Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo log di HijackThis

Controllo log di HijackThis Opzioni
Topic Precedente · Topic Sucessivo
derfel91
Inviato: Sunday, May 25, 2008 10:21:21 AM
Rank: Newbie

Iscritto dal : 5/25/2008
Posts: 0
SALVE A TUTTI.SONO NUOVO DI QUESTO FORUM,DA QUALCHE GIORNO STO AVENDO DEI PROBLEMI CON INTERNET PERCHE' SI APRONO AUTOMATICAMENTE PUBBLICITA'.HO PROVATO A FARE SCAN CON QUALSIASI PROGRAMMA DISPONIBILE SU QUESTO SITO COME SPYBOT, ANTIVIR ,AD AWARE E WINDOWS CARE E ALLA FINE NON HO RILEVATO NESSUN PROBLEMA.IERI HO VISTO IL PROGRAMMA HIJACK THIS E,SEGUENDO LE ISTRUZIONI,VI ELENCHERO' CIO' CHE HA TROVATO IL PROGRAMMA.GRAZIE IN ANTICIPO PER UN EVENTUALE RISPOSTA.





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10.20.33, on 25/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [muBlinder] C:\Documents and Settings\Riccio\Impostazioni locali\Temp\Directory temporanea 1 per muBlinder.zip\muBlinder.exe -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con Download &Express - C:\Programmi\Download Express\Add_Url.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211223650109
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211297891578
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8427 bytes
Torna in alto
 
Sponsor
Inviato: Sunday, May 25, 2008 10:21:21 AM

 
Torna in alto
 
r16
Inviato: Sunday, May 25, 2008 1:12:04 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Benvenuto derfel91 .
Il log di HijackThis ,è pulito.
Fai una scansione con Combofix.

Disabilita temporaneamente il tuo antivirus.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Digita 1, premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC e attendere pazientemente la fine delle operazioni.


ComboFix non funziona in modalità provvisoria
Vediamo se risolvi cosi'.
Torna in alto
 
derfel91
Inviato: Sunday, May 25, 2008 7:33:58 PM
Rank: Newbie

Iscritto dal : 5/25/2008
Posts: 0
Grazie per avermi risposto r16,ecco il file log che mi ha creato combofix dopo la scansione,ringrazio nuovamente in anticipo per una tua eventuale risposta.







ComboFix 08-05-24.1 - Riccio 2008-05-25 19.22.07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.559 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Riccio\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Desktop\internetgamebox.lnk
C:\Documents and Settings\All Users\Menu Avvio\Programmi\InternetGameBox
C:\Documents and Settings\All Users\Menu Avvio\Programmi\InternetGameBox\Condizioni generali.url
C:\Documents and Settings\All Users\Menu Avvio\Programmi\InternetGameBox\Disinstalla.lnk
C:\Documents and Settings\All Users\Menu Avvio\Programmi\InternetGameBox\InternetGameBox.lnk
C:\Documents and Settings\All Users\Menu Avvio\Programmi\InternetGameBox\Riservatezza.url
C:\Documents and Settings\All Users\Menu Avvio\Programmi\InternetGameBox\Website.url
C:\Documents and Settings\Riccio\Impostazioni locali\Dati applicazioni\wfoeeox.dat
C:\Documents and Settings\Riccio\Impostazioni locali\Dati applicazioni\wfoeeox.exe
C:\Documents and Settings\Riccio\Impostazioni locali\Dati applicazioni\wfoeeox_nav.dat
C:\Documents and Settings\Riccio\Impostazioni locali\Dati applicazioni\wfoeeox_navps.dat
C:\Programmi\internetgamebox
C:\Programmi\internetgamebox\InternetGameBox.exe
C:\Programmi\internetgamebox\language
C:\Programmi\internetgamebox\ressources\AttenteOff.html
C:\Programmi\internetgamebox\ressources\AttenteOn.html
C:\Programmi\internetgamebox\ressources\configv2_en.xml
C:\Programmi\internetgamebox\ressources\configv2_es.xml
C:\Programmi\internetgamebox\ressources\configv2_fr.xml
C:\Programmi\internetgamebox\ressources\favoris\defaultv2.swf
C:\Programmi\internetgamebox\ressources\NoS2F.bin
C:\Programmi\internetgamebox\skins\skinv2.skn
C:\Programmi\internetgamebox\uninst.exe
c:\WINDOWS\system32\rdtobz.dat
c:\windows\system32\rdtobz.exe
C:\WINDOWS\system32\rdtobz_nav.dat
c:\WINDOWS\system32\rdtobz_navps.dat

.
((((((((((((((((((((((((( Files Creati Da 2008-04-25 al 2008-05-25 )))))))))))))))))))))))))))))))))))
.

