Condividi:        

Pc a rischio! Aiutoo!

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Re: Pc a rischio! Aiutoo!

Postdi alessia84 » 26/04/09 13:28

Ti copio il nuovo log di hjt:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:26, on 2009-04-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\VM305_STI.EXE
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Pando Networks\Pando\pando.exe
C:\Programmi\TomTom HOME 2\HOMERunner.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Documents and Settings\utente\Desktop\Alessia\programmi per il pc\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Encarta Web Companion Oggetto helper - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pando] "C:\Programmi\Pando Networks\Pando\pando.exe" /Minimized
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programmi\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Programmi\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://gamenextit.oberon-media.com/Game ... meHost.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1870833-29E8-4E2E-885C-8434EF0F371F}: NameServer = 192.168.1.1,192.168.1.2
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8902 bytes

Ho provato a fare come mi hai detto ma avg non riesco ne a disinstallarlo ne a disabilitarlo.
alessia84
Utente Senior
 
Post: 132
Iscritto il: 18/07/06 14:33

Sponsor
 

Re: Pc a rischio! Aiutoo!

Postdi shel » 26/04/09 13:35

elimina questa voce con hijackthis

O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Programmi\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll

analizza su virus total il file presente nella chiave

C:\Programmi\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll

fatto questo disabilita avg e fai la scansione con combofix
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: Pc a rischio! Aiutoo!

Postdi shel » 26/04/09 15:25

prova a scaricarlo da qui, avg non dovrebbe riconoscerlo

http://wikisend.com/download/458120/alessia.exe
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: Pc a rischio! Aiutoo!

Postdi alessia84 » 26/04/09 15:40

Come avevo scritto in un post precedente non riesco a fissare quella voce con hjt. Mi si blocca tutto.

analizza su virus total il file presente nella chiave--------->che vuol dire? Che devo fare?

C:\Programmi\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
alessia84
Utente Senior
 
Post: 132
Iscritto il: 18/07/06 14:33

Re: Pc a rischio! Aiutoo!

Postdi shel » 26/04/09 15:54

Alessia calma e sangue freddo ;) ...una cosa alla volta

prima prova a vedere se riesci a scaricare combofix come ti ho suggerito nel post precedente...

<<<============ guarda
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: Pc a rischio! Aiutoo!

Postdi alessia84 » 26/04/09 15:56

Si, l'ho scaricato. Ho anche provato ad avviarlo ma mi suona ancora perche' riconosce avg attivo
alessia84
Utente Senior
 
Post: 132
Iscritto il: 18/07/06 14:33

Re: Pc a rischio! Aiutoo!

Postdi shel » 26/04/09 16:05

prova in questo modo

clicca su start>esegui, nel box bianco copia e incolla questo comando, virgolette comprese:

"%userprofile%\desktop\combofix.exe" /killall
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: Pc a rischio! Aiutoo!

Postdi alessia84 » 26/04/09 16:42

Stesso problema di prima...mi suona due volte per indicarmi che avg è attivo e dare Ok metterebbe a rischio l'intero sistema
alessia84
Utente Senior
 
Post: 132
Iscritto il: 18/07/06 14:33

Re: Pc a rischio! Aiutoo!

Postdi shel » 26/04/09 16:57

possibile che non ti riesce a disattivarlo?

tasto destro sull'icona nella barra delle applicazioni vicino all'orologio
e poi fai esci o disattiva - anche se suona, continua il download di combofix- e' riconosciuto come minaccia ma ovviamente non lo e'

INSISTI
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: Pc a rischio! Aiutoo!

Postdi alessia84 » 26/04/09 17:18

Ecco il log. Non andavo avanti dopo aver sentito il bip perche' pensavo fosse rischioso. Non avev capito di poter andare avanti.

ComboFix 09-04-25.A3 - utente 2009-04-26 18:11.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.958.424 [GMT 2:00]
Eseguito da: c:\documents and settings\utente\Desktop\alessia.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: ActiveArmor Firewall *disabled*
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\utente\IMPOST~1\Temp\catchme.dll
c:\documents and settings\utente\Impostazioni locali\temp\catchme.dll
c:\windows\system32\test.ttt
c:\windows\system32\win32hlp.cnf

.
((((((((((((((((((((((((( Files Creati Da 2009-05-26 al 2009-4-26 )))))))))))))))))))))))))))))))))))
.

