Condividi:        

hijackthis

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

hijackthis

Postdi Pompeo_3 » 14/02/09 21:41

Ciao, ho il pc che non mi reinstalla gli spyreware, però l'antivirus sembra funzioni bene, vi posto il log di hijackthis, e se potete aiutarmi a sapere cosa devo cancellare mi fareste un grosso piacere.
Vi ringrazio in anticipo
Pompeo
-----------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.35.12, on 14/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\VdCap03C\StillMnt.exe
C:\Programmi\Winamp\winampa.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\NotifyPhoneBook.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\OpenOffice.org 3\program\soffice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\OpenOffice.org 3\program\soffice.bin
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [StillMnt] WCamRmv.exe /StartStillMnt
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AdVantage Setup] C:\Programmi\Webteh\BSplayer\AdVantageSetup.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DivX Video Duplicator OLR] C:\PROGRA~1\DIVXVI~1\BVRPOlr.exe /DivX Video Duplicator
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\hidr.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Programmi\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B2BE75F3-9197-11CF-ABF4-08000996E931} (Autodesk WHIP! Control) - ftp://ftp.autodesk.com/pub/whip/english/whip.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4D8D902-51FF-45F5-A636-06B4591AF5AE}: NameServer = 85.255.116.135 85.255.112.9
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programmi\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (file missing)

--
End of file - 10631 bytes
Pompeo_3
Utente Junior
 
Post: 63
Iscritto il: 10/10/07 21:37

Sponsor
 

Re: hijackthis

Postdi shel » 14/02/09 21:51

ciao

molto probabilmente hai un bagle nel pc

lo vedo da questo ===> system32\drivers\hidr.exe

scarica http://www.zonavirus.com/datos/descarga ... ibagla.asp


se ci riesci vai in provvisoria, altrimenti lancia il programma da modalita' normale

Assicurati che la casella Eliminar Ficheros Automaticamente sia spuntata e clicca su Explorar
Posta il log C:\InfoSat.txt
Il download lo trovi in fondo alla pagina

poi.... scarica

http://dc108.4shared.com/download/75022 ... 1-de3379fb

Doppio click sull'icona Findykill per avviare l'installazione:
Inserisci la prima spunta per accettare la licenza e prosegui > Suivant
Clicca su "Si" per destinare una cartella al programma
Clicca su Dèmarrer > Quitter per terminare l'installazione.
Cerca l'icona del programma sul desktop o in programmi ed eseguilo
Dovrai usare prima il tasto 1 (invio) per la ricerca e successivamente il tanto 2 (invio) per la pulizia.
Il report delle operazioni effettuate lo trovarai in C:\FindyKill.txt
Allega il rapporto nella tua risposta
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: hijackthis

Postdi shel » 14/02/09 21:54

scusa dimenticavo

disattiva il tuo antivirus(ammesso che funzioni ancora) prima del download di findkill
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: hijackthis

Postdi Pompeo_3 » 14/02/09 22:42

Ecco:
1)

Sat Feb 14 22:17:27 2009
EliBagle v12.22 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 13 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):

Sat Feb 14 22:17:56 2009
EliBagle v12.22 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 13 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 7612
Nº Total de Ficheros: 93214
Nº de Ficheros Analizados: 14294
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

2)


----------------- FindyKill V4.707 ------------------

* User : Andrea - XXX-YYY
* Emplacement : C:\Programmi\FindyKill
* Outils Mis a jours le 06/12/08 par Chiquitine29
* Recherche effectuée à 22:35:42 le 14/02/2009
* Windows XP - Internet Explorer 7.0.5730.11

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\VdCap03C\StillMnt.exe
C:\Programmi\Winamp\winampa.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\NotifyPhoneBook.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\OpenOffice.org 3\program\soffice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\OpenOffice.org 3\program\soffice.bin
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\NOTEPAD.EXE

--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:

Found ! [14/02/2009 22.29] - C:\InfoSat.txt

»»»» Presence des fichiers dans C:\WINDOWS


»»»» Presence des fichiers dans C:\WINDOWS\Prefetch


»»»» Presence des fichiers dans C:\WINDOWS\system32


»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers


»»»» Presence des fichiers dans C:\Documents and Settings\Andrea\Dati applicazioni


»»»» Presence des fichiers dans C:\DOCUME~1\Andrea\IMPOST~1\Temp


»»»» Presence des fichiers dans C:\Documents and Settings\Andrea\Local Settings\Temporary Internet Files\Content.IE5

Found ! [14/02/2009 11.57] - C:\Documents and Settings\Andrea\Impostazioni locali\Temporary Internet Files\Content.IE5\UKOS1QF7\5b648f859eb8adcT[1].jpg
Found ! [14/02/2009 11.54] - C:\Documents and Settings\Andrea\Impostazioni locali\Temporary Internet Files\Content.IE5\UKOS1QF7\94f491d64db6452T[1].jpg

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
MessengerPlus3="C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart
MSMSGS="C:\Programmi\Messenger\msmsgs.exe" /background
msnmsgr="C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}="C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Cmaudio=RunDll32 cmicnfg.cpl,CMICtrlWnd
AME_CSA=rundll32 amecsa.cpl,RUN_DLL
StillMnt=WCamRmv.exe /StartStillMnt
SunJavaUpdateSched="C:\Programmi\Java\jre6\bin\jusched.exe"
EPSON Stylus D68 Series=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz=nwiz.exe /install
NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
Logitech Hardware Abstraction Layer=KHALMNPR.EXE
WinampAgent=C:\Programmi\Winamp\winampa.exe
ZoneAlarm Client="C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
NeroFilterCheck=C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
AdVantage Setup=C:\Programmi\Webteh\BSplayer\AdVantageSetup.exe
Adobe Reader Speed Launcher="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
DivX Video Duplicator OLR=C:\PROGRA~1\DIVXVI~1\BVRPOlr.exe /DivX Video Duplicator
TkBellExe="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

[HKEY_CURRENT_USER\software\local appwizard-generated applications\MMDiag]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\roxregister]

--------------- [ Registre / Clés infectieuses ] ----------------



--------------- [ Etat / Services ] ----------------



+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

EapHost - Type de démarrage = 3

Ip6Fw - Type de démarrage = 3

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

wscsvc - Type de démarrage = 2



--------------- [ Recherche dans supports amovibles] ----------------


+- Informations :

C: - Unit… fissa

E: - Unit… CD-ROM


+- Contenu de l'autorun : E:\autorun.inf

[autorun]
open=Win_Magazine.exe
icon=win.ico


+- presence des fichiers :

Found ! [01/12/2008 17.32][-r-h-----] - E:\autorun.inf
Found ! [20/03/2007 17.55][-r-h-----] - E:\info.exe


--------------- [ Registre / Mountpoint2 ] ----------------


-> Not found !


