Condividi:        

ho un problema mi aiutate??

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

ho un problema mi aiutate??

Postdi rastatoti » 09/06/07 08:39

in pratica ogni tanto il mio computer quando sono collegato ad internet ADSL flat TELE2 si scollega da slo senza motivo e in più nella schermata delle connessione oltre alla connessione TELE2 ogni tanto compare un'altra connessione sconosciuta..che devo fare??mi analizzaate il mio log??




Logfile of HijackThis v1.99.1
Scan saved at 9.39.04, on 09/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Apoint2K\Apoint.exe
C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe
C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe
C:\Programmi\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Programmi\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
C:\Programmi\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\Programmi\Apoint2K\Apntex.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\AliceMobileBroadband\DetectDatacard.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programmi\WLAN Technology Corporation\WLAN_802.11g_Utility\ZDWlan.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\DOCUME~1\Computer\IMPOST~1\Temp\Rar$EX00.047\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.panni.ianara.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MouseGest - {112AB43D-32C4-3B21-53BA-13A46743BC34} - C:\WINDOWS\system32\mousegex.dll
O2 - BHO: Web Mon - {7428F943-BC4F-4A39-3B43-AB433C523B34} - C:\WINDOWS\system32\WebMons.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Web Desk - {BD2E165D-1BC6-23AA-345B-1C234F173CBD} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PadTouch] C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [HWSetup] C:\Programmi\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Programmi\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TPNF] C:\Programmi\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [Tvs] C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [DDWMon] C:\Programmi\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DetectDatacard] C:\Programmi\AliceMobileBroadband\DetectDatacard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Soundlibs] C:\WINDOWS\soundlib.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: ZDWLan Utility.lnk = C:\Programmi\WLAN Technology Corporation\WLAN_802.11g_Utility\ZDWlan.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://unieuro.webex.com/client/T25L/webex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{859E50BB-DE93-4702-87C0-B4422F518F95}: NameServer = 193.12.150.2 212.247.152.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Unknown owner - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
rastatoti
Utente Junior
 
Post: 66
Iscritto il: 20/03/07 10:58

Sponsor
 

Postdi edo_aol » 09/06/07 08:50

fixa queste:
O4 - HKLM\..\Run: [Soundlibs] C:\WINDOWS\soundlib.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
se ce qualcosa altro da cancellare che io non vedo,posta il log qui http://www.hijackthis.de/it
che ti diranno cosa cancellare come se fosse un forum.
Avatar utente
edo_aol
Utente Senior
 
Post: 415
Iscritto il: 13/04/07 14:26

Postdi rastatoti » 09/06/07 13:38

ma hijack li elimina i file sospetti??o devo poi fare qualcos'altro per risolvere il problema???grazie a tutt ciao!
rastatoti
Utente Junior
 
Post: 66
Iscritto il: 20/03/07 10:58

Postdi edo_aol » 09/06/07 14:16

si li elimina.
avvia hijackthis e clicca su do a system scan e save logfile fara la scansione e spunti a sinistra le voci che ti ho detto con una x e premi sotto fix checked.
Avatar utente
edo_aol
Utente Senior
 
Post: 415
Iscritto il: 13/04/07 14:26

Postdi Luke57 » 09/06/07 14:22

Ciao, chi mi ha preceduto nel suggerimento ha notato tutto all'infuori dei....virus ;)

scarica AVENGER e decomprimilo sul desktop (estrai i file nel desktop)
http://swandog46.geekstogo.com/avenger.zip

- con un doppio click avvia il file avenger.exe
- Seleziona "Input Script Manually"
- Clicca sulla lente di ingrandimento

- Nella finestra che si aprirà "View/edit script"
- copia / incolla (Ctrl+V) quanto segue (in neretto):


registry keys to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7428F943-BC4F-4A39-3B43-AB433C523B34}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{112AB43D-32C4-3B21-53BA-13A46743BC34}

registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | Soundlibs

folders to delete:
C:\WINDOWS\temp

files to delete:
C:\WINDOWS\system32\mousegex.dll
C:\WINDOWS\system32\WebMons.dll
C:\WINDOWS\soundlib.exe


