROGRA~1\WinZip\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WinZip\WZSHLSTB.DLL = C:\PROGRA~1\WinZip\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WinZip\WZSHLSTB.DLL = C:\PROGRA~1\WinZip\WZSHLSTB.DLL
@{0DF49261-F891-4A12-9092-EC3566EADCCC} /*PixVuePropertySheet Class*/C:\Programmi\PixVue.Com\PixVue\bin\PixVue.dll = C:\Programmi\PixVue.Com\PixVue\bin\PixVue.dll
@{E376AE75-7C59-4487-B40C-082CCBB4ABDE} /*PixVueContextMenu Class*/C:\Programmi\PixVue.Com\PixVue\bin\PixVue.dll = C:\Programmi\PixVue.Com\PixVue\bin\PixVue.dll
@{F36B4023-B4F2-4C40-9CDC-0E1B0C66F1FC} /*PixVueInfoTip Class*/C:\Programmi\PixVue.Com\PixVue\bin\PixVue.dll = C:\Programmi\PixVue.Com\PixVue\bin\PixVue.dll
@{68f32140-2ca3-11d0-acc1-444553540000} /*PicaView*/C:\Programmi\ACD Systems\Picaview\PicaView.dll /*file not found*/ = C:\Programmi\ACD Systems\Picaview\PicaView.dll /*file not found*/
@{8FF88D21-7BD0-11D1-BFB7-00AA00262A11} /*WinAce Archiver 2.2 Context Menu Shell Extension*/(null) =
@{8FF88D25-7BD0-11D1-BFB7-00AA00262A11} /*WinAce Archiver 2.2 DragDrop Shell Extension*/(null) =
@{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} /*WinAce Archiver 2.2 Context Menu Shell Extension*/(null) =
@{8FF88D23-7BD0-11D1-BFB7-00AA00262A11} /*WinAce Archiver 2.2 Property Sheet Shell Extension*/(null) =
@{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/C:\Programmi\Alwil Software\Avast4\ashShell.dll = C:\Programmi\Alwil Software\Avast4\ashShell.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved@{BDEADF00-C265-11d0-BCED-00A0C90AB50F} /*Cartelle Web*/ = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
PicaView@{68f32140-2ca3-11d0-acc1-444553540000} = C:\Programmi\ACD Systems\Picaview\PicaView.dll /*file not found*/
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx = C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}C:\Programmi\Windows Live Toolbar\msntb.dll = C:\Programmi\Windows Live Toolbar\msntb.dll

HKLM\Software\Microsoft\Internet Explorer\Plugins\Extension\.spop@Location = C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local PageC:\WINXP\SYSTEM32\blank.htm = C:\WINXP\SYSTEM32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pageabout:blank = about:blank
@Local PageC:\WINXP\SYSTEM32\blank.htm = C:\WINXP\SYSTEM32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINXP\System32\msvidctl.dll
its@CLSID = C:\WINXP\System32\itss.dll
lid@CLSID = C:\WINXP\System32\msvidctl.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINXP\System32\itss.dll
tv@CLSID = C:\WINXP\System32\msvidctl.dll
vnd.ms.radio@CLSID = C:\WINXP\System32\msdxm.ocx

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINXP\System32\wiascr.dll

C:\Documents and Settings\Argentieri Donato\Menu Avvio\Programmi\Esecuzione automatica = Adobe Gamma.lnk

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica = Microsoft Office.lnk

---- EOF - GMER 1.0.11 ----

di **Luke57** » 22/09/06 08:41

Ciao, apri hiajckthis, premi "do a system scan only", cerchi e spunti le seguenti voci:
O4 - HKLM\..\Run: [ÿ_zskAJQ^QN]AVBIKOBO] C:\WINXP\System32\_zskwrkni05\OBOKIBVA]NQ^QJA.exe
O4 - HKLM\..\RunServices: [ÿ_zskAJQ^QN]AVBIKOBO] C:\WINXP\System32\_zskwrkni05\OBOKIBVA]NQ^QJA.exe
O4 - HKCU\..\Run: [ÿ_zskAJQ^QN]AVBIKOBO] C:\WINXP\System32\_zskwrkni05\OBOKIBVA]NQ^QJA.exe
O15 - Trusted Zone: http://www.archiviosex.net
O15 - Trusted Zone: http://www.otherchance.com
O15 - Trusted Zone: http://www.redfunny.com
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.trafficredlight.net/10714-23.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://deposito.hostance.net/dialer/10714-23.exe
O23 - Service: NetFfn - Unknown owner - \\?\C:\Programmi\File comuni\Services\com2.exe (file missing)

premi fix checked.

Lancia questi comandi, uno dietro all'altro:
start>esegui>sc stop NetFfn (lo digiti nello spazio)>OK
start>esegui>sc delete NetFfn (lo digiti nello spazio)>OK

Fai una scansione con antivirus aggiornato

Elimina i file temp e tmp di windows, quelli di IE, cookies

Svuota il cestino

Da pannello di controllo, installazioni\applicazioni, verifica che non vi siano programmi o applicazioni sospette non installate da te.

di **Shadow Dancer** » 22/09/06 09:35

Ho fatto quello che mi hai detto, ma le seguente voci non sono state eliminate (perchè aprendo ancora una volta Hiajckthis ricompaiono):

O4 - HKLM\..\Run: [ÿ_zskAJQ^QN]AVBIKOBO] C:\WINXP\System32\_zskwrkni05\OBOKIBVA]NQ^QJA.exe
O4 - HKLM\..\RunServices: [ÿ_zskAJQ^QN]AVBIKOBO] C:\WINXP\System32\_zskwrkni05\OBOKIBVA]NQ^QJA.exe
O4 - HKCU\..\Run: [ÿ_zskAJQ^QN]AVBIKOBO] C:\WINXP\System32\_zskwrkni05\OBOKIBVA]NQ^QJA.exe

Appena ho fatto partire l'antivirus il pc si è riavviato e ha fatto una scansione perchè aveva trovato un virus nella memoria operativa.

Il mio log hijackThis

Il mio log hijackThis

Topic correlati a "Il mio log hijackThis":

Chi c’è in linea