------------------- ! Fin du rapport ! --------------------


Se c'è qualcosa da fare ditemelo pure, vi ringrazio in anticipo :)
Pompeo_3
Utente Junior
 
Post: 63
Iscritto il: 10/10/07 21:37

Re: hijackthis

Postdi shel » 14/02/09 22:48

riesegui findkill e scegli l'opzione 2

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Digita 1 premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC e attendere pazientemente la fine delle operazioni.
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: hijackthis

Postdi shel » 14/02/09 22:56

mi raccomando posta il report di findkill opzione 2
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: hijackthis

Postdi Pompeo_3 » 14/02/09 23:28

ecco:
1)



----------------- FindyKill V4.707 ------------------

* User : Andrea - XXX-YYY
* executed from : C:\Programmi\FindyKill
* Update on 06/12/08 par Chiquitine29
* Start at 22:50:44 the 14/02/2009
* Windows XP - Internet Explorer 7.0.5730.11


((((((((((((((( *** deleting *** ))))))))))))))))))


--------------- [ Active Processes ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\WgaTray.exe

--------------- [ Infected files / folders ] ----------------


»»»» Supression files in C:

Deleted ! - C:\InfoSat.txt

»»»» Supression files in C:\WINDOWS


»»»» Supression files in C:\WINDOWS\Prefetch


»»»» Supression files in C:\WINDOWS\system32


»»»» Supression files in C:\WINDOWS\system32\drivers


»»»» Supression files in C:\Documents and Settings\Andrea\Dati applicazioni


»»»» Supression files in C:\DOCUME~1\Andrea\IMPOST~1\Temp


»»»» Supression files in C:\Documents and Settings\Andrea\Local Settings\Temporary Internet Files\Content.IE5

Deleted ! - C:\Documents and Settings\Andrea\Impostazioni locali\Temporary Internet Files\Content.IE5\UKOS1QF7\5b648f859eb8adcT[1].jpg
Deleted ! - C:\Documents and Settings\Andrea\Impostazioni locali\Temporary Internet Files\Content.IE5\UKOS1QF7\94f491d64db6452T[1].jpg

--------------- [ Registry / Infected keys ] ----------------


--------------- [ States / Restarting of services ] ----------------



+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

EapHost - Type of startup = 2

Ip6Fw - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2


--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Unit… fissa

E: - Unit… CD-ROM


+- deleting files :

Not deleted !! - E:\autorun.inf
Not deleted !! - E:\info.exe

--------------- [ Registry / Mountpoint2 ] ----------------


-> Not found !


--------------- [ Searching Cracks / Keygen ] ----------------

C:\Documents and Settings\Andrea\Desktop\gis ARCVIEW 8.1\SOFTWARE CAD-GIS - ESRI ArcView v8.1-CD1(cue+bin+crack).rar


---------------- ! End of report ! ------------------


2)

ComboFix 09-02-12.03 - Andrea 2009-02-14 23.07.49.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.511.211 [GMT 1:00]
Eseguito da: c:\documents and settings\Andrea\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090214-0] *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *enabled*
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((( Files Creati Da 2009-01-14 al 2009-02-14 )))))))))))))))))))))))))))))))))))
.

2009-02-14 22:33 . 2009-02-14 22:54 <DIR> d-------- c:\programmi\FindyKill
2009-02-14 21:26 . 2009-02-14 21:26 <DIR> d-------- c:\programmi\Trend Micro
2009-01-16 01:05 . 2008-08-14 14:22 2,192,896 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-16 01:05 . 2008-08-14 14:22 2,148,864 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-16 01:05 . 2008-08-14 14:22 2,069,760 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-16 01:05 . 2008-08-14 14:22 2,027,520 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-16 01:05 . 2008-09-15 16:24 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-01-16 01:05 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-16 01:05 . 2008-12-11 11:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2009-01-16 01:03 . 2008-09-04 18:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2009-01-16 01:03 . 2008-10-15 17:36 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-14 20:08 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-02-14 14:24 --------- d-----w c:\programmi\eMule
2009-02-08 00:17 --------- d-----w c:\programmi\Messenger Plus! Live
2009-02-07 02:00 --------- d-----w c:\programmi\mIrc
2009-02-02 00:55 --------- d-----w c:\documents and settings\Andrea\Dati applicazioni\Skype
2009-01-05 01:47 --------- d-----w c:\programmi\File comuni\xing shared
2009-01-05 01:47 --------- d-----w c:\programmi\File comuni\Real
2009-01-01 16:11 --------- d-----w c:\programmi\CCleaner
2008-12-31 00:22 --------- d-----w c:\documents and settings\Andrea\Dati applicazioni\BSplayer
2008-12-13 15:44 410,984 ----a-w c:\windows\system32\deploytk.dll
2001-11-23 04:08 712,704 ----a-r c:\windows\inf\OTHER\AUDIO3D.DLL
2007-09-09 16:32 7,520 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-09-23 12:47 32,768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008092320080924\index.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MessengerPlus3"="c:\programmi\MessengerPlus! 3\MsgPlus.exe" [2006-09-30 190024]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-14 1695232]
"msnmsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-12-13 136600]
"EPSON Stylus D68 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE" [2005-01-25 98304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 6803456]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-06-15 86016]
"WinampAgent"="c:\programmi\Winamp\winampa.exe" [2007-05-14 35328]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"DivX Video Duplicator OLR"="c:\progra~1\DIVXVI~1\BVRPOlr.exe" [2003-06-12 49152]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2009-01-05 185872]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"AME_CSA"="amecsa.cpl" [2002-04-29 c:\windows\system32\AmeCSA.cpl]
"nwiz"="nwiz.exe" [2005-06-15 c:\windows\system32\nwiz.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Andrea\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 3.0.lnk - c:\programmi\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Logitech SetPoint.lnk - c:\programmi\Logitech\SetPoint\SetPoint.exe [2006-03-12 450560]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]
WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2005-06-15 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\XStyle v2\\XStyle.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\mIrc\\mirc.exe"=
"c:\\Programmi\\NetMeeting\\conf.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Alwil Software\\Avast4\\ashAvast.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\Lavasoft\\Ad-Aware\\Ad-Aware.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-20 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-20 20560]
R3 AmeAtmPc;AmeAtmPc;c:\windows\system32\drivers\ameatmpc.sys [2005-06-11 110839]
S3 AtmElan;LAN ATM emulata;c:\windows\system32\drivers\atmlane.sys [2002-09-10 55808]
S3 AtmLane;Emulazione LAN ATM;c:\windows\system32\drivers\atmlane.sys [2002-09-10 55808]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programmi\MAGIX\Common\Database\bin\fbserver.exe [2007-09-15 1527900]
.
Contenuto della cartella 'Scheduled Tasks'