Clicca sul tasto Done
- Poi sull'icona del semaforo
- Rispondi Yes
Il pc dovrebbe riavviarsi ( se così non fosse, fallo tu)
Posta il log che verrà creato in C:\Avenger
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi edo_aol » 09/06/07 14:33

ma mi contraddici sempre mamma mia!!!!!!!!!!!!!!! :o :o :o :-? il fatto che sei un moderatore non ti da il diritto di comandare agli altri che danno un consiglio per risolvere il problema.
Avatar utente
edo_aol
Utente Senior
 
Post: 415
Iscritto il: 13/04/07 14:26

Postdi Mikizo » 09/06/07 15:31

edo_aol ha scritto:ma mi contraddici sempre mamma mia!!!!!!!!!!!!!!! :o :o :o :-? il fatto che sei un moderatore non ti da il diritto di comandare agli altri che danno un consiglio per risolvere il problema.


Qui non si tratta di contraddire, si tratta di correggere.

Stai costringendo lo staff ad un surplus di lavoro, continuando a dare suggerimenti sconclusionati e qualche volta anche dannosi.
Ti è stato chiesto più volte e da più persone dello staff di evitare di dare conmsigli a vanvera in questioni così delicate.
Voglio immaginare una tua assoluta buona fede, ma non ti sembra che se tale richiesta viene rivolta solo a te, forse ci sarà un motivo serio dietro?
Avatar utente
Mikizo
Download Admin
 
Post: 8517
Iscritto il: 05/01/02 01:00
Località: Outside

potete aiutarmi con questo log?

Postdi rastatoti » 02/01/09 13:42

in pratica ho il seguente problema: windows defender mi trova dei troyan,li rimuovo,poi quando mi dice di riavviare il computer,lo riavvio però poi una volta acceso ricompare il problema...come fare per risolverlo?


Logfile of HijackThis v1.99.1
Scan saved at 13.34.35, on 02/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\HP\QuickPlay\QPService.exe
C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\Nokia\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\McciTrayApp.exe
C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer.exe
C:\Programmi\InstallShield Installation Information\{2427F243-56D8-4AFE-B03B-1943036306D8}\DetectDatacard.exe
C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Messenger\msmsgs.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\WLAN Technology Corporation\WLAN_802.11g_Utility\ZDWlan.exe
C:\WINDOWS\explorer.exe
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\vittorio\IMPOST~1\Temp\Rar$EX00.828\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.montesario.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\rqRJDwXR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Programmi\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\McciTrayApp.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [DetectDatacard] C:\Programmi\InstallShield Installation Information\{2427F243-56D8-4AFE-B03B-1943036306D8}\DetectDatacard.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MsUpdate] C:\DOCUME~1\vittorio\IMPOST~1\Temp\shopbuilder.exe
O4 - HKLM\..\Run: [AutoUpdate_1] C:\WINDOWS\winlogon.exe
O4 - HKLM\..\Run: [AutoUpdate_2] C:\WINDOWS\service.exe
O4 - HKLM\..\Run: [AutoUpdate_3] C:\WINDOWS\iwedantar.exe
O4 - HKLM\..\Run: [AutoUpdate_4] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Startup: ZDWLan Utility.lnk = C:\Programmi\WLAN Technology Corporation\WLAN_802.11g_Utility\ZDWlan.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio rapido HP Photosmart Premier.lnk = C:\Programmi\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Nokia Nseries PC Suite.lnk = C:\Programmi\Nokia\NNPCS\RunLauncher.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=Q306&bd=presario&pf=laptop
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://rastatoti.spaces.live.com//Photo ... nPUpld.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - https://safe.tele2.com/inc/accounthelper.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: cbXOGYqo - cbXOGYqo.dll (file missing)
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: efcAQKAt - efcAQKAt.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: rqRJDwXR - C:\WINDOWS\SYSTEM32\rqRJDwXR.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\Nokia\PC Connectivity Solution\ServiceLayer.exe

spero mi possiate aiutare...grazie!
rastatoti
Utente Junior
 
Post: 66
Iscritto il: 20/03/07 10:58

Re: ho un problema mi aiutate??