2008-05-25 10:03 . 2008-05-25 10:03 <DIR> d-------- C:\Programmi\Trend Micro
2008-05-23 16:39 . 2003-07-21 05:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-05-23 16:39 . 2005-01-04 20:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-05-23 16:24 . 2008-05-23 16:24 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-05-23 15:20 . 2008-05-23 15:20 <DIR> d-------- C:\Programmi\Games-Masters.com
2008-05-22 15:55 . 2008-05-22 16:01 <DIR> d-------- C:\Rohan
2008-05-21 15:29 . 2008-05-25 09:46 <DIR> d-------- C:\Programmi\Metin2_Italiano
2008-05-21 15:22 . 2008-05-21 15:22 <DIR> d-------- C:\Documents and Settings\Riccio\Dati applicazioni\ATI
2008-05-21 15:14 . 2008-05-21 15:15 <DIR> d-------- C:\Programmi\ATI Technologies
2008-05-21 15:14 . 2006-05-03 11:57 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-05-21 15:13 . 2008-05-21 15:13 <DIR> d-------- C:\ATI
2008-05-21 15:03 . 2008-05-21 15:03 <DIR> d-------- C:\WINDOWS\system32\it-it
2008-05-21 14:44 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-21 14:44 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-21 14:44 . 2007-03-08 07:11 1,032,192 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-21 14:44 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-21 14:44 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-21 14:44 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-21 14:44 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-21 14:44 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-21 14:44 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-20 19:06 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-05-20 19:06 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll
2008-05-20 19:06 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-05-20 19:06 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll
2008-05-20 19:06 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll
2008-05-20 19:06 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-05-20 19:06 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-05-20 19:06 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll
2008-05-20 19:06 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll
2008-05-20 18:43 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-20 18:43 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-20 18:21 . 2008-05-20 20:52 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-20 17:37 . 2008-03-20 18:06 1,480,232 --a------ C:\WINDOWS\system32\muBlinder_ValBackup.dll
2008-05-20 17:16 . 2008-05-20 17:16 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-05-20 16:59 . 2008-05-20 16:59 <DIR> d-------- C:\Programmi\MSXML 4.0
2008-05-20 16:31 . 2006-05-05 11:41 453,120 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys
2008-05-20 15:35 . 2008-05-20 15:35 <DIR> d-------- C:\Programmi\IObit
2008-05-20 15:23 . 2008-05-20 15:23 <DIR> d-------- C:\Programmi\MSXML 6.0
2008-05-20 15:14 . 2008-05-25 19:24 2,752,544 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-20 15:14 . 2008-05-25 10:23 32,828 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-20 15:12 . 2008-05-20 15:12 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\MailFrontier
2008-05-20 15:12 . 2008-05-20 15:13 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-05-20 15:11 . 2008-05-20 15:11 <DIR> d-------- C:\Programmi\Zone Labs
2008-05-20 15:10 . 2008-05-25 19:02 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-05-20 15:10 . 2008-05-24 15:56 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-05-20 15:10 . 2008-05-24 17:01 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-05-20 15:08 . 2008-05-20 15:08 <DIR> d-------- C:\Programmi\VideoLAN
2008-05-20 15:07 . 2008-05-25 09:59 <DIR> d-------- C:\Programmi\Unlocker
2008-05-20 14:59 . 2004-08-19 15:39 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-20 14:59 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-05-20 14:58 . 2008-05-20 14:58 <DIR> d-------- C:\Programmi\MSN Messenger
2008-05-20 14:58 . 2008-05-20 17:31 <DIR> d-------- C:\Programmi\MessengerDiscovery
2008-05-20 14:57 . 2008-05-20 14:57 <DIR> d-------- C:\Programmi\FDRLab
2008-05-20 14:54 . 2008-05-20 14:54 <DIR> d-------- C:\Programmi\Google
2008-05-20 14:52 . 2008-05-20 14:52 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Messenger Plus!
2008-05-20 14:46 . 2008-05-20 14:46 <DIR> d-------- C:\Programmi\Messenger Plus! Live
2008-05-19 21:23 . 2008-05-20 17:30 <DIR> d-------- C:\Documents and Settings\Riccio\Contacts