2009-02-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-ZoneAlarm Client - c:\programmi\Zone Labs\ZoneAlarm\zlclient.exe
HKLM-Run-AdVantage Setup - c:\programmi\Webteh\BSplayer\AdVantageSetup.exe
HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-Run-StillMnt - WCamRmv.exe


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Andrea\Dati applicazioni\Mozilla\Firefox\Profiles\6txvkwq5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Earth Resource Mapping\Image Web Server\Firefox Plug-in\NP_NCS6.dll
FF - plugin: c:\programmi\Earth Resource Mapping\Image Web Server\Firefox Plug-in\NP_NCSPB6.dll
FF - plugin: c:\programmi\Earth Resource Mapping\Image Web Server\Firefox Plug-in\NP_NCSTB6.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-14 23:09:29
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2009-02-14 23.23.48
ComboFix-quarantined-files.txt 2009-02-14 22:23:44

Pre-Run: 32.232.812.544 byte disponibili
Post-Run: 32,010,506,240 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

143 --- E O F --- 2009-01-16 01:10:10
Pompeo_3
Utente Junior
 
Post: 63
Iscritto il: 10/10/07 21:37

Re: hijackthis

Postdi shel » 14/02/09 23:45

hai tolto una tonnellata di infezioni - prova a disinstallare il tuo antivirus e fai una nuova installazione



riattiva i Servizi che il virus ha disattivato.

fai in questo modo:
Start\Esegui\SERVICES.MSC
Cerca questi Servizi:
Centro sicurezza PC.
Aggiornamenti automatici.
Connessioni di rete.
Zero Configuration reti senza fili.
Windows Firewall/ Condivisione connessione Internet (ICS).
Se ne trovi qualcuno disattivato lo devi riattivare cosi:
Clicca con il tasto destro sul Servizio,Proprietà\Tipo di avvio: Automatico\ Ok\ Avvia\ Ok.
DEVI RIAVVIARE IL PC perchè le modifiche vengano confermate.



Appena finito, scarica Avenger da qui

http://swandog46.geekstogo.com/avenger.zip

dopo averlo installato, lancialo e copia quello che e' scritto in rosso(fai copia\incolla)


Files to delete:
%SystemDrive%\WINDOWS\system32\drivers\hidr.exe
%SystemDrive%\WINDOWS\system32\drivers\srosa.sys
%SystemDrive%\WINDOWS\system32\wintems.exe
%SystemDrive%\WINDOWS\system32\hldrrr.exe
%SystemDrive%\WINDOWS\system32\trusted.exe
%SystemDrive%\WINDOWS\system32\drivers\pci32.sys
%UserProfile%\Dati applicazioni\hidires\hidr.exe
%UserProfile%\Dati applicazioni\hidires\rosa.sys
%UserProfile%\Dati applicazioni\m\list.oct
%UserProfile%\Dati applicazioni\m\data.oct
%UserProfile%\Dati applicazioni\m\flec006.exe
%UserProfile%\Dati applicazioni\m\svrlist.oct
%SystemDrive%\system32\re_file.exe
%SystemDrive%\elist.xpt
%UserProfile%\Dati applicazioni\hidires\m_hook.sys
%SystemDrive%\WINDOWS\system32\drivers\hldrrr.exe
%SystemDrive%\WINDOWS\system32\drivers\hldrrr.ex_
%SystemDrive%\WINDOWS\system32\mdelk.exe
%SystemDrive%\WINDOWS\system32\drivers\mdelk.exe
%SystemDrive%\WINDOWS\system32\drivers\pci32.sys
%SystemDrive%\WINDOWS\system32\edlm.exe
%SystemDrive%\WINDOWS\system32\edlm2.exe
%SystemDrive%\Windows\system32\ldR64.dll
%SystemDrive%\WINDOWS\system32\german.exe
%SystemDrive%\WINDOWS\system32\drivers\srosa.sys.XXX
%SystemDrive%\WINDOWS\system32\mdelk.exe.XXX
%SystemDrive%\WINDOWS\system32\wintems.exe.XXX
%SystemDrive%\WINDOWS\system32\1.exe

Folders to delete:
%SystemDrive%\WINDOWS\exefqd
%SystemDrive%\WINDOWS\exefnd
%SystemDrive%\WINDOWS\exefld
%UserProfile%\Dati applicazioni\hidires
%UserProfile%\Dati applicazioni\hidn
%UserProfile%\Dati applicazioni\m\shared
%UserProfile%\Dati applicazioni\m
%SystemDrive%\WINDOWS\System32\drivers\down
%SystemDrive%\WINDOWS\system32\drivers\downld

Registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
HKLM\SYSTEM\CurrentControlSet\Services\pci32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32
HKLM\SYSTEM\CurrentControlSet\Services\rosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_rosa
HKLM\SYSTEM\CurrentControlSet\Services\m_hook
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK
HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA
HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ldr64

Registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | hldrrr
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | drvsyskit
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | german.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | drv_st_key

Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

Drivers to disable:
%SystemDrive%\WINDOWS\system32\drivers\hidr.exe
%SystemDrive%\WINDOWS\system32\drivers\srosa.sys
%SystemDrive%\WINDOWS\system32\drivers\pci32.sys
%SystemDrive%\WINDOWS\system32\drivers\hldrrr.exe
%SystemDrive%\WINDOWS\system32\drivers\mdelk.exe

Spunta "Automatically disable any rootkits found" e clicca su "execute".
Il pc dovrebbe riavviarsi da solo, altrimenti riavvialo tu. Posta il report rilasciato lo trovi in c:\avenger.




