Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

aiuto virus Opzioni
pasti
Inviato: Tuesday, January 09, 2007 2:51:20 PM

Rank: AiutAmico

Iscritto dal : 11/28/2006
Posts: 199
micompare continuamente un malwere chenon riesco a cancellare con avarst e si chiama
WIN 32:AGENT-GEN
e mi da il nome del file C:windows\xoffy1.dll che cosa faccio??
Sponsor
Inviato: Tuesday, January 09, 2007 2:51:20 PM

 
monsee
Inviato: Tuesday, January 09, 2007 7:25:57 PM
Rank: AiutAmico

Iscritto dal : 4/5/2005
Posts: 22,971
Prova a fare così:

Apri Avast! (devi cliccare col tasto destro del mouse sull'icona che è nel tray e selezionare la voce "Avvia Avast! antivirus"). Nello splash-screen che si apre, clicca sulla piccola freccia che punta verso l'alto (la vedrai sul lato in alto, alla tua sinistra, dello splash-screen) e seleziona la voce "Programma scansione all'avvio". Si aprirà una fimestra. Metti la spuna alla voce "Dischi locali" e "Files compressi" e poi clicca sul pulsante "Programma". Si aprirà un messaggio che ti chiede se vuoi riavviare. Clicca su "sì". Avast! riavvierà il computer. Non rientrerai, operò, in Windows, al riavvio: inizierà, invece, una scansione completa del computer (tu vedrai scorrer sullo schermo l'elenco dei fil scansionati). Se viene rilevato qualcosa, ti verrà chiesto di premere un tasto: a seconda del tasto che premerai, Avast! eliminerà il file "infetto" rilevato o proverà a fare quel che tu hai richiesto. Alla fine di tutto, Avast! riavvierà di nuovo il computer e tu potrai tornare, finalmente in Windows.
Una accortezza, comunque: prima di impostare la "scansione all'avvio", disabilita il Ripristino configurazione di sistema (lo riattiverai, poi, quando il problema tuo sarà risolto e ti creerai un nuovo "punto di ripristino").

Quello che hai letto sopra, è un copia-e-incolla da un altro mio post (scritto in risposta ad un altro Utente), ma credo possa servire anche a te, giacché utilizzi Avast! pure tu.
pidue
Inviato: Tuesday, January 09, 2007 7:58:50 PM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
<BLOCKQUOTE id=quote><font size=1 face="Sans Serif, Arial, Helvetica" id=quote>quote:<hr height=1 noshade id=quote>
C:windows\xoffy1.dll che cosa faccio??
<hr height=1 noshade id=quote></BLOCKQUOTE id=quote></font id=quote><font face="Sans Serif, Arial, Helvetica" size=2 id=quote>

<b>Link Optimizer </b>al 99,99%.

Edited by - pidue on 01/09/2007 19:59:32



pasti
Inviato: Tuesday, January 09, 2007 11:31:35 PM

Rank: AiutAmico

Iscritto dal : 11/28/2006
Posts: 199
<BLOCKQUOTE id=quote><font size=1 face="Sans Serif, Arial, Helvetica" id=quote>quote:<hr height=1 noshade id=quote>
<BLOCKQUOTE id=quote><font size=1 face="Sans Serif, Arial, Helvetica" id=quote>quote:<hr height=1 noshade id=quote>
C:windows\xoffy1.dll che cosa faccio??
<hr height=1 noshade id=quote></BLOCKQUOTE id=quote></font id=quote><font face="Sans Serif, Arial, Helvetica" size=2 id=quote>

<b>Link Optimizer </b>al 99,99:.