Postdi MIKI68 » 02/01/09 16:15

Ciao fixia queste voci immediatamente:
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\rqRJDwXR.dll ( è un virus)
poi per velocizzare l'avvio:
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AutoUpdate_1] C:\WINDOWS\winlogon.exe
O4 - HKLM\..\Run: [AutoUpdate_3] C:\WINDOWS\iwedantar.exe
O4 - HKLM\..\Run: [AutoUpdate_4] C:\WINDOWS\svchost.exe
O20 - Winlogon Notify: cbXOGYqo - cbXOGYqo.dll (file missing)
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: efcAQKAt - efcAQKAt.dll (file missing)
O20 - Winlogon Notify: rqRJDwXR - C:\WINDOWS\SYSTEM32\rqRJDwXR.dll
Poi fai una bella pulizia con cclaner comunque hai il malware VUNDO dopo aver fixiato e pulito con cclaner rifai la scansione e vedi se ti trova qualcosa,se ti dovesse trovare qualcosa allora devi usare un tool specifico che ti posso dire in seguito, riposta il log dopo aver fixiato!!
Trucchi e impostazioni per un computer sempre efficiente http://miki68news.blogspot.com/
Avatar utente
MIKI68
Utente Senior
 
Post: 1732
Iscritto il: 17/10/08 15:26
Località: Bari

Re: ho un problema mi aiutate??

Postdi rastatoti » 02/01/09 16:18

Logfile of HijackThis v1.99.1
Scan saved at 16.17.22, on 02/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\HP\QuickPlay\QPService.exe
C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\McciTrayApp.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Programmi\InstallShield Installation Information\{2427F243-56D8-4AFE-B03B-1943036306D8}\DetectDatacard.exe
C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmi\Nokia\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\Messenger\msmsgs.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\WLAN Technology Corporation\WLAN_802.11g_Utility\ZDWlan.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\uTorrent\uTorrent.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\vittorio\IMPOST~1\Temp\Rar$EX00.562\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.montesario.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C81C6DC5-3C0C-40BC-A391-297DC7B84273} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Programmi\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\McciTrayApp.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [DetectDatacard] C:\Programmi\InstallShield Installation Information\{2427F243-56D8-4AFE-B03B-1943036306D8}\DetectDatacard.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MsUpdate] C:\DOCUME~1\vittorio\IMPOST~1\Temp\shopbuilder.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [AutoUpdate_2] C:\WINDOWS\service.exe
O4 - HKLM\..\Run: [AutoUpdate_1] C:\WINDOWS\winlogon.exe
O4 - HKLM\..\Run: [AutoUpdate_3] C:\WINDOWS\iwedantar.exe
O4 - HKLM\..\Run: [AutoUpdate_4] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Startup: ZDWLan Utility.lnk = C:\Programmi\WLAN Technology Corporation\WLAN_802.11g_Utility\ZDWlan.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio rapido HP Photosmart Premier.lnk = C:\Programmi\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Nokia Nseries PC Suite.lnk = C:\Programmi\Nokia\NNPCS\RunLauncher.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=Q306&bd=presario&pf=laptop
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://rastatoti.spaces.live.com//Photo ... nPUpld.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - https://safe.tele2.com/inc/accounthelper.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: mlJCTMCt - mlJCTMCt.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\Nokia\PC Connectivity Solution\ServiceLayer.exe


ecco il log dopo che ho fixiato...

per velocizzare l'avvio cosa devo fare?nn ho capito prima..però l'importante ora è che elimini i troyan..grazie!
rastatoti
Utente Junior
 
Post: 66
Iscritto il: 20/03/07 10:58

Re: ho un problema mi aiutate??

Postdi Luke57 » 02/01/09 16:33

Ciao, disattiva l'antivirus
scarica combofix sul desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Vai in start>esegui>nel box bianco copia e incolla, virgolette comprese:
"%userprofile%\desktop\combofix.exe" /killall
Premi OK, parte il programma che potrebbe impiegare molto (non fare altre manovre durante la scansione, se dovessero scomparire le icone sul desktop e la barra delle applicazioni, non è nulla di cui preoccuparsi),una volta terminata, se tutto è andato bene, in C:\ dovresti trovare il file combofix.txt , posta il contenuto del file.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: ho un problema mi aiutate??