Spunta "Automatically disable any rootkits found"

clicca sul pulsante "Execute"
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente

posta il log di avenger che trovi in c:\
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: hijackthis

Postdi Pompeo_3 » 15/02/09 00:13

Dopo che mi sono venute diverse schermate blu ed ho riavviato più volte il pc mi si è riavviato xp e mi è venuta questa schermata (che non dev'essere bella mi sa) :(

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\iichmwve

*******************

Script file located at: \??\C:\rqhqrghu.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\drivers\hidr.exe deleted successfully.
File C:\WINDOWS\system32\drivers\srosa.sys deleted successfully.
File C:\WINDOWS\system32\wintems.exe deleted successfully.


File C:\WINDOWS\system32\hldrrr.exe not found!
Deletion of file C:\WINDOWS\system32\hldrrr.exe failed!

Could not process line:
C:\WINDOWS\system32\hldrrr.exe
Status: 0xc0000034



File C:\WINDOWS\system32\trusted.exe not found!
Deletion of file C:\WINDOWS\system32\trusted.exe failed!

Could not process line:
C:\WINDOWS\system32\trusted.exe
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\pci32.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\pci32.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\pci32.sys
Status: 0xc0000034



File C:\windows\system32\drivers\hldrrr.exe not found!
Deletion of file C:\windows\system32\drivers\hldrrr.exe failed!

Could not process line:
C:\windows\system32\drivers\hldrrr.exe
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\hldrrr.ex_ not found!
Deletion of file C:\WINDOWS\system32\drivers\hldrrr.ex_ failed!

Could not process line:
C:\WINDOWS\system32\drivers\hldrrr.ex_
Status: 0xc0000034



File C:\WINDOWS\system32\mdelk.exe not found!
Deletion of file C:\WINDOWS\system32\mdelk.exe failed!

Could not process line:
C:\WINDOWS\system32\mdelk.exe
Status: 0xc0000034

File C:\Documents and Settings\Andrea\Dati applicazioni\Sun\Java\Deployment\cache\6.0\22\101eee96-3863a7e2 deleted successfully.
File C:\Documents and Settings\Andrea\Dati applicazioni\Sun\Java\Deployment\cache\6.0\52\7e615cf4-1548ff56 deleted successfully.
File C:\Documents and Settings\Andrea\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-3c6cf086-774c82ca.zip deleted successfully.


Folder C:\WINDOWS\exefnd not found!
Deletion of folder C:\WINDOWS\exefnd failed!

Could not process line:
C:\WINDOWS\exefnd
Status: 0xc0000034

Folder C:\WINDOWS\exefld deleted successfully.


Folder C:\WINDOWS\system32\drivers\down not found!
Deletion of folder C:\WINDOWS\system32\drivers\down failed!

Could not process line:
C:\WINDOWS\system32\drivers\down
Status: 0xc0000034

Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA deleted successfully.


Registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\pci32
Status: 0xc0000034



Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\WINDOWS\system32\drivers\hidr.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\hidr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\drivers\srosa.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\srosa.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\wintems.exe" not found!
Deletion of file "C:\WINDOWS\system32\wintems.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\hldrrr.exe" not found!
Deletion of file "C:\WINDOWS\system32\hldrrr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\trusted.exe" not found!
Deletion of file "C:\WINDOWS\system32\trusted.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\drivers\pci32.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\pci32.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open file "C:\Documents and Settings\Andrea\Dati applicazioni\hidires\hidr.exe"
Deletion of file "C:\Documents and Settings\Andrea\Dati applicazioni\hidires\hidr.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "C:\Documents and Settings\Andrea\Dati applicazioni\hidires\rosa.sys"
Deletion of file "C:\Documents and Settings\Andrea\Dati applicazioni\hidires\rosa.sys" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "C:\Documents and Settings\Andrea\Dati applicazioni\m\list.oct"
Deletion of file "C:\Documents and Settings\Andrea\Dati applicazioni\m\list.oct" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "C:\Documents and Settings\Andrea\Dati applicazioni\m\data.oct"
Deletion of file "C:\Documents and Settings\Andrea\Dati applicazioni\m\data.oct" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "C:\Documents and Settings\Andrea\Dati applicazioni\m\flec006.exe"
Deletion of file "C:\Documents and Settings\Andrea\Dati applicazioni\m\flec006.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "C:\Documents and Settings\Andrea\Dati applicazioni\m\svrlist.oct"
Deletion of file "C:\Documents and Settings\Andrea\Dati applicazioni\m\svrlist.oct" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "C:\system32\re_file.exe"
Deletion of file "C:\system32\re_file.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: file "C:\elist.xpt" not found!
Deletion of file "C:\elist.xpt" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open file "C:\Documents and Settings\Andrea\Dati applicazioni\hidires\m_hook.sys"
Deletion of file "C:\Documents and Settings\Andrea\Dati applicazioni\hidires\m_hook.sys" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: file "C:\WINDOWS\system32\drivers\hldrrr.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\hldrrr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\drivers\hldrrr.ex_" not found!
Deletion of file "C:\WINDOWS\system32\drivers\hldrrr.ex_" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\mdelk.exe" not found!
Deletion of file "C:\WINDOWS\system32\mdelk.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\drivers\mdelk.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\mdelk.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\drivers\pci32.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\pci32.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\edlm.exe" not found!
Deletion of file "C:\WINDOWS\system32\edlm.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\edlm2.exe" not found!
Deletion of file "C:\WINDOWS\system32\edlm2.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\Windows\system32\ldR64.dll" not found!
Deletion of file "C:\Windows\system32\ldR64.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\german.exe" not found!
Deletion of file "C:\WINDOWS\system32\german.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\drivers\srosa.sys.XXX" not found!
Deletion of file "C:\WINDOWS\system32\drivers\srosa.sys.XXX" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\mdelk.exe.XXX" not found!
Deletion of file "C:\WINDOWS\system32\mdelk.exe.XXX" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\wintems.exe.XXX" not found!
Deletion of file "C:\WINDOWS\system32\wintems.exe.XXX" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\1.exe" not found!
Deletion of file "C:\WINDOWS\system32\1.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: folder "C:\WINDOWS\exefqd" not found!
Deletion of folder "C:\WINDOWS\exefqd" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: folder "C:\WINDOWS\exefnd" not found!
Deletion of folder "C:\WINDOWS\exefnd" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: folder "C:\WINDOWS\exefld" not found!
Deletion of folder "C:\WINDOWS\exefld" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: folder "C:\Documents and Settings\Andrea\Dati applicazioni\hidires" not found!
Deletion of folder "C:\Documents and Settings\Andrea\Dati applicazioni\hidires" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: folder "C:\Documents and Settings\Andrea\Dati applicazioni\hidn" not found!
Deletion of folder "C:\Documents and Settings\Andrea\Dati applicazioni\hidn" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open folder "C:\Documents and Settings\Andrea\Dati applicazioni\m\shared"
Deletion of folder "C:\Documents and Settings\Andrea\Dati applicazioni\m\shared" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: folder "C:\Documents and Settings\Andrea\Dati applicazioni\m" not found!
Deletion of folder "C:\Documents and Settings\Andrea\Dati applicazioni\m" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: folder "C:\WINDOWS\System32\drivers\down" not found!
Deletion of folder "C:\WINDOWS\System32\drivers\down" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: folder "C:\WINDOWS\system32\drivers\downld" not found!
Deletion of folder "C:\WINDOWS\system32\drivers\downld" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Services\srosa" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Services\srosa" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Services\pci32" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Services\pci32" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Services\rosa" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Services\rosa" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_rosa" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_rosa" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Services\m_hook" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Services\m_hook" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open driver "%SystemDrive%\WINDOWS\system32\drivers\hidr.exe"
Disablement of driver "%SystemDrive%\WINDOWS\system32\drivers\hidr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open driver "%SystemDrive%\WINDOWS\system32\drivers\srosa.sys"
Disablement of driver "%SystemDrive%\WINDOWS\system32\drivers\srosa.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open driver "%SystemDrive%\WINDOWS\system32\drivers\pci32.sys"
Disablement of driver "%SystemDrive%\WINDOWS\system32\drivers\pci32.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open driver "%SystemDrive%\WINDOWS\system32\drivers\hldrrr.exe"
Disablement of driver "%SystemDrive%\WINDOWS\system32\drivers\hldrrr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open driver "%SystemDrive%\WINDOWS\system32\drivers\mdelk.exe"
Disablement of driver "%SystemDrive%\WINDOWS\system32\drivers\mdelk.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Warning: HKLM\Software did not load within MAX_WAIT_ITERATIONS