2008-05-19 21:07 . 2008-05-21 15:03 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-05-19 21:06 . 2008-05-19 21:16 <DIR> d--hsc--- C:\Programmi\File comuni\WindowsLiveInstaller
2008-05-19 21:05 . 2008-05-19 21:26 <DIR> d-------- C:\Programmi\Windows Live
2008-05-19 21:05 . 2008-05-19 21:05 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-05-19 21:01 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-05-19 21:01 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-05-19 21:01 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-05-19 21:01 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-05-19 21:01 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-05-19 21:00 . 2008-05-19 21:00 <DIR> d--hs---- C:\Documents and Settings\Riccio\UserData
2008-05-19 20:58 . 2008-05-19 20:58 <DIR> d-------- C:\Programmi\LimeWire
2008-05-19 20:55 . 2008-05-19 20:55 <DIR> d-------- C:\Programmi\Download Express
2008-05-19 20:55 . 2008-05-19 20:55 <DIR> d-------- C:\Documents and Settings\Riccio\Dati applicazioni\MetaProducts
2008-05-19 20:52 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-19 20:51 . 2008-05-19 20:52 <DIR> d-------- C:\Programmi\Java
2008-05-19 20:50 . 2008-05-19 20:50 <DIR> d-------- C:\Programmi\File comuni\Java
2008-05-19 20:45 . 2008-05-19 20:46 <DIR> d-------- C:\Programmi\SpeedBit Video Accelerator
2008-05-19 20:45 . 2008-05-19 20:45 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
2008-05-19 20:32 . 2008-05-19 20:32 <DIR> d-------- C:\Documents and Settings\Riccio\Dati applicazioni\Talkback
2008-05-19 20:32 . 2008-05-19 20:32 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-19 20:29 . 2008-05-19 20:29 <DIR> d-------- C:\Programmi\hp deskjet 3320 series
2008-05-19 20:29 . 2008-05-19 20:30 <DIR> d-------- C:\Programmi\Hewlett-Packard
2008-05-19 20:29 . 2008-05-19 20:29 772 --a------ C:\WINDOWS\hpinfo.lnk
2008-05-19 20:27 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-19 20:27 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-05-17 19:17 . 2008-05-17 19:17 268 --ah----- C:\sqmdata00.sqm
2008-05-17 19:17 . 2008-05-17 19:17 244 --ah----- C:\sqmnoopt00.sqm
2008-05-17 18:40 . 2008-05-17 18:40 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Yahoo! Companion
2008-05-17 16:52 . 2008-05-17 16:52 <DIR> d-------- C:\Programmi\Avira
2008-05-17 16:52 . 2008-05-17 16:52 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avira
2008-05-17 16:51 . 2008-05-17 16:51 <DIR> d-------- C:\Programmi\Yahoo!
2008-05-17 16:51 . 2008-05-17 16:51 <DIR> d-------- C:\Programmi\CCleaner
2008-05-17 16:49 . 2008-05-17 16:49 <DIR> d-------- C:\Programmi\ffdshow
2008-05-17 16:49 . 2007-04-24 17:30 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-05-17 16:49 . 2007-06-03 14:31 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-17 16:49 . 2006-12-10 23:32 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-05-17 16:48 . 2008-05-17 16:48 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-17 16:38 . 2008-05-17 16:38 <DIR> d-------- C:\Programmi\File comuni\Adobe
2008-05-17 16:33 . 2008-05-20 14:49 <DIR> d-------- C:\Programmi\File comuni\InterVideo
2008-05-17 16:33 . 2008-05-23 16:39 <DIR> d-------- C:\Program Files
2008-05-17 16:33 . 2008-05-17 16:33 <DIR> d-------- C:\Documents and Settings\Riccio\Dati applicazioni\InterVideo
2008-05-17 16:32 . 2008-05-20 14:49 <DIR> d-------- C:\Programmi\InterVideo
2008-05-17 16:32 . 2008-05-17 16:32 <DIR> d-------- C:\Programmi\Creative
2008-05-17 16:32 . 2003-01-27 16:32 831,600 --a------ C:\WINDOWS\system32\Ctaa1.dat
2008-05-17 16:32 . 2003-11-11 10:44 333,600 --a------ C:\WINDOWS\system32\drivers\ctdvda2k.sys
2008-05-17 16:32 . 2003-11-11 10:43 77,824 --a------ C:\WINDOWS\system32\ctdvda32.dll
2008-05-17 16:31 . 2008-05-17 16:32 <DIR> d-------- C:\WINDOWS\BarTr23
2008-05-17 16:31 . 1998-04-25 00:00 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2008-05-17 16:31 . 2001-05-24 12:59 162,304 --a------ C:\UNWISE.EXE
2008-05-17 16:31 . 2001-03-13 14:49 140,288 --a------ C:\WINDOWS\system32\COMDLG32.OCX
2008-05-17 16:31 . 2001-05-24 13:00 6,558 --a------ C:\UNWISE.INI
2008-05-17 16:30 . 2008-05-19 13:32 <DIR> d-------- C:\Documents and Settings\Riccio\Dati applicazioni\Ahead
2008-05-17 16:29 . 2008-05-17 16:29 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Ahead
2008-05-17 16:28 . 2008-05-17 16:28 <DIR> d-------- C:\Programmi\Nero
2008-05-17 16:28 . 2008-05-17 16:29 <DIR> d-------- C:\Programmi\File comuni\Ahead
2008-05-17 16:28 . 2008-05-17 16:28 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Nero