2009-04-26 14:40 . 2009-04-26 15:41 -------- d-----w C:\ComboFix
2009-04-22 19:56 . 2009-04-22 19:56 -------- d-----w c:\documents and settings\utente\Dati applicazioni\Malwarebytes
2009-04-22 19:56 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-22 19:56 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-22 19:56 . 2009-04-22 19:56 -------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-04-22 19:56 . 2009-04-22 19:56 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-04-22 19:56 . 2009-04-26 08:44 -------- d-----w c:\programmi\Navilog1

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-26 16:06 . 2007-08-12 09:11 -------- d-----w c:\programmi\eMule
2009-04-26 11:27 . 2009-02-01 15:40 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\avg8
2009-04-26 08:44 . 2009-04-22 20:10 2218 ----a-w C:\cleannavi.txt
2009-03-29 09:24 . 2001-08-31 11:00 70658 ----a-w c:\windows\system32\perfc010.dat
2009-03-29 09:24 . 2001-08-31 11:00 440486 ----a-w c:\windows\system32\perfh010.dat
2009-03-21 22:23 . 2007-08-27 16:16 -------- d-----w c:\programmi\DivX
2009-03-21 22:22 . 2009-03-21 22:22 -------- d-----w c:\programmi\File comuni\DivX Shared
2009-03-15 00:43 . 2007-08-11 21:31 70648 ----a-w c:\documents and settings\utente\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-03-15 00:39 . 2007-11-11 18:53 -------- d-----w c:\programmi\Windows Live
2009-03-15 00:36 . 2009-03-15 00:36 -------- d-----w c:\programmi\Microsoft
2009-03-15 00:36 . 2009-03-15 00:36 -------- d-----w c:\programmi\Windows Live SkyDrive
2009-03-15 00:33 . 2009-03-15 00:33 -------- d-----w c:\programmi\File comuni\Windows Live
2009-03-03 21:04 . 2008-05-11 21:18 -------- d-----w c:\documents and settings\utente\Dati applicazioni\mIRC
2009-02-11 20:14 . 2007-08-12 17:13 268 ---ha-w C:\sqmdata01.sqm
2009-02-11 20:14 . 2007-08-12 17:13 244 ---ha-w C:\sqmnoopt01.sqm
2009-02-06 19:01 . 2009-02-06 19:01 308088 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-04 07:12 . 2009-02-04 07:12 10520 ----a-w c:\windows\system32\avgrsstx.dll
2008-08-17 16:10 . 2008-08-17 16:10 774144 ----a-w c:\programmi\RngInterstitial.dll
2008-01-02 20:07 . 2007-10-03 19:48 5936 ----a-w c:\documents and settings\utente\mqdmwhnt.sys
2008-01-02 20:07 . 2007-10-03 19:48 9232 ----a-w c:\documents and settings\utente\mqdmmdfl.sys
2008-01-02 20:07 . 2007-10-03 19:48 92064 ----a-w c:\documents and settings\utente\mqdmmdm.sys
2008-01-02 20:07 . 2007-10-03 19:48 79328 ----a-w c:\documents and settings\utente\mqdmserd.sys
2008-01-02 20:07 . 2007-10-03 19:48 66656 ----a-w c:\documents and settings\utente\mqdmbus.sys
2008-01-02 20:07 . 2007-10-03 19:48 6208 ----a-w c:\documents and settings\utente\mqdmcmnt.sys
2008-01-02 20:07 . 2007-10-03 19:48 4048 ----a-w c:\documents and settings\utente\mqdmcr.sys
2008-01-02 20:07 . 2007-08-12 09:19 25600 ----a-w c:\documents and settings\utente\usbsermptxp.sys
2008-01-02 20:07 . 2007-08-12 09:19 22768 ----a-w c:\documents and settings\utente\usbsermpt.sys
2008-01-02 19:49 . 2007-11-14 09:07 47360 ----a-w c:\documents and settings\utente\Dati applicazioni\pcouffin.sys
2004-01-25 02:48 . 2007-08-30 16:24 1004712 ----a-w c:\programmi\wrar330.exe
2004-01-22 16:35 . 2007-08-30 16:28 835584 ----a-w c:\programmi\WinRAR.exe.bak
2003-09-15 16:34 . 2007-09-09 21:05 1020 ----a-w c:\programmi\Descript.ion
2003-01-03 00:48 . 2007-09-09 21:05 128 ----a-w c:\programmi\UnrarSrc.txt
2002-09-06 22:36 . 2007-09-09 21:05 1082 ----a-w c:\programmi\RarFiles.lst
2007-11-04 08:57 . 2007-08-03 14:22 16384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
2007-11-04 08:57 . 2007-08-03 14:22 32768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
2007-08-03 14:22 . 2007-08-03 14:22 32768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012007080320070804\index.dat
2007-11-04 08:57 . 2007-08-03 14:22 32768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
.

