Condividi:        

NON RIESCO AD APRIRE HijackThis

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

NON RIESCO AD APRIRE HijackThis

Postdi sgruntina » 05/11/06 21:55

Allora mi spiego...qualche giorno fa ho avuto problemi con il pc... avevo eliminato tutto...poi il mio hard disk la stessa notte ha deciso di abbandonarmi...ho formattato tutto ...ORA ho gli stessi problemi di prima se non peggio.... Appena cerco di collegarmi con alice..mi appare la finestrina vecchio stampo di win98... oppure se riesco a collegarmi con alice appena vado sull'explorer mi dice che devo connettere la pagina perchè non posso visualizzarla non in linea mentre io sono già collegata...
poi...faccio scansione col virit e mi ritrovo la temp piena di file .EXE e quindi il virit mi si chiude... in più non riesco a fare il log con il HijackThis ...che posso fare?? Una buona anima mi aiuterà??
sgruntina
Utente Junior
 
Post: 52
Iscritto il: 01/11/06 01:12

Sponsor
 

log di virit

Postdi sgruntina » 05/11/06 22:53

sono sempre io... l'unica cosa che trovo sul log del virit è questa...cioè il punto dove mi si blocca il virit..


C:\Documents and Settings\Martina\Impostazioni locali\Temp\246.tmp Infetto da BHO.Agent.BM
sgruntina
Utente Junior
 
Post: 52
Iscritto il: 01/11/06 01:12

Postdi Luke57 » 05/11/06 23:20

Ciao, ti ricordi di me? ;)
Prova con runanalyzer a postare un log. Altrimenti segui le stesse indicazioni del problema precedente (tasklist e controllo della voce di registro).
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi sgruntina » 05/11/06 23:24

si ciao luke scusami se non ho postato ma ho bruciatol'hard dick...o meglio...sto bastardo si riavviava fino alal schermata di windows xp poi basta morto schermo nero...
cmq oramai ho formtattato l'altro HD e siamo di nuovo nei casini....

ora provo a fare tutto..speriamo bene
sgruntina
Utente Junior
 
Post: 52
Iscritto il: 01/11/06 01:12

Postdi sgruntina » 05/11/06 23:45

ok ci sono...ecco il log del run

Logfile of RunAlyzer 0.3. Copyright © 2000-2005 Safer Networking Limited. Tutti i diritti sono riservati.
Scan saved at 05/11/2006 23.44.39
Platform: Windows XP (Build: 2600) Service Pack 2 (5.1.2600)