Error: registry key "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ldr64" not found!
Deletion of registry key "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ldr64" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr"
Deletion of registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|hldrrr" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|drvsyskit"
Deletion of registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|drvsyskit" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|german.exe"
Deletion of registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|german.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|drv_st_key"
Deletion of registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|drv_st_key" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: parent registry key for value "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs" not found!
Replacement with dummy of registry value "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.
Pompeo_3
Utente Junior
 
Post: 63
Iscritto il: 10/10/07 21:37

Re: hijackthis

Postdi shel » 15/02/09 00:21

avenger ha tolto qualche rimasuglio - fammi sapere se il pc ha ripreso un po' e dimmmi se hai riabilitato i servizi

ci aggiorniamo a domani mattina dopo le 10

mi bruciano gli occhi
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: hijackthis

Postdi Pompeo_3 » 15/02/09 00:28

Spybot Search & Destroy non me lo fa installa ancora... :(
Per il resto vedo il pc più veloce.
Grazie mille Shel, ci sentiamo domani
Pompeo_3
Utente Junior
 
Post: 63
Iscritto il: 10/10/07 21:37

Re: hijackthis

Postdi shel » 15/02/09 10:15

rieccomi.....

per favore fammi queste scansioni;

Scarica Lop S&D | http://eric.71.mespages.googlepages.com/LopSD.exe
con tutte le applicazioni chiuse e disconnesso
doppio click su LopSD
scegli la lingua E (invio)
1 (ricerca) invio

al termine dello scan riavvia LopSD
questa volta scegli l'opzione 2 (invio)



vai qui ===> http://www.bitdefender.com/scan8/ie.html

fai una scansione online - per farla devi usare internet explorer - posta i risultati che otterrai
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: hijackthis

Postdi Pompeo_3 » 15/02/09 14:28

Questo è uno...fra poco arriverà l'altro..


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Sempron(tm) 2800+ )
BIOS : Default System BIOS
USER : Andrea ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1335 [VPS 090214-0] 4.8.1335 (Activated)
Firewall : ZoneAlarm Firewall 7.0.362.000 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:76 Go (Free:29 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 15/02/2009|13.46 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

-
[ Hosts file ] .. Restored!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in DATIAP~1

[18/09/2008|10.36] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Adobe
[06/02/2008|19.46] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Apple
[20/06/2007|22.05] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Google
[13/01/2008|04.09] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Grisoft
[24/01/2008|17.14] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Kaspersky Lab
[17/10/2008|23.17] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Lavasoft
[15/09/2007|20.30] C:\DOCUME~1\ALLUSE~1\DATIAP~1\MAGIX
[05/09/2007|14.43] C:\DOCUME~1\ALLUSE~1\DATIAP~1\MailFrontier
[14/01/2006|23.09] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Messenger Plus!
[10/10/2007|19.45] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Microsoft
[03/09/2007|14.34] C:\DOCUME~1\ALLUSE~1\DATIAP~1\muvee Technologies
[11/09/2007|17.07] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Nero
[14/02/2009|21.08] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Spybot - Search & Destroy
[09/10/2005|19.33] C:\DOCUME~1\ALLUSE~1\DATIAP~1\UDL
[27/07/2006|16.10] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Windows Genuine Advantage
[15/03/2008|20.27] C:\DOCUME~1\ALLUSE~1\DATIAP~1\WLInstaller
[21/02/2007|22.26] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Yahoo! Companion
[0|File] C:\DOCUME~1\ALLUSE~1\DATIAP~1\byte
[19|Directory] C:\DOCUME~1\ALLUSE~1\DATIAP~1\byte disponibili