------- Sigcheck -------

[-] 2008-12-14 14:28 111616 80E4DCBA043DEE8129D524BFEB8B864C c:\windows\system32\userinit.exe

[-] 2007-01-03 10:51 296960 F959D929A6A22D78E3A6851A9361CE18 c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"Pando"="c:\programmi\Pando Networks\Pando\pando.exe" [2008-11-20 3647304]
"TomTomHOME.exe"="c:\programmi\TomTom HOME 2\HOMERunner.exe" [2008-11-27 234856]
"eMuleAutoStart"="c:\programmi\eMule\emule.exe" [2007-05-13 5308416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-16 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-16 86016]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"BigDog305"="c:\windows\VM305_STI.EXE" [2007-05-16 61440]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-04 1601304]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-08-16 1617920]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-02-26 16125440]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2007-10-10 124928]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
InterVideo WinCinema Manager.lnk - c:\programmi\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-8-3 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-04 07:12 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Programmi\\InterVideo\\DVD6\\WinDVD.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\Motorola Phone Tools\\mPhonetools.exe"=
"c:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Documents and Settings\\utente\\Desktop\\mIRC.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Pando Networks\\Pando\\pando.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:192.168.1.100
"4672:UDP"= 4672:UDP:192.168.1.100
"58424:TCP"= 58424:TCP:Pando P2P TCP Listening Port
"58424:UDP"= 58424:UDP:Pando P2P UDP Listening Port

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-02-04 325128]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2005-03-16 13696]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-04 298264]
S3 ZSMC0305;SUPER 188 PC CAMERA;c:\windows\system32\Drivers\usbVM305.sys [2007-05-16 391743]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{610d1112-bec6-11dd-98ea-00e04d2f1f95}]
\Shell\AutoRun\command - I:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c76fc7ed-7af2-11dc-95eb-00e04d2f1f95}]
\Shell\AutoRun\command - I:\xn1i9x.com
\Shell\explore\Command - I:\xn1i9x.com
\Shell\open\Command - I:\xn1i9x.com
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Read with DeskBot
TCP: {A1870833-29E8-4E2E-885C-8434EF0F371F} = 192.168.1.1,192.168.1.2
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-26 18:13
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@??????????????

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\SHSVCS.dll
c:\windows\system32\CLBCATQ.DLL
c:\windows\system32\DNSAPI.dll

- - - - - - - > 'lsass.exe'(780)
c:\windows\system32\WLDAP32.dll
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\ipsecsvc.dll
.
Ora fine scansione: 2009-04-26 18:15
ComboFix-quarantined-files.txt 2009-04-26 16:14
ComboFix2.txt 2008-12-14 15:49

Pre-Run: 11,388,854,272 byte disponibili
Post-Run: 11,380,166,656 byte disponibili

167 --- E O F --- 2008-01-08 21:18
alessia84
Utente Senior
 
Post: 132
Iscritto il: 18/07/06 14:33

Re: Pc a rischio! Aiutoo!

Postdi shel » 26/04/09 20:03

Scarica Avenger
http://swandog46.geekstogo.com/avenger.zip

Estrailo in una cartella a tua scelta
Esegui il file avenger.exe
Ora incolla queste righe in rosso nella box bianco che si è aperta:

files to delete:
c:\windows\WLXPGSS.SCR
I:\xn1i9x.com


Premi il pulsante Execute
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.


Incolla questo testo in rosso in blocco note (punto e virgola comprese)- salvalo sul desktop come fix.reg - doppio clic e accetta le modifiche al registro

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c76fc7ed-7af2-11dc-95eb-00e04d2f1f95}]
;



Analizza qui ===> http://www.virustotal.com/it/ il file evidenziato in rosso

c:\documents and settings\utente\mqdmcmnt.sys
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: Pc a rischio! Aiutoo!