Running processes:
[System]
System
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe
C:\Programmi\Prevx1\PXAgent.exe
C:\Programmi\Prevx1\PXConsole.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\alg.exe
C:\VEXPLITE\viritsvc.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Safer Networking\RunAlyzer\RunAlyzer.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\SERVICES.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: DSLMON.lnk = C:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - HKCU\..\Run: [msnmsgr] C:\Programmi\MSN Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [MessengerPlus3] C:\Programmi\MessengerPlus! 3\MsgPlus.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [bavpvojc]
O4 - HKLM\..\Run: [owmp1.exe]
O4 - HKLM\..\Run: [PrevxOne] C:\Programmi\Prevx1\PXConsole.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe
O23 - Service: Driver ACPI Microsoft (ACPI) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ACPI.sys
O23 - Service: General Purpose USB Driver (adildr.sys) (ADILOADER) - /owner unsupported/ - C:\WINDOWS\System32\Drivers\adildr.sys
O23 - Service: USB ADSL WAN Adapter (adiusbaw) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\adiusbaw.sys
O23 - Service: Eliminatore di eco acustico del kernel Microsoft (aec) - /owner unsupported/ - C:\WINDOWS\system32\drivers\aec.sys
O23 - Service: AFD (AFD) - /owner unsupported/ - C:\WINDOWS\System32\drivers\afd.sys
O23 - Service: Filtro bus Intel AGP (agp440) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\agp440.sys
O23 - Service: Avvisi (Alerter) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Servizio Gateway di livello applicazione (ALG) - /owner unsupported/ - C:\WINDOWS\System32\alg.exe
O23 - Service: Gestione applicazione (AppMgmt) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Driver per supporti asincroni RAS (AsyncMac) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\asyncmac.sys
O23 - Service: Controller disco rigido IDE/ESDI standard (atapi) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\atapi.sys
O23 - Service: Protocollo client ARP ATM (Atmarpc) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\atmarpc.sys
O23 - Service: Audio Windows (AudioSrv) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Driver stub audio (audstub) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\audstub.sys
O23 - Service: Servizio trasferimento intelligente in background (BITS) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Browser di computer (Browser) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Driver del CD-ROM (Cdrom) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\cdrom.sys
O23 - Service: Servizio di indicizzazione (CiSvc) - /owner unsupported/ - C:\WINDOWS\system32\cisvc.exe
O23 - Service: ClipBook (ClipSrv) - /owner unsupported/ - C:\WINDOWS\system32\clipsrv.exe
O23 - Service: Applicazione di sistema COM+ (COMSysApp) - /owner unsupported/ - C:\WINDOWS\system32\dllhost.exe
O23 - Service: Servizi di crittografia (CryptSvc) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Utilità di avvio processo server DCOM (DcomLaunch) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Client DHCP (Dhcp) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Driver del disco (Disk) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\disk.sys
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - /owner unsupported/ - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Driver Gestione dischi logici (dmio) - /owner unsupported/ - C:\WINDOWS\System32\drivers\dmio.sys
O23 - Service: Gestione dischi logici (dmserver) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Sintetizzatore DLS Microsoft Kernel (DMusic) - /owner unsupported/ - C:\WINDOWS\system32\drivers\DMusic.sys
O23 - Service: Client DNS (Dnscache) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Decodificatore audio DRM del kernel Microsoft (drmkaud) - /owner unsupported/ - C:\WINDOWS\system32\drivers\drmkaud.sys
O23 - Service: Servizio di segnalazione errori (ERSvc) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Driver audio ESS 1969 (WDM) (es1969) - /owner unsupported/ - C:\WINDOWS\system32\drivers\es1969.sys
O23 - Service: Registro eventi (Eventlog) - /owner unsupported/ - C:\WINDOWS\system32\services.exe
O23 - Service: Sistema di eventi COM+ (EventSystem) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Compatibilità di Cambio rapido utente (FastUserSwitchingCompatibility) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Driver controller disco floppy (Fdc) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\fdc.sys
O23 - Service: Driver disco floppy (Flpydisk) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\flpydisk.sys
O23 - Service: FltMgr (FltMgr) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\fltMgr.sys
O23 - Service: Driver archiviazione volumi (Ftdisk) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ftdisk.sys
O23 - Service: Enumeratore porta giochi (gameenum) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\gameenum.sys
O23 - Service: Utilità di classificazione pacchetti generica (Gpc) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\msgpc.sys
O23 - Service: Guida in linea e supporto tecnico (helpsvc) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Accesso periferica Human Interface (HidServ) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Driver di classe HID Microsoft (hidusb) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\hidusb.sys
O23 - Service: HTTP (HTTP) - /owner unsupported/ - C:\WINDOWS\System32\Drivers\HTTP.sys
O23 - Service: SSL HTTP (HTTPFilter) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Driver di porta mouse PS/2 e tastiera i8042 (i8042prt) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\i8042prt.sys
O23 - Service: Driver filtro masterizzazione CD (Imapi) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\imapi.sys
O23 - Service: Servizio COM di masterizzazione CD IMAPI (ImapiService) - /owner unsupported/ - C:\WINDOWS\system32\imapi.exe
O23 - Service: InCD File System (InCDFs) - /owner unsupported/ - system32\drivers\InCDFs.sys
O23 - Service: InCDPass (InCDPass) - /owner unsupported/ - system32\drivers\InCDPass.sys
O23 - Service: InCD Reader (InCDRm) - /owner unsupported/ - system32\drivers\InCDRm.sys