Postdi rastatoti » 02/01/09 16:40

cos'è combofix?
rastatoti
Utente Junior
 
Post: 66
Iscritto il: 20/03/07 10:58

Re: ho un problema mi aiutate??

Postdi rastatoti » 02/01/09 16:54

aiutatemi però con combofix non ci sono riuscito..ciao
rastatoti
Utente Junior
 
Post: 66
Iscritto il: 20/03/07 10:58

Re: ho un problema mi aiutate??

Postdi MIKI68 » 02/01/09 17:12

L'infezione pare che sia andata via ma devi fixiare ancora altre voci :
O2 - BHO: (no name) - {C81C6DC5-3C0C-40BC-A391-297DC7B84273} - (no file)
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MsUpdate] C:\DOCUME~1\vittorio\IMPOST~1\Temp\shopbuilder.exe
O4 - HKLM\..\Run: [AutoUpdate_1] C:\WINDOWS\winlogon.exe
4 - HKLM\..\Run: [AutoUpdate_4] C:\WINDOWS\svchost.exe
O20 - Winlogon Notify: mlJCTMCt - mlJCTMCt.dll (file missing)
Dai fixiale e poi scarica combofix come dice Luke57
Trucchi e impostazioni per un computer sempre efficiente http://miki68news.blogspot.com/
Avatar utente
MIKI68
Utente Senior
 
Post: 1732
Iscritto il: 17/10/08 15:26
Località: Bari

Re: ho un problema mi aiutate??

Postdi rastatoti » 02/01/09 17:46

ComboFix 09-01-01.02 - vittorio 2009-01-02 17:29:03.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.1014.673 [GMT 1:00]
Eseguito da: c:\documents and settings\vittorio\desktop\combofix.exe
Interruttori di comando utilizzati :: /killall
* Resident AV is active


ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\vittorio\IMPOST~1\Temp\svchost.exe
c:\documents and settings\vittorio\Preferiti\Videos.url
c:\windows\system32\adfPrtwa.ini
c:\windows\system32\adfPrtwa.ini2
c:\windows\system32\BcMmnUtv.ini
c:\windows\system32\BcMmnUtv.ini2
c:\windows\system32\ddcYsrsq.dll
c:\windows\system32\hgGxXpop.dll
c:\windows\system32\Onmlknpo.ini
c:\windows\system32\Onmlknpo.ini2
c:\windows\system32\pmnmmJYO.dll
c:\windows\system32\qomxntdv.ini
c:\windows\system32\qsrsYcdd.ini
c:\windows\system32\qsrsYcdd.ini2
c:\windows\system32\uflykdoe.ini
c:\windows\winlogon.exe
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_VFILT


((((((((((((((((((((((((( Files Creati Da 2008-12-02 al 2009-01-02 )))))))))))))))))))))))))))))))))))
.