Postdi alessia84 » 26/04/09 21:24

Ok ho fatto tutto quello che mi hai detto,ti copio intanto il log di avenger:

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Sun Apr 26 22:14:05 2009

22:14:05: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Sun Apr 26 22:14:21 2009

22:14:21: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\windows\WLXPGSS.SCR" deleted successfully.

Error: could not open file "I:\xn1i9x.com"
Deletion of file "I:\xn1i9x.com" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Completed script processing.

*******************

Finished! Terminate.


Ho analizzato il file, di seguito il risultato dell'analisi:

Antivirus Versione Ultimo aggiornamento Risultato
a-squared 4.0.0.101 2009.04.26 -
AhnLab-V3 5.0.0.2 2009.04.26 -
AntiVir 7.9.0.156 2009.04.26 -
Antiy-AVL 2.0.3.1 2009.04.24 -
Authentium 5.1.2.4 2009.04.26 -
Avast 4.8.1335.0 2009.04.26 -
AVG 8.5.0.287 2009.04.26 -
BitDefender 7.2 2009.04.26 -
CAT-QuickHeal 10.00 2009.04.25 -
ClamAV 0.94.1 2009.04.26 -
Comodo 1135 2009.04.25 -
DrWeb 4.44.0.09170 2009.04.26 -
eSafe 7.0.17.0 2009.04.23 -
eTrust-Vet 31.6.6475 2009.04.24 -
F-Prot 4.4.4.56 2009.04.26 -
F-Secure 8.0.14470.0 2009.04.25 -
Fortinet 3.117.0.0 2009.04.26 -
GData 19 2009.04.26 -
Ikarus T3.1.1.49.0 2009.04.26 -
K7AntiVirus 7.10.716 2009.04.25 -
Kaspersky 7.0.0.125 2009.04.26 -
McAfee 5597 2009.04.26 -
McAfee+Artemis 5597 2009.04.26 -
McAfee-GW-Edition 6.7.6 2009.04.26 -
Microsoft 1.4602 2009.04.26 -
NOD32 4035 2009.04.25 -
Norman 6.00.06 2009.04.24 -
nProtect 2009.1.8.0 2009.04.26 -
Panda 10.0.0.14 2009.04.26 -
PCTools 4.4.2.0 2009.04.26 -
Prevx1 3.0 2009.04.26 -
Rising 21.26.62.00 2009.04.26 -
Sophos 4.41.0 2009.04.26 -
Sunbelt 3.2.1858.2 2009.04.24 -
Symantec 1.4.4.12 2009.04.26 -
TheHacker 6.3.4.1.314 2009.04.26 -
TrendMicro 8.700.0.1004 2009.04.25 -
VBA32 3.12.10.3 2009.04.25 -
ViRobot 2009.4.24.1708 2009.04.24 -
VirusBuster 4.6.5.0 2009.04.26 -
Informazioni addizionali
File size: 6208 bytes
MD5...: 42bb364455e7eed396d5bdf0015fa921
SHA1..: 74e1c5e5b2b645d83ce23eebc9157a82209fef99
SHA256: e9ae6c9d50a425be0599755b390bdff6e9e8825aab1cfd92ea172dc3a114f58e
SHA512: 3897d5c8f4a2590533d9557d7d5d0244bd25e6c6cac7e4ef7f6b41e4d90b91f1
db9378f859088cf3e48fa7c27b4786f277129af7405a2282fd4aaaed16fdaf17
ssdeep: 96:Q/A7eyOsguH6cBfOX+6GUnw9aQ9SJzYc0oxdcH0g:Q/wtONuH6cBfOX+6GUnw
9aQ9Scc07Hl

PEiD..: -
TrID..: File type identification
Win64 Executable Generic (95.5%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x450
timedatestamp.....: 0x449986d9 (Wed Jun 21 17:50:17 2006)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x2a0 0x556 0x560 5.64 6298ba896b01523dc709657483bbd7b4
.edata 0x800 0x5c2 0x5e0 5.28 c75477cc8149d086b264d4804593d267
INIT 0xde0 0x31e 0x320 4.98 4eba23c4e0a28383b9271e227c7c034e
.rsrc 0x1100 0x378 0x380 3.39 2f72845d0df066f917a1574c68143426
.reloc 0x1480 0x80 0x80 2.97 05f2b2ef75422bc08df5e9dfa8cc44dd