O23 - Service: Driver Windows Firewall IPv6 (Ip6Fw) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
O23 - Service: Driver filtro traffico IP (IpFilterDriver) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
O23 - Service: Driver tunnel IP in IP (IpInIp) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ipinip.sys
O23 - Service: Traduttore indirizzi di rete IP (IpNat) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ipnat.sys
O23 - Service: Driver IPSEC (IPSec) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ipsec.sys
O23 - Service: Servizio enumeratore infrarossi (IRENUM) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\irenum.sys
O23 - Service: Driver bus PnP ISA/EISA (isapnp) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\isapnp.sys
O23 - Service: Driver classe tastiera (Kbdclass) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\kbdclass.sys
O23 - Service: Mixer wave audio del kernel Microsoft (kmixer) - /owner unsupported/ - C:\WINDOWS\system32\drivers\kmixer.sys
O23 - Service: Server (lanmanserver) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Workstation (lanmanworkstation) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Helper NetBIOS di TCP/IP (LmHosts) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Messenger (Messenger) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Condivisione desktop remoto di NetMeeting (mnmsrvc) - /owner unsupported/ - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Driver classe mouse (Mouclass) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\mouclass.sys
O23 - Service: Driver di mouse HID (mouhid) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\mouhid.sys
O23 - Service: Redirector del client WebDav (MRxDAV) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\mrxdav.sys
O23 - Service: MRXSMB (MRxSmb) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
O23 - Service: Distributed Transaction Coordinator (MSDTC) - /owner unsupported/ - C:\WINDOWS\system32\msdtc.exe
O23 - Service: Windows Installer (MSIServer) - /owner unsupported/ - C:\WINDOWS\system32\msiexec.exe
O23 - Service: Proxy di servizio di flusso Microsoft (MSKSSRV) - /owner unsupported/ - C:\WINDOWS\system32\drivers\MSKSSRV.sys
O23 - Service: Proxy clock di flusso Microsoft (MSPCLOCK) - /owner unsupported/ - C:\WINDOWS\system32\drivers\MSPCLOCK.sys
O23 - Service: Proxy di gestione qualità di flusso Microsoft (MSPQM) - /owner unsupported/ - C:\WINDOWS\system32\drivers\MSPQM.sys
O23 - Service: Driver BIOS Microsoft System Management (mssmbios) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\mssmbios.sys
O23 - Service: Mup (Mup) - /owner unsupported/ -
O23 - Service: Driver di sistema NDIS (NDIS) - /owner unsupported/ -
O23 - Service: Driver TAPI NDIS di accesso remoto (NdisTapi) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ndistapi.sys
O23 - Service: Protocollo I/O modalità utente su NDIS (Ndisuio) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ndisuio.sys
O23 - Service: Driver WAN NDIS di accesso remoto (NdisWan) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ndiswan.sys
O23 - Service: Interfaccia NetBIOS (NetBIOS) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\netbios.sys
O23 - Service: NetBios su Tcpip (NetBT) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\netbt.sys
O23 - Service: DDE di rete (NetDDE) - /owner unsupported/ - C:\WINDOWS\system32\netdde.exe
O23 - Service: DDE DSDM di rete (NetDDEdsdm) - /owner unsupported/ - C:\WINDOWS\system32\netdde.exe
O23 - Service: Accesso rete (Netlogon) - /owner unsupported/ - C:\WINDOWS\system32\lsass.exe
O23 - Service: Connessioni di rete (Netman) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: NLA (Network Location Awareness) (Nla) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Provider supporto protezione LM NT (NtLmSsp) - /owner unsupported/ - C:\WINDOWS\system32\lsass.exe
O23 - Service: Archivi rimovibili (NtmsSvc) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Driver filtro traffico IPX (NwlnkFlt) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
O23 - Service: Driver inoltratore traffico IPX (NwlnkFwd) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
O23 - Service: Driver della porta parallela (Parport) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\parport.sys
O23 - Service: Driver bus PCI (PCI) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\pci.sys
O23 - Service: Plug and Play (PlugPlay) - /owner unsupported/ - C:\WINDOWS\system32\services.exe
O23 - Service: Servizi IPSEC (PolicyAgent) - /owner unsupported/ - C:\WINDOWS\system32\lsass.exe
O23 - Service: WAN Miniport (PPTP) (PptpMiniport) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\raspptp.sys
O23 - Service: Prevx Agent (PREVXAgent) - /owner unsupported/ - C:\Programmi\Prevx1\PXAgent.exe
O23 - Service: PREVX Kernel Mode Agent (PrevxDriver) - /owner unsupported/ - C:\WINDOWS\system32\drivers\pxfsf.sys
O23 - Service: PREVX Emulator Driver (PrevxEmulator) - /owner unsupported/ - C:\WINDOWS\system32\drivers\pxemu.sys
O23 - Service: PREVX Tdi filter (PrevxTdi) - /owner unsupported/ - C:\WINDOWS\system32\drivers\pxtdi.sys
O23 - Service: Driver processore (Processor) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\processr.sys
O23 - Service: Archiviazione protetta (ProtectedStorage) - /owner unsupported/ - C:\WINDOWS\system32\lsass.exe
O23 - Service: Utilità di pianificazione pacchetti QoS (PSched) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\psched.sys
O23 - Service: Driver Direct Parallel Link (Ptilink) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ptilink.sys
O23 - Service: PREVX Rootkitscan driver (PXRDDriver) - /owner unsupported/ - C:\WINDOWS\system32\drivers\pxrd.sys
O23 - Service: Driver connessione automatica Accesso remoto (RasAcd) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\rasacd.sys
O23 - Service: Auto Connection Manager di Accesso remoto (RasAuto) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: WAN Miniport (L2TP) (Rasl2tp) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
O23 - Service: Connection Manager di Accesso remoto (RasMan) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Driver PPPOE di accesso remoto (RasPppoe) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\raspppoe.sys