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-23 17:35 52,736 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-05-23 17:35 1,475,584 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-05-23 14:51 51,200 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-05-23 13:10 352,256 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-05-21 13:14 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-05-21 13:14 --------- d-----w C:\Programmi\File comuni\InstallShield
2008-05-17 14:43 --------- d-----w C:\Programmi\Microsoft Works
2008-05-17 14:05 --------- d-----w C:\Programmi\Microsoft Student
2008-04-02 19:08 54,672 ----a-w C:\WINDOWS\system32\vsutil_loc0410.dll
2008-04-02 19:08 42,384 ----a-w C:\WINDOWS\zllsputility_loc0410.dll
2008-04-02 19:08 21,904 ----a-w C:\WINDOWS\system32\imsinstall_loc0410.dll
2008-04-02 19:08 17,808 ----a-w C:\WINDOWS\system32\imslsp_install_loc0410.dll
2008-04-02 19:07 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-04-02 19:07 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-03-25 08:20 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27 153136]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Programmi\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 09:57 143360]
"NeroFilterCheck"="C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"avgnt"="C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-05-17 19:00 262401]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-07-10 17:02 188416]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ZoneAlarm Client"="C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 21:07 919016]
"ATICCC"="C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
"muBlinder"="C:\Documents and Settings\Riccio\Impostazioni locali\Temp\Directory temporanea 1 per muBlinder.zip\muBlinder.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:39 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=
"C:\\Programmi\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2008-05-19 20:45]
R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [2008-05-19 20:45]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2006-03-16 05:39]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54539f43-cfab-11d3-898c-806d6172696f}]
\Shell\AutoRun\command - D:\Bin\asusqfe.exe