2009-01-02 16:50 . 2008-11-30 05:40 118,784 --a------ c:\windows\iwedantar.exe
2009-01-02 13:26 . 2009-01-02 13:26 502,368 --a------ c:\windows\system32\drivers\amon.sys
2009-01-02 13:26 . 2009-01-02 13:26 274,432 --a------ c:\windows\system32\imon.dll
2008-12-30 13:35 . 2008-12-30 13:07 33,846 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.bmp
2008-12-30 13:35 . 2008-12-30 13:35 33,846 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp DSP Effects.bmp
2008-12-30 13:35 . 2008-12-30 13:35 13,277 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2008-12-30 13:35 . 2008-12-30 13:35 8,453 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp DSP Effects.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 16:38 4,944 ----a-w c:\documents and settings\vittorio\Winio.sys
2009-01-02 16:29 --------- d-----w c:\programmi\ESET
2009-01-02 15:43 --------- d-----w c:\documents and settings\vittorio\Application Data\uTorrent
2009-01-02 09:34 --------- d-----w c:\programmi\uTorrent
2008-12-30 16:48 --------- d-----w c:\programmi\eMule
2008-11-10 13:14 --------- d-----w c:\programmi\Circle Developement
2008-06-11 11:45 31,056 ----a-w c:\documents and settings\vittorio\pnrwyyte.exe
2008-06-11 11:44 31,056 ----a-w c:\documents and settings\vittorio\wuwvasar.exe
2008-06-11 11:43 31,056 ----a-w c:\documents and settings\vittorio\zeebhvlv.exe
2008-01-25 17:32 32 ----a-w c:\documents and settings\All Users\Dati applicazioni\ezsid.dat
2008-06-16 11:40 36,089 --sha-r c:\windows\wksvcsc.exe
2008-09-23 14:00 32,768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008092320080924\index.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools"="c:\programmi\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856]
"PcSync"="c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\programmi\File comuni\Nokia\MPlatform\NokiaMServer" [X]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"hpWirelessAssistant"="c:\programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 761948]
"QPService"="c:\programmi\HP\QuickPlay\QPService.exe" [2006-04-11 102400]
"QlbCtrl"="c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 131072]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"SpeedTouch USB Diagnostics"="c:\programmi\Thomson\SpeedTouch USB\Dragdiag.exe" [2003-09-05 878080]
"EPSON Stylus DX4800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE" [2005-02-02 98304]
"PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AliceRE_McciTrayApp"="c:\progra~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\McciTrayApp.exe" [2006-11-21 936960]
"DetectDatacard"="c:\programmi\InstallShield Installation Information\{2427F243-56D8-4AFE-B03B-1943036306D8}\DetectDatacard.exe" [2006-06-16 24576]
"HP Software Update"="c:\programmi\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"nod32kui"="c:\programmi\Eset\nod32kui.exe" [2009-01-02 921600]
"AutoUpdate_3"="c:\windows\iwedantar.exe" [2008-11-30 118784]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 c:\windows\system32\CHDAudPropShortcut.exe]
"PD0630 STISvc"="P0630Pin.dll" [2005-06-05 c:\windows\system32\P0630Pin.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\vittorio\Menu Avvio\Programmi\Esecuzione automatica\
ZDWLan Utility.lnk - c:\programmi\WLAN Technology Corporation\WLAN_802.11g_Utility\ZDWlan.exe [2005-11-14 487424]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2008-03-15 217088]
Avvio rapido HP Photosmart Premier.lnk - c:\programmi\Hp\Digital Imaging\bin\hpqthb08.exe [2005-09-24 73728]
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
Nokia Nseries PC Suite.lnk - c:\programmi\Nokia\NNPCS\RunLauncher.exe [2008-01-14 679936]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\wjview.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:Porta TCP ooVoo 443
"443:UDP"= 443:UDP:*:Disabled:Porta UDP ooVoo 443
"37674:TCP"= 37674:TCP:*:Disabled:Porta TCP ooVoo 37674
"37674:UDP"= 37674:UDP:*:Disabled:Porta UDP ooVoo 37674
"37675:UDP"= 37675:UDP:*:Disabled:Porta UDP ooVoo 37675
"37676:TCP"= 37676:TCP:Porta TCP ooVoo 37676
"37676:UDP"= 37676:UDP:Porta UDP ooVoo 37676
"37677:UDP"= 37677:UDP:Porta UDP ooVoo 37677

R2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [2008-04-17 8192]
R2 WinDefend;Windows Defender;"c:\programmi\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\DRIVERS\P0630Vid.sys [2007-03-06 91841]
S3 {DEF85C80-216A-43ab-AF70-1665EDBE2780};{DEF85C80-216A-43ab-AF70-1665EDBE2780};\??\c:\windows\TEMP\3FB.tmp []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51490780-cbe6-11db-97fd-0090d0d69c5b}]
\Shell\AutoRun\command - F:\autorun.exe

*Newly Created Service* - WINIO
.
Contenuto della cartella 'Scheduled Tasks'