O23 - Service: Direct Parallel (Raspti) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\raspti.sys
O23 - Service: Rdbss (Rdbss) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\rdbss.sys
O23 - Service: Driver redirector periferica Terminal Server (rdpdr) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\rdpdr.sys
O23 - Service: Gestione sessione di assistenza mediante desktop remoto (RDSessMgr) - /owner unsupported/ - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Driver filtro riproduzione CD-ROM audio digitale (redbook) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\redbook.sys
O23 - Service: Routing e Accesso remoto (RemoteAccess) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Registro di sistema remoto (RemoteRegistry) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: RPC Locator (RpcLocator) - /owner unsupported/ - C:\WINDOWS\system32\locator.exe
O23 - Service: RPC (Remote Procedure Call) (RpcSs) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: QoS RSVP (RSVP) - /owner unsupported/ - C:\WINDOWS\system32\rsvp.exe
O23 - Service: Gestione account di protezione (SAM) (SamSs) - /owner unsupported/ - C:\WINDOWS\system32\lsass.exe
O23 - Service: smart card (SCardSvr) - /owner unsupported/ - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Utilità di pianificazione (Schedule) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Secdrv (Secdrv) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\secdrv.sys
O23 - Service: Accesso secondario (seclogon) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Notifica eventi di sistema (SENS) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Driver filtro Serenum (serenum) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\serenum.sys
O23 - Service: Driver della porta seriale (Serial) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\serial.sys
O23 - Service: Windows Firewall / Condivisione connessione Internet (ICS) (SharedAccess) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Rilevamento hardware shell (ShellHWDetection) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Frazionatore audio del kernel Microsoft (splitter) - /owner unsupported/ - C:\WINDOWS\system32\drivers\splitter.sys
O23 - Service: Spooler di stampa (Spooler) - /owner unsupported/ - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: Driver filtro Ripristino configurazione di sistema (sr) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\sr.sys
O23 - Service: Servizio Ripristino configurazione di sistema (srservice) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Srv (Srv) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\srv.sys
O23 - Service: Servizio di rilevamento SSDP (SSDPSRV) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Acquisizione di immagini di Windows (WIA) (stisvc) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Driver bus software (swenum) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\swenum.sys
O23 - Service: Sintetizzatore Wavetable GS kernel Microsoft (swmidi) - /owner unsupported/ - C:\WINDOWS\system32\drivers\swmidi.sys
O23 - Service: MS Software Shadow Copy Provider (SwPrv) - /owner unsupported/ - C:\WINDOWS\system32\dllhost.exe
O23 - Service: Periferica audio di sistema Microsoft Kernel (sysaudio) - /owner unsupported/ - C:\WINDOWS\system32\drivers\sysaudio.sys
O23 - Service: Avvisi e registri di prestazioni (SysmonLog) - /owner unsupported/ - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telefonia (TapiSrv) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Driver protocollo TCP/IP (Tcpip) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\tcpip.sys
O23 - Service: Driver della periferica terminale (TermDD) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\termdd.sys
O23 - Service: Servizi terminal (TermService) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Temi (Themes) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Telnet (TlntSvr) - /owner unsupported/ - C:\WINDOWS\system32\tlntsvr.exe
O23 - Service: Manutenzione collegamenti distribuiti client (TrkWks) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Driver aggiornamento microcodice (Update) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\update.sys
O23 - Service: Host di periferiche Plug and Play universali (upnphost) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Gruppo di continuità (UPS) - /owner unsupported/ - C:\WINDOWS\System32\ups.exe
O23 - Service: Driver hub USB standard Microsoft (usbhub) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\usbhub.sys
O23 - Service: Driver Miniport Controller Universal Host USB Microsoft (usbuhci) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\usbuhci.sys
O23 - Service: Servizio Messenger Sharing USN Journal Reader (usnsvc) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - /owner unsupported/ - C:\VEXPLITE\viritsvc.exe
O23 - Service: Copia replicata del volume (VSS) - /owner unsupported/ - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Ora di Windows (W32Time) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Driver ARP IP di accesso remoto (Wanarp) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\wanarp.sys
O23 - Service: Driver di compatibilità audio Microsoft WINMM WDM (wdmaud) - /owner unsupported/ - C:\WINDOWS\system32\drivers\wdmaud.sys
O23 - Service: WebClient (WebClient) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Strumentazione gestione Windows (winmgmt) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Servizio Numero di serie per dispositivi multimediali portatili (WmdmPmSN) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Estensioni driver di Strumentazione gestione Windows (Wmi) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Scheda WMI Performance (WmiApSrv) - /owner unsupported/ - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Centro sicurezza PC (wscsvc) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Aggiornamenti automatici (wuauserv) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Zero Configuration reti senza fili (WZCSVC) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Servizio Provisioning di rete (xmlprov) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://java.sun.com/update/1.5.0/jinsta ... 586-jc.cab
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
sgruntina
Utente Junior
 