[21/12/2007|01.46] C:\DOCUME~1\Andrea\DATIAP~1\Adobe
[28/01/2008|01.05] C:\DOCUME~1\Andrea\DATIAP~1\AdobeUM
[13/09/2007|20.29] C:\DOCUME~1\Andrea\DATIAP~1\Ahead
[05/09/2007|21.52] C:\DOCUME~1\Andrea\DATIAP~1\Apple Computer
[20/10/2005|19.48] C:\DOCUME~1\Andrea\DATIAP~1\ArcSoft
[31/12/2008|01.22] C:\DOCUME~1\Andrea\DATIAP~1\BSplayer
[30/06/2008|16.31] C:\DOCUME~1\Andrea\DATIAP~1\BSplayer Pro
[12/12/2008|19.14] C:\DOCUME~1\Andrea\DATIAP~1\Canon
[04/07/2006|01.35] C:\DOCUME~1\Andrea\DATIAP~1\COWON
[06/09/2005|22.36] C:\DOCUME~1\Andrea\DATIAP~1\Earth Resource Mapping
[14/09/2008|01.00] C:\DOCUME~1\Andrea\DATIAP~1\Google
[07/02/2008|02.03] C:\DOCUME~1\Andrea\DATIAP~1\gtk-2.0
[25/07/2005|14.46] C:\DOCUME~1\Andrea\DATIAP~1\Help
[09/06/2005|22.19] C:\DOCUME~1\Andrea\DATIAP~1\Identities
[10/10/2007|19.45] C:\DOCUME~1\Andrea\DATIAP~1\Lavasoft
[12/03/2006|20.24] C:\DOCUME~1\Andrea\DATIAP~1\Logitech
[28/10/2006|22.36] C:\DOCUME~1\Andrea\DATIAP~1\Macromedia
[28/09/2007|23.43] C:\DOCUME~1\Andrea\DATIAP~1\MAGIX
[13/01/2008|04.08] C:\DOCUME~1\Andrea\DATIAP~1\Microsoft
[11/06/2005|00.59] C:\DOCUME~1\Andrea\DATIAP~1\Microsoft Web Folders
[18/10/2008|15.38] C:\DOCUME~1\Andrea\DATIAP~1\Mozilla
[09/09/2007|17.29] C:\DOCUME~1\Andrea\DATIAP~1\muvee Technologies
[07/12/2008|07.57] C:\DOCUME~1\Andrea\DATIAP~1\OpenOffice.org
[07/12/2008|07.45] C:\DOCUME~1\Andrea\DATIAP~1\OpenOffice.org2
[05/01/2009|02.49] C:\DOCUME~1\Andrea\DATIAP~1\Real
[13/01/2008|03.24] C:\DOCUME~1\Andrea\DATIAP~1\Roxio
[02/02/2009|01.55] C:\DOCUME~1\Andrea\DATIAP~1\Skype
[22/06/2005|15.33] C:\DOCUME~1\Andrea\DATIAP~1\Sun
[07/09/2005|13.10] C:\DOCUME~1\Andrea\DATIAP~1\Talkback
[08/09/2005|19.39] C:\DOCUME~1\Andrea\DATIAP~1\vlc
[0|File] C:\DOCUME~1\Andrea\DATIAP~1\byte
[32|Directory] C:\DOCUME~1\Andrea\DATIAP~1\byte disponibili

[09/06/2005|22.14] C:\DOCUME~1\DEFAUL~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\DEFAUL~1\DATIAP~1\byte
[3|Directory] C:\DOCUME~1\DEFAUL~1\DATIAP~1\byte disponibili

[13/01/2008|04.08] C:\DOCUME~1\LOCALS~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\LOCALS~1\DATIAP~1\byte
[3|Directory] C:\DOCUME~1\LOCALS~1\DATIAP~1\byte disponibili

[13/01/2008|04.08] C:\DOCUME~1\NETWOR~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\NETWOR~1\DATIAP~1\byte
[3|Directory] C:\DOCUME~1\NETWOR~1\DATIAP~1\byte disponibili

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[14/02/2009 14.35][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[15/02/2009 13.33][--ah-----] C:\WINDOWS\tasks\SA.DAT
[10/09/2002 13.00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Programmi