( 1 imports )
> ntoskrnl.exe: IoGetDeviceObjectPointer, ExQueueWorkItem, ObfReferenceObject, ObfDereferenceObject, KeDelayExecutionThread, ExFreePool, IoGetDeviceInterfaceAlias, IoGetDeviceInterfaces, IoOpenDeviceRegistryKey, IoRegisterDeviceInterface, IoRegisterPlugPlayNotification, IoReportTargetDeviceChange, IoSetDeviceInterfaceState, ExAllocatePoolWithTag, RtlInitUnicodeString, PoCallDriver, PoCancelDeviceNotify, PoRegisterDeviceForIdleDetection, PoRegisterDeviceNotify, PoRegisterSystemState, PoRequestPowerIrp, PoSetPowerState, PoSetSystemState, PoStartNextPowerIrp, PoUnregisterSystemState, IoIsWdmVersionAvailable

( 32 exports )
_MCCICM_AddSerialDevice@8, _MCCICM_FindIoOpenDeviceRegistryKey@4, _MCCICM_FindPoCallDriver@4, _MCCICM_FindPoRequestPowerIrp@4, _MCCICM_FindPoStartNextPowerIrp@4, _MCCICM_QuerySystemVersion@4, _MCCICM_ReestablishSerialConnection@4, _MCCICM_RemoveSerialDevice@4, _MCCIWH_CreateDelayedDereferenceItem@12, _MCCIWH_FindIoGetDeviceInterfaceAlias@4, _MCCIWH_FindIoGetDeviceInterfaces@4, _MCCIWH_FindIoOpenDeviceRegistryKey@4, _MCCIWH_FindIoRegisterDeviceInterface@4, _MCCIWH_FindIoRegisterPlugPlayNotification@4, _MCCIWH_FindIoReportTargetDeviceChange@4, _MCCIWH_FindIoSetDeviceInterfaceState@4, _MCCIWH_FindPDOByDevNode@8, _MCCIWH_FindPDOByReference@20, _MCCIWH_FindPoCallDriver@4, _MCCIWH_FindPoCancelDeviceNotify@4, _MCCIWH_FindPoRegisterDeviceForIdleDetection@4, _MCCIWH_FindPoRegisterDeviceNotify@4, _MCCIWH_FindPoRegisterSystemState@4, _MCCIWH_FindPoRequestPowerIrp@4, _MCCIWH_FindPoSetDeviceBusy@4, _MCCIWH_FindPoSetPowerState@4, _MCCIWH_FindPoSetSystemState@4, _MCCIWH_FindPoStartNextPowerIrp@4, _MCCIWH_FindPoUnregisterSystemState@4, _MCCIWH_QuerySystem98Gold@0, _MCCIWH_QuerySystemVersion@4, _MCCIWH_SubmitDelayedDereferenceItem@8

PDFiD.: -
RDS...: NSRL Reference Data Set
alessia84
Utente Senior
 
Post: 132
Iscritto il: 18/07/06 14:33

Re: Pc a rischio! Aiutoo!

Postdi shel » 26/04/09 21:39

una domanda: la chiave l'hai cancellata prima o dopo aver usato avenger?

come va' il pc ora?
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: Pc a rischio! Aiutoo!

Postdi alessia84 » 26/04/09 21:45

Uhm sembra vada bene...

Avenger l'ho utilizzato prima della chiave...nell'ordine in cui hai scritto...
prima venger
poi la chiave
poi ho analizzato il file

Ho sbagliato qualcosa?
alessia84
Utente Senior
 
Post: 132
Iscritto il: 18/07/06 14:33

Re: Pc a rischio! Aiutoo!

Postdi shel » 26/04/09 22:15

no no sei stata precisa

un'ultima cosa, sono un po' pignolo

Apri il registro -> Start / Esegui ,digita regedit e dai l'ok
Portati in questa chiave :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Clicca su winlogon e, nella finestra a destra, trova "Userinit"

Nella colonna "dati" vedrai scritto:

c:\windows\system32\userinit.exe, <==== lo vedi?

dimmi se vedi scritto altro dopo la virgola, senza toccare niente
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: Pc a rischio! Aiutoo!