2008-09-17 c:\windows\Tasks\A9656C35918B1CA9.job
- c:\docume~1\vittorio\applic~1\dvdsty~1\Gram for fast.exe []

2009-01-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2009-01-02 c:\windows\Tasks\rzllrojm.job
- c:\windows\system32\rundll32.exe [2008-04-14 03:14]

2008-03-15 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORFÃOS REMOVIDOS - - - -

BHO-{C1F3A7EB-69E3-4571-BB04-90FB43AA06CA} - c:\windows\system32\ddcYsrsq.dll
HKLM-Run-AutoUpdate_2 - c:\windows\service.exe
ShellExecuteHooks-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)


.
------- Supplementare di scansione -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.montesario.it/
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
LSP: c:\windows\system32\imon.dll

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\Downloaded Program Files\Account.dll - O16 -: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4}
hxxps://safe.tele2.com/inc/accounthelper.cab
c:\windows\Downloaded Program Files\Account.inf
FF - ProfilePath - c:\documents and settings\vittorio\Application Data\Mozilla\Firefox\Profiles\ba709876.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - www.panni.ianara.it
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-02 17:40:18
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{DEF85C80-216A-43ab-AF70-1665EDBE2780}]
"ImagePath"="\??\c:\windows\TEMP\3FB.tmp"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'lsass.exe'(1012)
c:\windows\system32\imon.dll
c:\programmi\Eset\pr_imon.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
c:\programmi\ESET\nod32krn.exe
c:\programmi\Hewlett-Packard\Shared\hpqwmiex.exe
c:\programmi\Nokia\PC Connectivity Solution\ServiceLayer.exe
c:\programmi\File comuni\Nokia\MPlatform\NokiaMServer.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
c:\programmi\Alice ti aiuta\bin\mpbtn.exe
c:\progra~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
c:\programmi\Hp\Digital Imaging\bin\hpqimzone.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Ora fine scansione: 2009-01-02 17:43:59 - macchina è stato riavviato [vittorio]
ComboFix-quarantined-files.txt 2009-01-02 16:43:56

Pre-Run: 21,514,723,328 byte disponibili
Post-Run: 22,626,742,272 byte disponibili

200 --- E O F --- 2009-01-01 20:17:24


che devo fare ora?
rastatoti
Utente Junior
 
Post: 66
Iscritto il: 20/03/07 10:58

Re: ho un problema mi aiutate??

Postdi Luke57 » 02/01/09 19:10

Ciao, adesso apri un file di testo (start>esegui>notepad.exe (lo digiti nello spazio)>OK)
Aperto il file di testo, Ci incolli il seguente codice:

Codice: Seleziona tutto
Driver::
{DEF85C80-216A-43ab-AF70-1665EDBE2780}

File::
c:\windows\iwedantar.exe
c:\documents and settings\vittorio\pnrwyyte.exe
c:\documents and settings\vittorio\wuwvasar.exe
c:\documents and settings\vittorio\zeebhvlv.exe
c:\windows\wksvcsc.exe
F:\autorun.exe
c:\windows\Tasks\rzllrojm.job
c:\windows\Tasks\A9656C35918B1CA9.job

Folder::
c:\windows\TEMP

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51490780-cbe6-11db-97fd-0090d0d69c5b}]


chiamalo obbligatoriamente CFScript.txt e salvalo nella stessa direzione di combofix. Trascinalo con il puntatore del mouse sull'icona di combofix e il programma eseguirà automaticamente una nuova scansione. Al riavvio del computer posta il nuovo report.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: ho un problema mi aiutate??