Post: 52
Iscritto il: 01/11/06 01:12

Postdi sgruntina » 06/11/06 01:45

Oramai che ci sono ti posto il log che ho fatto con avg

---------------------------------------------------------
AVG Anti-Spyware - Rapporto scansione
---------------------------------------------------------

+ Creato alle: 1.39.03 06/11/2006

+ Risultato scansione:



C:\Documents and Settings\Martina\Impostazioni locali\Temp\mddjve.exe -> Logger.BZub.fh : Ripulito con backup (in quarantena)
C:\Documents and Settings\Martina\Impostazioni locali\Temporary Internet Files\Content.IE5\XW07X1K9\counter21[1].php -> Logger.BZub.fh : Ripulito con backup (in quarantena)
C:\System Volume Information\_restore{03C03604-1478-4A0A-992A-0B08DD919879}\RP1\A0000174.dll -> Logger.BZub.fh : Ripulito con backup (in quarantena)
C:\Documents and Settings\Martina\Cookies\martina@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Ripulito.
C:\Documents and Settings\Martina\Cookies\martina@atdmt[2].txt -> TrackingCookie.Atdmt : Ripulito.
C:\Documents and Settings\Martina\Cookies\martina@ads20.bpath[2].txt -> TrackingCookie.Bpath : Ripulito.
C:\Documents and Settings\Martina\Cookies\martina@clickbank[2].txt -> TrackingCookie.Clickbank : Ripulito.
C:\Documents and Settings\Martina\Cookies\martina@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ripulito.
C:\Documents and Settings\Martina\Cookies\martina@c.goclick[2].txt -> TrackingCookie.Goclick : Ripulito.
C:\Documents and Settings\Martina\Cookies\martina@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Ripulito.
C:\Documents and Settings\Martina\Cookies\martina@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Ripulito.
C:\WINDOWS\system32\sysi16.exe -> Trojan.Dialer.qn : Ripulito con backup (in quarantena)


::Fine rapporto
sgruntina
Utente Junior
 
Post: 52
Iscritto il: 01/11/06 01:12

Postdi sgruntina » 06/11/06 01:46

io lo so che prima o poi ti faranno santo...

ho visto su il task manger...Isasser e altra roba strana...credi sia normale???
sgruntina
Utente Junior
 
Post: 52
Iscritto il: 01/11/06 01:12

Postdi Luke57 » 06/11/06 08:34

Ciao , se non l'hai più scarica Avgpfix da qui:
http://www.nod32.it/cgi-bin/mapdl.pl?tool=Agent.VP

e tienilo da parte.
Poi stampa la pagina ed esegui il tutto con le applicazioni e programmi chiusi, disconnessa da internet.

Poi, apri il registro di sistema
da START\ESEGUI digita regedit>OK

Apri il registro di sistema:
start>esegui>regedit (lo digiti nello spazio)>OK
Aperto l’editor del registro, cliccando sul segno + accanto alle singole voci segui adesso questo percorso:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon, click su quest’ultima cartella
Sulla parte destra troverai
userinit= REG_SZ cC:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\SERVICES.EXE
doppio click sulla voce, nella finestra Modifica stringa che ti appare
nello spazio bianco troverai:
C:\WINDOWS\system32\userinit.exe, ,C:\WINDOWS\SERVICES.EXE

seleziona
,C:\WINDOWS\SERVICES.EXE (virgola compresa)
in modo da lasciare nello spazio solamente:
c:\windows\system32\userinit.exe, (virgola compresa)
premi canc>OK
(ATTENZIONE a non cancellare userinit.exe, il computer non si riavvierà).

Rendi visibili file e cartelle nascosti:
da risorse del computer>strumenti>Opzioni Cartella
Seleziona Visualizza
Spunta "mostra file e cartelle nascoste"
Togli la spunta da "nascondi file di sistema protetti"
Click OK

Con AVgpfix, elimina i seguenti file:
C:\WINDOWS\SERVICES.EXE (non ti confondere con services.exe legittimo, prerò collocato in C:\Windows\System32)

Riprova poi a utilizzare hijackthis e posta un log.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi sgruntina » 06/11/06 09:19

Adesso sono a lavoro... non oso provare Hijackthis a lavoro...non vorrei rovinarmi il lunedì mattina...sgrunt..

stasera proverò a fare tutto dal regedit... poi ti farò sapere...
grazie mille per adesso!!!! :)
sgruntina
Utente Junior
 
Post: 52
Iscritto il: 01/11/06 01:12

file log

Postdi sgruntina » 06/11/06 18:42

dunque...ho eseguito tutto con attenzione... ma dopo che elimino la voce sotto regedit...e avviando AVGfix non riesco a trovare C:\WINDOWS|SERVICES.exe

Inoltre il hijachthis non riesco comunque ad aprirlo....
Ho rifatto il log con l'altro programma che ti incollo qua sotto...