Postdi alessia84 » 27/04/09 08:36

E allora,fatto tutto.
Dopo la virgola non c'è scritto niente...ma appena accendo il pc continua a dirmi Minaccia Rilevata relativamente all'userenit...
alessia84
Utente Senior
 
Post: 132
Iscritto il: 18/07/06 14:33

Re: Pc a rischio! Aiutoo!

Postdi shel » 27/04/09 10:55

ciao A lessia

l'userinit e' a posto, ora vediamo perche' avg si mette a ''suonare''

fai una nuova scansione con malwarebytes, solo dopo averlo aggiornato - scegli quella completa e posta il report che ti rilascia

Per scaricare Malwarebytes ====>> http://www.malwarebytes.org/mbam/program/mbam-setup.exe
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: Pc a rischio! Aiutoo!

Postdi alessia84 » 27/04/09 12:22

Di seguito i risultati della scansione..
Malwarebytes' Anti-Malware 1.36
Versione del database: 2028
Windows 5.1.2600 Service Pack 2

2009-04-27 13:20:59
mbam-log-2009-04-27 (13-20-55).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 145464
Tempo trascorso: 50 minute(s), 4 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 10
Valori di registro infetti: 1
Elementi dato del registro infetti: 1
Cartelle infette: 0
File infetti: 3

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CLASSES_ROOT\oberontb.band (Adware.Gamesbar) -> No action taken.
HKEY_CLASSES_ROOT\oberontb.band.1 (Adware.Gamesbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{305c6cb1-9d31-4489-881d-5a8e2dc3fe14} (Adware.Shoper) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e79b1445-dfea-4bef-a786-e0c0f33c863b} (Adware.Shoper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4cf088bd-be95-40a5-be9b-677f8683edea} (Adware.Shoper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6fac4823-815e-4361-836e-46d65ed2550b} (Adware.Shoper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{911f251e-34fd-465e-b6ce-df00ff49a6be} (Adware.Shoper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{fe4f1649-8909-49c0-87ba-24d65120db46} (Adware.Shoper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b41db860-8ee4-11d2-9906-e49fadc173ca} (Spyware.OnlineGames) -> No action taken.

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{b41db860-8ee4-11d2-9906-e49fadc173ca} (Spyware.OnlineGames) -> No action taken.

Elementi dato del registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> No action taken.

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\Programmi\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll (Adware.Shoper) -> No action taken.
C:\Documents and Settings\utente\Desktop\Alessia\programmi per il pc\backups\backup-20081207-133452-914.dll (Adware.Shoper) -> No action taken.
C:\Programmi\RarExt.dll (Spyware.OnlineGames) -> No action taken.
alessia84
Utente Senior
 
Post: 132
Iscritto il: 18/07/06 14:33

Re: Pc a rischio! Aiutoo!

Postdi shel » 27/04/09 13:06

riavvia malwarebytes ed elimina quello che ha trovato

fammi sapere sa avg e' ancora in allarme e come va' ora il pc
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: Pc a rischio! Aiutoo!

Postdi alessia84 » 27/04/09 13:18

Ho eliminato tutto...ma nonostante ciò..riavviando..la minaccia sull'userit è ancora li'..
Ti copio un nuovo log di hjt, come ti sembra?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:16, on 2009-04-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\VM305_STI.EXE
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Pando Networks\Pando\pando.exe
C:\Programmi\TomTom HOME 2\HOMERunner.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\utente\Desktop\Alessia\programmi per il pc\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Encarta Web Companion Oggetto helper - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pando] "C:\Programmi\Pando Networks\Pando\pando.exe" /Minimized
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programmi\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://gamenextit.oberon-media.com/Game ... meHost.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1870833-29E8-4E2E-885C-8434EF0F371F}: NameServer = 192.168.1.1,192.168.1.2
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8740 bytes
alessia84
Utente Senior
 
Post: 132
Iscritto il: 18/07/06 14:33

PrecedenteProssimo

Torna a Sicurezza e Privacy


Topic correlati a "Pc a rischio! Aiutoo!":


Chi c’è in linea

Visitano il forum: Nessuno e 57 ospiti