Postdi rastatoti » 02/01/09 20:38

ComboFix 09-01-01.02 - vittorio 2009-01-02 20:23:42.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.1014.574 [GMT 1:00]
Eseguito da: c:\documents and settings\vittorio\Desktop\ComboFix.exe
Interruttori di comando utilizzati :: c:\documents and settings\vittorio\Desktop\CFScript.txt
* Resident AV is active


ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

FILE ::
c:\documents and settings\vittorio\pnrwyyte.exe
c:\documents and settings\vittorio\wuwvasar.exe
c:\documents and settings\vittorio\zeebhvlv.exe
c:\windows\iwedantar.exe
c:\windows\Tasks\A9656C35918B1CA9.job
c:\windows\Tasks\rzllrojm.job
c:\windows\wksvcsc.exe
F:\autorun.exe
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\vittorio\pnrwyyte.exe
c:\documents and settings\vittorio\wuwvasar.exe
c:\documents and settings\vittorio\zeebhvlv.exe
c:\windows\iwedantar.exe
c:\windows\Tasks\A9656C35918B1CA9.job
c:\windows\Tasks\rzllrojm.job
c:\windows\TEMP
c:\windows\TEMP\WGAErrLog.txt
c:\windows\TEMP\WGANotify.settings
c:\windows\wksvcsc.exe

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{DEF85C80-216A-43AB-AF70-1665EDBE2780}
-------\Service_{DEF85C80-216A-43ab-AF70-1665EDBE2780}


((((((((((((((((((((((((( Files Creati Da 2008-12-02 al 2009-01-02 )))))))))))))))))))))))))))))))))))
.

2009-01-02 13:26 . 2009-01-02 13:26 502,368 --a------ c:\windows\system32\drivers\amon.sys
2009-01-02 13:26 . 2009-01-02 13:26 274,432 --a------ c:\windows\system32\imon.dll
2008-12-30 13:35 . 2008-12-30 13:07 33,846 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.bmp
2008-12-30 13:35 . 2008-12-30 13:35 33,846 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp DSP Effects.bmp
2008-12-30 13:35 . 2008-12-30 13:35 13,277 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2008-12-30 13:35 . 2008-12-30 13:35 8,453 --a------ c:\windows\system32\SpoonUninstall-dBpoweramp DSP Effects.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 19:14 4,944 ----a-w c:\documents and settings\vittorio\Winio.sys
2009-01-02 16:29 --------- d-----w c:\programmi\ESET
2009-01-02 15:43 --------- d-----w c:\documents and settings\vittorio\Application Data\uTorrent
2009-01-02 09:34 --------- d-----w c:\programmi\uTorrent
2008-12-30 16:48 --------- d-----w c:\programmi\eMule
2008-11-10 13:14 --------- d-----w c:\programmi\Circle Developement
2008-01-25 17:32 32 ----a-w c:\documents and settings\All Users\Dati applicazioni\ezsid.dat
2008-09-23 14:00 32,768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008092320080924\index.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools"="c:\programmi\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856]
"PcSync"="c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\programmi\File comuni\Nokia\MPlatform\NokiaMServer" [X]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"hpWirelessAssistant"="c:\programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 761948]
"QPService"="c:\programmi\HP\QuickPlay\QPService.exe" [2006-04-11 102400]
"QlbCtrl"="c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 131072]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"SpeedTouch USB Diagnostics"="c:\programmi\Thomson\SpeedTouch USB\Dragdiag.exe" [2003-09-05 878080]
"EPSON Stylus DX4800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE" [2005-02-02 98304]
"PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AliceRE_McciTrayApp"="c:\progra~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\McciTrayApp.exe" [2006-11-21 936960]
"DetectDatacard"="c:\programmi\InstallShield Installation Information\{2427F243-56D8-4AFE-B03B-1943036306D8}\DetectDatacard.exe" [2006-06-16 24576]
"HP Software Update"="c:\programmi\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"nod32kui"="c:\programmi\Eset\nod32kui.exe" [2009-01-02 921600]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 c:\windows\system32\CHDAudPropShortcut.exe]
"PD0630 STISvc"="P0630Pin.dll" [2005-06-05 c:\windows\system32\P0630Pin.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\vittorio\Menu Avvio\Programmi\Esecuzione automatica\
ZDWLan Utility.lnk - c:\programmi\WLAN Technology Corporation\WLAN_802.11g_Utility\ZDWlan.exe [2005-11-14 487424]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2008-03-15 217088]
Avvio rapido HP Photosmart Premier.lnk - c:\programmi\Hp\Digital Imaging\bin\hpqthb08.exe [2005-09-24 73728]
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
Nokia Nseries PC Suite.lnk - c:\programmi\Nokia\NNPCS\RunLauncher.exe [2008-01-14 679936]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\wjview.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:Porta TCP ooVoo 443
"443:UDP"= 443:UDP:*:Disabled:Porta UDP ooVoo 443
"37674:TCP"= 37674:TCP:*:Disabled:Porta TCP ooVoo 37674
"37674:UDP"= 37674:UDP:*:Disabled:Porta UDP ooVoo 37674
"37675:UDP"= 37675:UDP:*:Disabled:Porta UDP ooVoo 37675
"37676:TCP"= 37676:TCP:Porta TCP ooVoo 37676
"37676:UDP"= 37676:UDP:Porta UDP ooVoo 37676
"37677:UDP"= 37677:UDP:Porta UDP ooVoo 37677