Logfile of RunAlyzer 0.3. Copyright © 2000-2005 Safer Networking Limited. Tutti i diritti sono riservati.
Scan saved at 06/11/2006 18.39.48
Platform: Windows XP (Build: 2600) Service Pack 2 (5.1.2600)

Running processes:
[System]
System
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe
C:\VEXPLITE\MONLITE.EXE
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\VEXPLITE\viritsvc.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Safer Networking\RunAlyzer\RunAlyzer.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\SERVICES.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: DSLMON.lnk = C:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe
O4 - HKCU\..\Run: [MessengerPlus3] C:\Programmi\MessengerPlus! 3\MsgPlus.exe
O4 - HKCU\..\Run: [msnmsgr] C:\Programmi\MSN Messenger\msnmsgr.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
O4 - HKLM\..\Run: [bavpvojc]
O4 - HKLM\..\Run: [owmp1.exe]
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe
O23 - Service: Driver ACPI Microsoft (ACPI) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ACPI.sys
O23 - Service: General Purpose USB Driver (adildr.sys) (ADILOADER) - /owner unsupported/ - C:\WINDOWS\System32\Drivers\adildr.sys
O23 - Service: USB ADSL WAN Adapter (adiusbaw) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\adiusbaw.sys
O23 - Service: Eliminatore di eco acustico del kernel Microsoft (aec) - /owner unsupported/ - C:\WINDOWS\system32\drivers\aec.sys
O23 - Service: AFD (AFD) - /owner unsupported/ - C:\WINDOWS\System32\drivers\afd.sys
O23 - Service: Filtro bus Intel AGP (agp440) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\agp440.sys
O23 - Service: Avvisi (Alerter) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Servizio Gateway di livello applicazione (ALG) - /owner unsupported/ - C:\WINDOWS\System32\alg.exe
O23 - Service: Gestione applicazione (AppMgmt) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Driver per supporti asincroni RAS (AsyncMac) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\asyncmac.sys
O23 - Service: Controller disco rigido IDE/ESDI standard (atapi) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\atapi.sys
O23 - Service: Protocollo client ARP ATM (Atmarpc) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\atmarpc.sys
O23 - Service: Audio Windows (AudioSrv) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Driver stub audio (audstub) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\audstub.sys
O23 - Service: AVG Anti-Spyware Driver (AVG Anti-Spyware Driver) - /owner unsupported/ - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.sys
O23 - Service: AVG Anti-Spyware Guard (AVG Anti-Spyware Guard) - /owner unsupported/ - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG Anti-Spyware Clean Driver (AvgAsCln) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys
O23 - Service: Servizio trasferimento intelligente in background (BITS) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Browser di computer (Browser) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Driver del CD-ROM (Cdrom) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\cdrom.sys
O23 - Service: Servizio di indicizzazione (CiSvc) - /owner unsupported/ - C:\WINDOWS\system32\cisvc.exe
O23 - Service: ClipBook (ClipSrv) - /owner unsupported/ - C:\WINDOWS\system32\clipsrv.exe
O23 - Service: Applicazione di sistema COM+ (COMSysApp) - /owner unsupported/ - C:\WINDOWS\system32\dllhost.exe
O23 - Service: Servizi di crittografia (CryptSvc) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Utilità di avvio processo server DCOM (DcomLaunch) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Client DHCP (Dhcp) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Driver del disco (Disk) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\disk.sys
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - /owner unsupported/ - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Driver Gestione dischi logici (dmio) - /owner unsupported/ - C:\WINDOWS\System32\drivers\dmio.sys
O23 - Service: Gestione dischi logici (dmserver) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Sintetizzatore DLS Microsoft Kernel (DMusic) - /owner unsupported/ - C:\WINDOWS\system32\drivers\DMusic.sys
O23 - Service: Client DNS (Dnscache) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Decodificatore audio DRM del kernel Microsoft (drmkaud) - /owner unsupported/ - C:\WINDOWS\system32\drivers\drmkaud.sys
O23 - Service: Servizio di segnalazione errori (ERSvc) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Driver audio ESS 1969 (WDM) (es1969) - /owner unsupported/ - C:\WINDOWS\system32\drivers\es1969.sys
O23 - Service: EvC (EvC) - /owner unsupported/ - C:\Programmi\File comuni\Services\hzX.exe
O23 - Service: Registro eventi (Eventlog) - /owner unsupported/ - C:\WINDOWS\system32\services.exe
O23 - Service: Sistema di eventi COM+ (EventSystem) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Compatibilità di Cambio rapido utente (FastUserSwitchingCompatibility) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Driver controller disco floppy (Fdc) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\fdc.sys
O23 - Service: Driver disco floppy (Flpydisk) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\flpydisk.sys
O23 - Service: FltMgr (FltMgr) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\fltMgr.sys
O23 - Service: Driver archiviazione volumi (Ftdisk) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ftdisk.sys
O23 - Service: Enumeratore porta giochi (gameenum) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\gameenum.sys
O23 - Service: Utilità di classificazione pacchetti generica (Gpc) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\msgpc.sys
O23 - Service: Guida in linea e supporto tecnico (helpsvc) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Accesso periferica Human Interface (HidServ) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Driver di classe HID Microsoft (hidusb) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\hidusb.sys
O23 - Service: HTTP (HTTP) - /owner unsupported/ - C:\WINDOWS\System32\Drivers\HTTP.sys
O23 - Service: SSL HTTP (HTTPFilter) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Driver di porta mouse PS/2 e tastiera i8042 (i8042prt) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\i8042prt.sys
O23 - Service: Driver filtro masterizzazione CD (Imapi) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\imapi.sys
O23 - Service: Servizio COM di masterizzazione CD IMAPI (ImapiService) - /owner unsupported/ - C:\WINDOWS\system32\imapi.exe
O23 - Service: InCD File System (InCDFs) - /owner unsupported/ - system32\drivers\InCDFs.sys
O23 - Service: InCDPass (InCDPass) - /owner unsupported/ - system32\drivers\InCDPass.sys
O23 - Service: InCD Reader (InCDRm) - /owner unsupported/ - system32\drivers\InCDRm.sys
O23 - Service: Driver Windows Firewall IPv6 (Ip6Fw) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
O23 - Service: Driver filtro traffico IP (IpFilterDriver) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
O23 - Service: Driver tunnel IP in IP (IpInIp) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ipinip.sys
O23 - Service: Traduttore indirizzi di rete IP (IpNat) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ipnat.sys
O23 - Service: Driver IPSEC (IPSec) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ipsec.sys
O23 - Service: Servizio enumeratore infrarossi (IRENUM) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\irenum.sys
O23 - Service: Driver bus PnP ISA/EISA (isapnp) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\isapnp.sys
O23 - Service: Driver classe tastiera (Kbdclass) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\kbdclass.sys
O23 - Service: Mixer wave audio del kernel Microsoft (kmixer) - /owner unsupported/ - C:\WINDOWS\system32\drivers\kmixer.sys
O23 - Service: Server (lanmanserver) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Workstation (lanmanworkstation) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Helper NetBIOS di TCP/IP (LmHosts) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Messenger (Messenger) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Condivisione desktop remoto di NetMeeting (mnmsrvc) - /owner unsupported/ - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Driver classe mouse (Mouclass) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\mouclass.sys
O23 - Service: Driver di mouse HID (mouhid) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\mouhid.sys
O23 - Service: Redirector del client WebDav (MRxDAV) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\mrxdav.sys
O23 - Service: MRXSMB (MRxSmb) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
O23 - Service: Distributed Transaction Coordinator (MSDTC) - /owner unsupported/ - C:\WINDOWS\system32\msdtc.exe
O23 - Service: Windows Installer (MSIServer) - /owner unsupported/ - C:\WINDOWS\system32\msiexec.exe
O23 - Service: Proxy di servizio di flusso Microsoft (MSKSSRV) - /owner unsupported/ - C:\WINDOWS\system32\drivers\MSKSSRV.sys
O23 - Service: Proxy clock di flusso Microsoft (MSPCLOCK) - /owner unsupported/ - C:\WINDOWS\system32\drivers\MSPCLOCK.sys
O23 - Service: Proxy di gestione qualità di flusso Microsoft (MSPQM) - /owner unsupported/ - C:\WINDOWS\system32\drivers\MSPQM.sys
O23 - Service: Driver BIOS Microsoft System Management (mssmbios) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\mssmbios.sys