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-25 19:24:31
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


**************************************************************************
.
Ora fine scansione: 2008-05-25 19.27.18
ComboFix-quarantined-files.txt 2008-05-25 17:26:14

8 Directory 55,067,942,912 byte disponibili
11 Directory 55,046,807,552 byte disponibili

234 --- E O F --- 2008-05-21 13:03:50
Torna in alto
 
r16
Inviato: Sunday, May 25, 2008 9:05:52 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao derfel91 .
Beh......Combofix ti ha levato parecchie schifezze.
Per sicurezza, scarica questi 2 programmi, e li fai girare in MODALITA PROVVISORIA:
Se non sai andare in Modalità Provvisoria,leggi questa guida dettagliata:
http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80122
Prima scarichi i programmi e Dopo vai in Modalità Provvisoria,e fai le scansioni.

Scarica Norman Malware Cleaner http://download.norman.no/public/Norman_Malware_Cleaner.exe
Norman Malware Cleaner lo si fà girare in MODALITA PROVVISORIA.

Si avvia
si accetta la licenza
si clicca Start Scan
si attende la fine della scansione
Viene generato un log sul desktop, postalo qui.
In alcuni casi Norman Malware Cleaner potrebbe richiedere il riavvio del computer per rimuovere completamente l'infezione, in
questo caso è raccomandata una seconda esecuzione del programma dopo aver riavviato il PC per garantire la completa rimozione di tutti i files infetti.

Scarica VIRIT :
http://www.tgsoft.it/italy/download.htm lo aggiorni (cliccando sulla parabola in alto) e lo fai girare in Modalità Provvisoria (è molto importante).
Posta un nuovo log di HijackThis
Dopo queste operazioni,dimmi come funziona il pc, e se si aprono ancora quelle pagine di pubblicità.
Torna in alto
 
derfel91
Inviato: Monday, May 26, 2008 2:12:07 PM
Rank: Newbie

Iscritto dal : 5/25/2008
Posts: 0
Ciao r16,a dir la verità da quando ho fatto lo scan con combofix non escono piu le pubblicità,devo scaricare lo stesso questi programmi?
Torna in alto
 
derfel91
Inviato: Monday, May 26, 2008 3:26:29 PM
Rank: Newbie

Iscritto dal : 5/25/2008
Posts: 0
Ecco il file di testo che mi ha dato Norman Malware Cleaner:






Norman Malware Cleaner
Copyright © 1990 - 2008, Norman ASA. Built 2008/05/12 19:08:33

Norman Scanner Engine Version: 5.92.04
Nvcbin.def Version: 5.92.00, Date: 2008/05/12 19:08:33, Variants: 1631317

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600(Safe mode) Service Pack 2
Logged on user: USER-6D72902CE3\Riccio

Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000

Scan started: 26/05/2008 14:27:06


Scanning running processes and process memory...

Number of processes/threads found: 514
Number of processes/threads scanned: 514
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 13s


Scanning file system...

Scanning: C:\*.*

C:\Programmi\Nero\Nero 7\Nero BackItUp\BackItUp_ImageTool\root.img/unknown0 (Error whilst scanning file: I/O Error)
C:\Programmi\Nero\Nero 7\Nero BackItUp\BackItUp_ImageTool\root.img (Possible archive bomb)


Running post-scan cleanup routine:

Number of files found: 98434
Number of archives unpacked: 959
Number of files scanned: 98397
Number of files not scanned: 37
Number of files skipped due to exclude list: 0
Number of infected files found: 1
Number of infected files repaired/deleted: 0
Number of infections removed: 0
Total scanning time: 27m 39s
Torna in alto
 
derfel91
Inviato: Monday, May 26, 2008 3:28:50 PM
Rank: Newbie

Iscritto dal : 5/25/2008
Posts: 0
Ecco invece il log di Hijack This




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.27.56, on 26/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [muBlinder] C:\Documents and Settings\Riccio\Impostazioni locali\Temp\Directory temporanea 1 per muBlinder.zip\muBlinder.exe -startup
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con Download &Express - C:\Programmi\Download Express\Add_Url.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211223650109
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211297891578
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8501 bytes
Torna in alto
 
r16
Inviato: Monday, May 26, 2008 5:36:51 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao derfel91 .
Norman ti ha corretto una chiave del Registro.
E dà delle possibilità,(non è sicuro) che Nero 7sia infettato:
C:\Programmi\Nero\Nero 7\Nero BackItUp\BackItUp_ImageTool\root.img (Possible archive bomb).
Io lo disistallerei e poi lo reistallerei.
Poi fai tu........
Per il resto sei a posto,il log di HijackThis è pulito.
Ciao!
Torna in alto
 
derfel91
Inviato: Monday, May 26, 2008 5:44:27 PM
Rank: Newbie

Iscritto dal : 5/25/2008
Posts: 0
Grazie di tutto r16 sia per la pazienza e sia per la puntualità con le tue risposte.Alla prossima.CIAUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo log di HijackThis


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.