R2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [2008-04-17 8192]
R2 WinDefend;Windows Defender;"c:\programmi\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\DRIVERS\P0630Vid.sys [2007-03-06 91841]
.
Contenuto della cartella 'Scheduled Tasks'

2009-01-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2008-03-15 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORFÃOS REMOVIDOS - - - -

HKLM-Run-AutoUpdate_3 - c:\windows\iwedantar.exe


.
------- Supplementare di scansione -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.montesario.it/
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
LSP: c:\windows\system32\imon.dll

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\Downloaded Program Files\Account.dll - O16 -: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4}
hxxps://safe.tele2.com/inc/accounthelper.cab
c:\windows\Downloaded Program Files\Account.inf
FF - ProfilePath - c:\documents and settings\vittorio\Application Data\Mozilla\Firefox\Profiles\ba709876.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - www.panni.ianara.it
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-02 20:30:50
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'lsass.exe'(992)
c:\windows\system32\imon.dll
c:\programmi\Eset\pr_imon.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
c:\programmi\ESET\nod32krn.exe
c:\programmi\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\rundll32.exe
c:\programmi\File comuni\Nokia\MPlatform\NokiaMServer.exe
c:\programmi\Nokia\PC Connectivity Solution\ServiceLayer.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
c:\progra~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
c:\programmi\Alice ti aiuta\bin\mpbtn.exe
c:\programmi\Hp\Digital Imaging\bin\hpqimzone.exe
.
**************************************************************************
.
Ora fine scansione: 2009-01-02 20:36:39 - macchina è stato riavviato [vittorio]
ComboFix-quarantined-files.txt 2009-01-02 19:36:36
ComboFix2.txt 2009-01-02 16:44:00

Pre-Run: 22,602,895,360 byte disponibili
Post-Run: 22,594,392,064 byte disponibili

184 --- E O F --- 2009-01-01 20:17:24


e ora??grazie in anticipo
rastatoti
Utente Junior
 
Post: 66
Iscritto il: 20/03/07 10:58

Re: ho un problema mi aiutate??

Postdi Luke57 » 02/01/09 21:22

Ciao, il report è a posto, hai ancora problemi?
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: ho un problema mi aiutate??

Postdi rastatoti » 03/01/09 10:25

no infatti windows defender non mi dice più di aver trovato trojan..grazie mille dell'aiuto!buon anno!!!:-)
rastatoti
Utente Junior
 
Post: 66
Iscritto il: 20/03/07 10:58

Re: ho un problema mi aiutate??

Postdi rastatoti » 06/01/09 14:26

ciao,ho risolto il problema come ho scritto nell'ultimo messaggio però ora che ci penso,facendoci caso,non va più l'autoplay cioè quando inserisco un cd o un SD non si apre più l'autoplay.ho provato a riattivarlo schiacciando tasto destro e andando su proprietà ecc.ecc. ma niente..come mai?luke confido in te...ciao!
rastatoti
Utente Junior
 
Post: 66
Iscritto il: 20/03/07 10:58


Torna a Sicurezza e Privacy


Topic correlati a "ho un problema mi aiutate??":

problema blocco note
Autore: carlin
Forum: Software Windows
Risposte: 7

Chi c’è in linea

Visitano il forum: Nessuno e 30 ospiti