O23 - Service: Mup (Mup) - /owner unsupported/ -
O23 - Service: Driver di sistema NDIS (NDIS) - /owner unsupported/ -
O23 - Service: Driver TAPI NDIS di accesso remoto (NdisTapi) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ndistapi.sys
O23 - Service: Protocollo I/O modalità utente su NDIS (Ndisuio) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ndisuio.sys
O23 - Service: Driver WAN NDIS di accesso remoto (NdisWan) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ndiswan.sys
O23 - Service: Interfaccia NetBIOS (NetBIOS) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\netbios.sys
O23 - Service: NetBios su Tcpip (NetBT) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\netbt.sys
O23 - Service: DDE di rete (NetDDE) - /owner unsupported/ - C:\WINDOWS\system32\netdde.exe
O23 - Service: DDE DSDM di rete (NetDDEdsdm) - /owner unsupported/ - C:\WINDOWS\system32\netdde.exe
O23 - Service: Accesso rete (Netlogon) - /owner unsupported/ - C:\WINDOWS\system32\lsass.exe
O23 - Service: Connessioni di rete (Netman) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: NLA (Network Location Awareness) (Nla) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Provider supporto protezione LM NT (NtLmSsp) - /owner unsupported/ - C:\WINDOWS\system32\lsass.exe
O23 - Service: Archivi rimovibili (NtmsSvc) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Driver filtro traffico IPX (NwlnkFlt) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
O23 - Service: Driver inoltratore traffico IPX (NwlnkFwd) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
O23 - Service: Driver della porta parallela (Parport) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\parport.sys
O23 - Service: Driver bus PCI (PCI) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\pci.sys
O23 - Service: Plug and Play (PlugPlay) - /owner unsupported/ - C:\WINDOWS\system32\services.exe
O23 - Service: Servizi IPSEC (PolicyAgent) - /owner unsupported/ - C:\WINDOWS\system32\lsass.exe
O23 - Service: WAN Miniport (PPTP) (PptpMiniport) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\raspptp.sys
O23 - Service: Driver processore (Processor) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\processr.sys
O23 - Service: Archiviazione protetta (ProtectedStorage) - /owner unsupported/ - C:\WINDOWS\system32\lsass.exe
O23 - Service: Utilità di pianificazione pacchetti QoS (PSched) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\psched.sys
O23 - Service: Driver Direct Parallel Link (Ptilink) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ptilink.sys
O23 - Service: Driver connessione automatica Accesso remoto (RasAcd) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\rasacd.sys
O23 - Service: Auto Connection Manager di Accesso remoto (RasAuto) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: WAN Miniport (L2TP) (Rasl2tp) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
O23 - Service: Connection Manager di Accesso remoto (RasMan) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Driver PPPOE di accesso remoto (RasPppoe) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\raspppoe.sys
O23 - Service: Direct Parallel (Raspti) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\raspti.sys
O23 - Service: Rdbss (Rdbss) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\rdbss.sys
O23 - Service: Driver redirector periferica Terminal Server (rdpdr) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\rdpdr.sys
O23 - Service: Gestione sessione di assistenza mediante desktop remoto (RDSessMgr) - /owner unsupported/ - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Driver filtro riproduzione CD-ROM audio digitale (redbook) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\redbook.sys
O23 - Service: Routing e Accesso remoto (RemoteAccess) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Registro di sistema remoto (RemoteRegistry) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: RPC Locator (RpcLocator) - /owner unsupported/ - C:\WINDOWS\system32\locator.exe
O23 - Service: RPC (Remote Procedure Call) (RpcSs) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: QoS RSVP (RSVP) - /owner unsupported/ - C:\WINDOWS\system32\rsvp.exe
O23 - Service: Gestione account di protezione (SAM) (SamSs) - /owner unsupported/ - C:\WINDOWS\system32\lsass.exe
O23 - Service: smart card (SCardSvr) - /owner unsupported/ - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Utilità di pianificazione (Schedule) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Secdrv (Secdrv) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\secdrv.sys
O23 - Service: Accesso secondario (seclogon) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Notifica eventi di sistema (SENS) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Driver filtro Serenum (serenum) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\serenum.sys
O23 - Service: Driver della porta seriale (Serial) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\serial.sys
O23 - Service: Windows Firewall / Condivisione connessione Internet (ICS) (SharedAccess) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Rilevamento hardware shell (ShellHWDetection) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Frazionatore audio del kernel Microsoft (splitter) - /owner unsupported/ - C:\WINDOWS\system32\drivers\splitter.sys
O23 - Service: Spooler di stampa (Spooler) - /owner unsupported/ - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: Driver filtro Ripristino configurazione di sistema (sr) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\sr.sys
O23 - Service: Servizio Ripristino configurazione di sistema (srservice) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Srv (Srv) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\srv.sys
O23 - Service: Servizio di rilevamento SSDP (SSDPSRV) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Acquisizione di immagini di Windows (WIA) (stisvc) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Driver bus software (swenum) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\swenum.sys
O23 - Service: Sintetizzatore Wavetable GS kernel Microsoft (swmidi) - /owner unsupported/ - C:\WINDOWS\system32\drivers\swmidi.sys
O23 - Service: MS Software Shadow Copy Provider (SwPrv) - /owner unsupported/ - C:\WINDOWS\system32\dllhost.exe
O23 - Service: Periferica audio di sistema Microsoft Kernel (sysaudio) - /owner unsupported/ - C:\WINDOWS\system32\drivers\sysaudio.sys
O23 - Service: Avvisi e registri di prestazioni (SysmonLog) - /owner unsupported/ - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telefonia (TapiSrv) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Driver protocollo TCP/IP (Tcpip) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\tcpip.sys
O23 - Service: Driver della periferica terminale (TermDD) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\termdd.sys
O23 - Service: Servizi terminal (TermService) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Temi (Themes) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Telnet (TlntSvr) - /owner unsupported/ - C:\WINDOWS\system32\tlntsvr.exe
O23 - Service: Manutenzione collegamenti distribuiti client (TrkWks) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Driver aggiornamento microcodice (Update) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\update.sys
O23 - Service: Host di periferiche Plug and Play universali (upnphost) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Gruppo di continuità (UPS) - /owner unsupported/ - C:\WINDOWS\System32\ups.exe
O23 - Service: Driver hub USB standard Microsoft (usbhub) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\usbhub.sys
O23 - Service: Driver Miniport Controller Universal Host USB Microsoft (usbuhci) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\usbuhci.sys
O23 - Service: Servizio Messenger Sharing USN Journal Reader (usnsvc) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - /owner unsupported/ - C:\VEXPLITE\viritsvc.exe
O23 - Service: Copia replicata del volume (VSS) - /owner unsupported/ - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Ora di Windows (W32Time) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Driver ARP IP di accesso remoto (Wanarp) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\wanarp.sys
O23 - Service: Driver di compatibilità audio Microsoft WINMM WDM (wdmaud) - /owner unsupported/ - C:\WINDOWS\system32\drivers\wdmaud.sys
O23 - Service: WebClient (WebClient) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Strumentazione gestione Windows (winmgmt) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Servizio Numero di serie per dispositivi multimediali portatili (WmdmPmSN) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Estensioni driver di Strumentazione gestione Windows (Wmi) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Scheda WMI Performance (WmiApSrv) - /owner unsupported/ - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Centro sicurezza PC (wscsvc) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Aggiornamenti automatici (wuauserv) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Zero Configuration reti senza fili (WZCSVC) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Servizio Provisioning di rete (xmlprov) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://java.sun.com/update/1.5.0/jinsta ... 586-jc.cab
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
sgruntina
Utente Junior
 