[22/01/2006|23.56] C:\Programmi\AC3Filter
[08/06/2006|22.45] C:\Programmi\Acer Advanced MP3 Player Tools 4.0
[18/09/2008|10.38] C:\Programmi\Adobe
[28/06/2006|12.54] C:\Programmi\Alwil Software
[06/02/2008|19.46] C:\Programmi\Apple Software Update
[20/10/2005|19.33] C:\Programmi\ArcSoft
[18/10/2008|00.21] C:\Programmi\Avenger
[14/09/2007|17.34] C:\Programmi\AVSMedia
[09/02/2006|18.26] C:\Programmi\Briscola
[20/10/2005|19.34] C:\Programmi\Canon
[01/01/2009|17.11] C:\Programmi\CCleaner
[09/06/2005|22.29] C:\Programmi\C-Media 3D Audio
[09/06/2005|22.11] C:\Programmi\ComPlus Applications
[18/03/2006|19.27] C:\Programmi\COWON
[07/02/2008|01.55] C:\Programmi\Dia
[03/09/2007|14.37] C:\Programmi\DivX
[04/03/2007|15.40] C:\Programmi\DivX Video Duplicator
[30/11/2007|19.31] C:\Programmi\Documentario Mussolini-Grandi
[19/02/2007|19.10] C:\Programmi\EA GAMES
[20/10/2008|14.35] C:\Programmi\Earth Resource Mapping
[15/02/2009|03.04] C:\Programmi\eMule
[09/10/2005|19.31] C:\Programmi\EPSON
[14/02/2009|23.08] C:\Programmi\File comuni
[14/02/2009|22.54] C:\Programmi\FindyKill
[06/10/2006|21.23] C:\Programmi\FireBurner
[31/07/2008|20.55] C:\Programmi\Free PDF to Word Doc Converter
[04/03/2007|15.26] C:\Programmi\Gabest
[14/09/2008|00.58] C:\Programmi\Google
[13/01/2008|04.09] C:\Programmi\Grisoft
[11/11/2007|01.38] C:\Programmi\HiJackthis v2
[03/09/2007|14.34] C:\Programmi\InstallShield Installation Information
[16/01/2009|02.09] C:\Programmi\Internet Explorer
[13/12/2008|16.44] C:\Programmi\Java
[07/12/2008|07.47] C:\Programmi\JRE
[17/10/2008|23.17] C:\Programmi\Lavasoft
[12/03/2006|20.18] C:\Programmi\Logitech
[15/09/2007|20.30] C:\Programmi\MAGIX
[09/12/2008|18.28] C:\Programmi\MDIConvertor
[23/09/2008|13.47] C:\Programmi\Messenger
[08/02/2009|01.17] C:\Programmi\Messenger Plus! Live
[30/09/2006|23.14] C:\Programmi\MessengerPlus! 3
[08/02/2006|21.26] C:\Programmi\Microforum
[09/06/2005|22.15] C:\Programmi\microsoft frontpage
[11/06/2005|00.59] C:\Programmi\Microsoft Office
[14/10/2006|09.50] C:\Programmi\Microsoft Visual Studio
[15/02/2009|05.07] C:\Programmi\mIrc
[04/03/2007|15.26] C:\Programmi\Morgan
[10/02/2006|02.53] C:\Programmi\Motherboard Monitor 5
[23/09/2008|13.19] C:\Programmi\Movie Maker
[14/02/2009|21.12] C:\Programmi\Mozilla Firefox
[09/06/2005|22.11] C:\Programmi\MSN
[09/06/2005|22.11] C:\Programmi\MSN Gaming Zone
[29/09/2007|00.23] C:\Programmi\MSXML 4.0
[13/03/2006|13.53] C:\Programmi\MUSICMATCH
[03/09/2007|14.35] C:\Programmi\muvee Technologies
[11/09/2007|17.07] C:\Programmi\Nero
[23/09/2008|13.13] C:\Programmi\NetMeeting
[29/04/2008|14.40] C:\Programmi\OpenOffice.org 2.3
[07/12/2008|07.46] C:\Programmi\OpenOffice.org 2.4
[07/12/2008|07.47] C:\Programmi\OpenOffice.org 3
[23/09/2008|13.13] C:\Programmi\Outlook Express
[05/09/2007|21.55] C:\Programmi\QuickTime
[07/09/2005|23.31] C:\Programmi\Real
[09/02/2006|18.27] C:\Programmi\Scopa
[09/06/2005|22.13] C:\Programmi\Servizi in linea
[17/06/2007|17.49] C:\Programmi\SetteEMezzo
[06/01/2007|21.09] C:\Programmi\Skype
[07/09/2008|16.01] C:\Programmi\SpeedFan
[29/06/2008|14.18] C:\Programmi\Total Video Converter
[14/02/2009|21.26] C:\Programmi\Trend Micro
[09/06/2005|22.19] C:\Programmi\Uninstall Information
[08/09/2005|19.23] C:\Programmi\VideoLAN
[20/06/2005|15.21] C:\Programmi\Webteh
[03/09/2007|12.50] C:\Programmi\Winamp
[04/03/2007|15.35] C:\Programmi\WinASPI
[15/03/2008|20.28] C:\Programmi\Windows Live
[09/03/2007|18.22] C:\Programmi\Windows Media Connect 2
[23/09/2008|13.13] C:\Programmi\Windows Media Player
[23/09/2008|13.13] C:\Programmi\Windows NT
[07/07/2005|23.59] C:\Programmi\WindowsUpdate
[23/09/2005|14.53] C:\Programmi\WinMX
[06/10/2006|20.55] C:\Programmi\WinRAR
[08/07/2008|19.34] C:\Programmi\WinZip
[06/10/2006|19.04] C:\Programmi\WinZip Self-Extractor
[09/06/2005|22.15] C:\Programmi\xerox
[17/05/2008|19.54] C:\Programmi\XStyle v2
[22/01/2006|23.57] C:\Programmi\XviD
[21/02/2007|22.18] C:\Programmi\Yahoo!
[11/09/2007|01.28] C:\Programmi\Zone Labs
[0|File] C:\Programmi\byte
[91|Directory] C:\Programmi\byte disponibili

--------------------\\ Listing Folders in C:\Programmi\File comuni

[18/09/2008|10.36] C:\Programmi\File comuni\Adobe
[11/09/2007|17.11] C:\Programmi\File comuni\Ahead
[14/09/2007|17.34] C:\Programmi\File comuni\AVSMedia
[11/06/2005|01.00] C:\Programmi\File comuni\Designer
[05/06/2007|16.14] C:\Programmi\File comuni\ESRI
[09/10/2005|19.33] C:\Programmi\File comuni\InstallShield
[22/06/2005|15.31] C:\Programmi\File comuni\Java
[12/03/2006|20.18] C:\Programmi\File comuni\Logitech
[15/09/2007|20.27] C:\Programmi\File comuni\MAGIX Shared
[14/09/2008|15.18] C:\Programmi\File comuni\Microsoft Shared
[09/06/2005|22.12] C:\Programmi\File comuni\MSSoap
[03/09/2007|14.35] C:\Programmi\File comuni\muvee Technologies
[09/06/2005|22.50] C:\Programmi\File comuni\ODBC
[05/01/2009|02.47] C:\Programmi\File comuni\Real
[20/01/2008|16.28] C:\Programmi\File comuni\Roxio Shared
[09/06/2005|22.12] C:\Programmi\File comuni\Services
[09/06/2005|22.50] C:\Programmi\File comuni\SpeechEngines
[23/09/2008|13.13] C:\Programmi\File comuni\System
[15/03/2008|20.28] C:\Programmi\File comuni\WindowsLiveInstaller
[17/10/2008|23.16] C:\Programmi\File comuni\Wise Installation Wizard
[05/01/2009|02.47] C:\Programmi\File comuni\xing shared
[0|File] C:\Programmi\File comuni\byte
[23|Directory] C:\Programmi\File comuni\byte disponibili

--------------------\\ Process

( 43 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-15 13:48:49
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 107

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Andrea\Desktop\gis ARCVIEW 8.1\SOFTWARE CAD-GIS - ESRI ArcView v8.1-CD1(cue+bin+crack).rar


[F:13][D:4]-> C:\DOCUME~1\Andrea\IMPOST~1\Temp
[F:10][D:1]-> C:\DOCUME~1\Andrea\Cookies
[F:75][D:5]-> C:\DOCUME~1\Andrea\IMPOST~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 15/02/2009|13.45 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 15/02/2009|13.53 - Option : [2]

--------------------\\ Scan completed at 13.53.02
Pompeo_3
Utente Junior
 
Post: 63
Iscritto il: 10/10/07 21:37

Re: hijackthis

Postdi Pompeo_3 » 15/02/09 16:15

Ecco il secondo:

BitDefender Online Scanner
Scan report generated at: Sun, Feb 15, 2009 - 16:06:44
Scan path: A:\;C:\;D:\;E:\;
Statistics
Time
01:42:46
Files
531289
Folders
7877
Boot Sectors
2
Archives
4232
Packed Files
15634
Results
Identified Viruses
1
Infected Files
2
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
2
Engines Info
Virus Definitions
862338
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins
14
Archive plugins
38
Unpack plugins
7
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Programmi\XStyle v2\XStyle.exe
Infected with: Backdoor.Mirc.BV
C:\Programmi\XStyle v2\XStyle.exe
Disinfection failed
C:\Programmi\XStyle v2\XStyle.exe
Deleted
C:\System Volume Information\_restore{830C6FE4-F312-407D-83CA-BC8903A46F55}\RP233\A0053095.exe
Infected with: Backdoor.Mirc.BV
C:\System Volume Information\_restore{830C6FE4-F312-407D-83CA-BC8903A46F55}\RP233\A0053095.exe
Disinfection failed
C:\System Volume Information\_restore{830C6FE4-F312-407D-83CA-BC8903A46F55}\RP233\A0053095.exe
Deleted
Pompeo_3
Utente Junior
 
Post: 63
Iscritto il: 10/10/07 21:37

Re: hijackthis

Postdi Pompeo_3 » 15/02/09 16:20

spybot S&D non me lo installa in compenso devo reinstallare il programma di chat che mi ha eliminato l'.exe
Pompeo_3
Utente Junior
 
Post: 63
Iscritto il: 10/10/07 21:37

Re: hijackthis

Postdi shel » 15/02/09 16:49

disattiva il ripristino

Start --> programmi --> accessori --> utilita' di sistema --> ripristino configurazioni di sistema --> impostazioni ripristino configurazioni di sistema --> Disattiva ripristino

Riavvia il pc e riattiva il ripristino creando un nuovo punto

vedi se nel pc e' presente questo file in rosso C:\Programmi\XStyle v2\XStyle.exe

se lo trovi, analizzalo con virus total e vedi se lo riconosce infetto

postami un nuovo log di hijackthis

per quello che riguarda la mancata installazione di spybot, potrebbe dipendere dalle chiavi di registro presenti ancora nel pc - ti invio un link dove potrai scaricare direttamente reg seeker, un programma ottimo non solo per la pulizia del registro, ma anche per eliminare le chiavi che non servono

http://wikisend.com/download/594286/RegSeeker.zip

decomprimilo, apri il programma e vai su ===> cerca voci inutili - scrivi nel box bianco spybot e dai ok

quando ha finito, vedrai tutte le chiavi del programma - selezionale- vai sotto dove e' scritto azione e scegli elimina

Stai molto attento a cio' che togli- prima di selezionarle, guardale attentamente


appena avrai finito, continueremo

hai riattivato i servizi??
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: hijackthis

Postdi Pompeo_3 » 15/02/09 19:34

che chiavi di programma devo eliminare?
Pompeo_3
Utente Junior
 
Post: 63
Iscritto il: 10/10/07 21:37

Re: hijackthis

Postdi shel » 15/02/09 19:43

che chiavi di programma devo eliminare?


quelle di spybot - devi scrivere spybot nel programma - probabilmente non te lo fa reinstallare proprio perche' ci sono delle chiavi del programma
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: hijackthis

Postdi Pompeo_3 » 15/02/09 19:56

ecco il report di virus total

File XStyle.exe ricevuto il 2007.03.17 20:21:45 (CET)
Stato corrente: finito

Risultato: 9/30 (30.00%)
Formattato Stampa risultati
Antivirus Versione Ultimo aggiornamento Risultato
AhnLab-V3 - - Win-AppCare/MircPack.1653760
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - Application.Mirc.B
CAT-QuickHeal - - W32.Mirc.Flood
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - Backdoor.Win32.mIRC-based
FileAdvisor - - -
Fortinet - - W32/IRCFlood.CD!tr
Ikarus - - Backdoor.IRC.mIRC-based
Kaspersky - - not-a-virus:Client-IRC.Win32.mIRC.591
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - Suspicious file
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
UNA - - -
VBA32 - - BackDoor.IRC.based
VirusBuster - - -
Informazioni addizionali
MD5: ff3a2d7d8ea30b37d767384bd6912e92
SHA1: d4f71d25900248e8474b9fdfab860db6b2e1e0d1
SHA256: 1f7e3835c816af058dfc85c452846e8bcb774643f0c63753bb93736e5327f911
SHA512: cc08954eee96815f9c91576a92c1692044e9aae989f9f783d6ee134db9cdb96a620d8fd34b8ace4c3ec0477f2f1a49efbb881833af74897eb74b574ef21e4d9d
Pompeo_3
Utente Junior
 
Post: 63
Iscritto il: 10/10/07 21:37

Re: hijackthis

Postdi Pompeo_3 » 15/02/09 19:58

ecco il log di hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.57.45, on 15/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
C:\WINDOWS\system32\NotifyPhoneBook.exe
C:\Programmi\Winamp\winampa.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\OpenOffice.org 3\program\soffice.exe
C:\Programmi\OpenOffice.org 3\program\soffice.bin
C:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DivX Video Duplicator OLR] C:\PROGRA~1\DIVXVI~1\BVRPOlr.exe /DivX Video Duplicator
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Programmi\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B2BE75F3-9197-11CF-ABF4-08000996E931} (Autodesk WHIP! Control) - ftp://ftp.autodesk.com/pub/whip/english/whip.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4D8D902-51FF-45F5-A636-06B4591AF5AE}: NameServer = 85.255.116.135 85.255.112.9
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programmi\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (file missing)

--
End of file - 9669 bytes
Pompeo_3
Utente Junior
 
Post: 63
Iscritto il: 10/10/07 21:37

Prossimo

Torna a Sicurezza e Privacy


Topic correlati a "hijackthis":

Analisi log HijackThis
Autore: Sanko
Forum: Sicurezza e Privacy
Risposte: 4
Pc lento e Hijackthis
Autore: Flopez
Forum: Assistenza Hardware
Risposte: 3
HijackThis
Autore: franco58
Forum: Sistemi Operativi Windows
Risposte: 0

Chi c’è in linea

Visitano il forum: Nessuno e 52 ospiti