Post: 52
Iscritto il: 01/11/06 01:12

Postdi Luke57 » 06/11/06 18:56

Ciao, quella voce si è riformata nel registro, vuol dire che c'è il file.

Scarica KILLBOX da qui
http://www.bleepingcomputer.com/files/s ... illBox.zip
e tienilo da parte.

1) Ripeti l'operazione nel registro di sistema per eliminare
,C:\WINDOWS\SERVICES.EXE

Fatto ciò sempre dal registro di sistema segui questo percorso:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, click su quest'ultima cartella, se nella parte destra della finestra trovi questi valori:
owmp1.exe
bavpvojc

click con il tasto dx e scegli Elimina.

Poi avvia killbox,
- estrailo sul desktop e apri la cartella che lo contiene e quindi avvialo
- Seleziona l'opzione Delete on Reboot . Nello spazio scrivi il percorso del file da eliminare
C:\WINDOWS\SERVICES.EXE
e clicchi sulla crocetta rossa
(il computer si riavvierà)

Al riavvio, riprova a utilizzare hijackthis.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

sgrunt

Postdi sgruntina » 06/11/06 19:14

Ho rifatto tutto ho eliminato quelle due voci...ora non apro il KillBox....
sgruntina
Utente Junior
 
Post: 52
Iscritto il: 01/11/06 01:12

Postdi sgruntina » 06/11/06 19:15

riesco ad aprire avenger...servire?
sgruntina
Utente Junior
 
Post: 52
Iscritto il: 01/11/06 01:12

Postdi Luke57 » 06/11/06 19:39

sgruntina ha scritto:riesco ad aprire avenger...servire?

Ciao, Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte in neretto:

Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

Files to delete:
C:\WINDOWS\SERVICES.EXE



Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente


Posta il log di Avenger (C:/avenger.txt) con l´esito dello script
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

log avenger

Postdi sgruntina » 06/11/06 19:46

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\bxmpgxmr

*******************

Script file located at: \??\C:\cwvmefpl.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\SERVICES.EXE deleted successfully.
Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.
sgruntina
Utente Junior
 
Post: 52
Iscritto il: 01/11/06 01:12

log HijackThis

Postdi sgruntina » 06/11/06 19:47

Logfile of HijackThis v1.99.1
Scan saved at 19.46.58, on 06/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe
C:\VEXPLITE\MONLITE.EXE
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Martina\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\SERVICES.EXE
O1 - Hosts: 205.238.40.51 http://www.winmx.com err.winmx.com
O1 - Hosts: 205.238.40.2 test3201.winmx.com test3205.winmx.com
O1 - Hosts: 205.238.40.2 test3202.winmx.com test3206.winmx.com
O1 - Hosts: 205.238.40.1 test3203.winmx.com test3207.winmx.com
O1 - Hosts: 82.43.224.20 test3204.winmx.com test3208.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: DSLMON.lnk = C:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{15C3D42B-EC45-4A60-9886-1D053E169A3F}: NameServer = 85.37.17.5 85.38.28.77
O17 - HKLM\System\CS1\Services\Tcpip\..\{15C3D42B-EC45-4A60-9886-1D053E169A3F}: NameServer = 85.37.17.5 85.38.28.77
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EvC - Unknown owner - C:\Programmi\File comuni\Services\hHVtYV.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas http://www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
sgruntina
Utente Junior
 
Post: 52
Iscritto il: 01/11/06 01:12

Postdi Luke57 » 06/11/06 19:54

Ciao, il file è stato avviluppato da avenger.
Apri hijackthis e premi "do a system scan only", cerca e spunta:
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\SERVICES.EXE

premi fix checked.

Riavvia e rifai un log per vedere se la voce F2 si è riformata. Se no, la procedura è terminata. Nel log non vedo altro.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi sgruntina » 06/11/06 20:17

Rieccomi, fatto scansione nuovamente con Hijak... però ad ognia vvio di windows il virit mi fa vedere due finestre (se posso mandarti gli stamp almeno ti faccio vedere) mi chiede di inviare a loro il file da analizzare...

le due finestre dicono:

ATTENZIONE!!!
il registro dei programmi in esecuzione automatica è stato modificato
Il seguente programma è in esecuzione automatica

C:\WINDOWS|SYSTEM32|USERNIT.EXE,

Se il programma non è stato installato da te, allora si tratta di un programma SOSPETTO come un nuovo virus, blockdoor, trjan ecc, che si è installato in automatico.

Invia subito il file sospetto alla TG Soft per un controllo...


nella seconda finestra invece sempre stesso discorso solo che si trova in questa posizone:

C:\PROGRAMMI!FILECOMUNI|SERVICES|FCP.EXE

In più quelle voci di Winmx nel log...sono pericolose?

nuovo file log Hij..

Logfile of HijackThis v1.99.1
Scan saved at 20.06.14, on 06/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\VEXPLITE\MONLITE.EXE
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\IncrediMail\bin\IncMail.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\VEXPLITE\viritsvc.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\PROGRA~1\MSNMES~1\msnmsgr.exe
C:\Documents and Settings\Martina\Desktop\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 205.238.40.51 http://www.winmx.com err.winmx.com
O1 - Hosts: 205.238.40.2 test3201.winmx.com test3205.winmx.com
O1 - Hosts: 205.238.40.2 test3202.winmx.com test3206.winmx.com
O1 - Hosts: 205.238.40.1 test3203.winmx.com test3207.winmx.com
O1 - Hosts: 82.43.224.20 test3204.winmx.com test3208.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: DSLMON.lnk = C:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas http://www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
sgruntina
Utente Junior
 
Post: 52
Iscritto il: 01/11/06 01:12

Postdi Luke57 » 07/11/06 08:29

Ciao, la prima segnalzaione trascurala, l'altra invece vai a vedere quell'altro file in quella cartella se è di colore verde e se ce ne sono altri.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi galletto » 07/11/06 09:29

non ho capito molto bene...scusami ma so un pò duretta :P
galletto
Newbie
 
Post: 4
Iscritto il: 07/11/06 08:58

Prossimo

Torna a Sicurezza e Privacy


Topic correlati a "NON RIESCO AD APRIRE HijackThis":


Chi c’è in linea

Visitano il forum: Nessuno e 62 ospiti