GRAZIE DELLE RISPOSTE MA CON AVARST HO FATTO UN SACCO DISCANSIONISIA ALL'AVIO SIA IN PROVVISORIA ANCHE CON SPYBOT ED ADWERE E ANCORA COMWIN E CON VIRIT E AVG NON SO CHE PIU FARE AIUTATEMI VI PREGO CON AVARS VERAMENTE NON RIESCO A CANCELLARLO!!!!!FORSE è Link Optimizer MA COSA DEFO FARE ALLORA?
ALLEGO LOG:
Logfile of HijackThis v1.99.1
Scan saved at 23.27.52, on 09/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\U.S. Robotics\Wireless USB Manager\PRISMSVR.EXE
C:\VEXPLITE\viritsvc.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\ClamWin\bin\ClamTray.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\U.S. Robotics\Wireless USB Manager\USR11G.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
D:\DOCUMENTI SECONDARIO\INFORMATICA\PROGRAMMI SCARICATI\hij\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice.it/oggi/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0577A6C1-C18D-BD84-C533-9EB0BEB16421} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4145FDCA-2663-4068-87E3-13FB19A94FE6} - (no file)
O2 - BHO: (no name) - {5354AF8B-4C39-42AD-94CF-403B470AE050} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Programmi\U.S. Robotics\Wireless USB Manager\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [KernelFaultCheck] :systemroot:\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programmi\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: U.S. Robotics Wireless USB Adapter.lnk = C:\Programmi\U.S. Robotics\Wireless USB Manager\USR11G.exe
O8 - Extra context menu item: andICQ Toolbar Search - res://C:\Programmi\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: andPointandandGo - C:\Programmi\File comuni\Expert System\PGPlatform\PGPlatform.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - :windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: www.adobe.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1147302423734
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155758932781
O17 - HKLM\System\CCS\Services\Tcpip\..\{050367CD-C0E4-479A-9E0D-11E439AE0A0B}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{050367CD-C0E4-479A-9E0D-11E439AE0A0B}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{050367CD-C0E4-479A-9E0D-11E439AE0A0B}: NameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{050367CD-C0E4-479A-9E0D-11E439AE0A0B}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: \\?\C:\WINDOWS\system32\lpt5.zxd
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecAcg - Unknown owner - C:\Programmi\Windows NT\LXm.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe








Edited by - pidue on 01/09/2007 19:59:32
<hr height=1 noshade id=quote></BLOCKQUOTE id=quote></font id=quote><font face="Sans Serif, Arial, Helvetica" size=2 id=quote>
pidue
Inviato: Wednesday, January 10, 2007 11:08:34 AM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
Ciao, dai ancora una passata con <b>VirIt</b> in modalità provvisoria.
Poi scarica questi due tool:

http://www.prevx.com/gromozon.asp
http://securityresponse.symantec.com/avcenter/FixLinkopt.exe

Prima di lanciarli, pulisci il pc da tutte le inutilità (cookies, file temp, ecc..se hai un tool apposta, tanto meglio);
chiudi tutti i programmi in esecuzione, disconnettiti da Internet, lancia il primo tool, premendo su Scan;
poi rispondi YES alla richiesta di riavvio.
Al riavvio il tool terminerà la procedura e rilascerà un log in C:\gromozon_removal.txt;


Per eseguire il secondo tool riavvia in Modalità Provvisoria;
poi lancia file FixLinkopt.exe, accetta il contratto di licenza, clicca su Start per avviare l'analisi.
Consulta il log Fixlinkopt.txt.

Posta di nuovo il log di HJT.



pasti
Inviato: Wednesday, January 10, 2007 6:54:21 PM

Rank: AiutAmico

Iscritto dal : 11/28/2006
Posts: 199
[quote]
Ciao, dai ancora una passata con <b>VirIt</b> in modalità provvisoria.
Poi scarica questi due tool:

http://www.prevx.com/gromozon.asp
http://securityresponse.symantec.com/avcenter/FixLinkopt.exe

Prima di lanciarli, pulisci il pc da tutte le inutilità (cookies, file temp, ecc..se hai un tool apposta, tanto meglio);
chiudi tutti i programmi in esecuzione, disconnettiti da Internet, lancia il primo tool, premendo su Scan;
poi rispondi YES alla richiesta di riavvio.
Al riavvio il tool terminerà la procedura e rilascerà un log in C:\gromozon_removal.txt;


Per eseguire il secondo tool riavvia in Modalità Provvisoria;
poi lancia file FixLinkopt.exe, accetta il contratto di licenza, clicca su Start per avviare l'analisi.
Consulta il log Fixlinkopt.txt.

Posta di nuovo il log di HJT.


ALLORA EQUELLO ALLEGO I LOG DI SYMANTEC

Symantec Trojan.Linkoptimizer Removal Tool 1.0.8
Restored SeDebugPrivilege to Administrators group
service: SecAcg (logon as: .\EGppFW, passed filters)
service: SecAcg (file path: C:\Programmi\Windows NT\zAg.exe - infected)
file: C:\Programmi\Windows NT\zAg.exe (deleted)
reg: ...\SYSTEM\CurrentControlSet\Services\SecAcg\Security (key deleted)
reg: ...\SYSTEM\CurrentControlSet\Services\SecAcg\Enum (key deleted)
reg: ...\SYSTEM\CurrentControlSet\Services\SecAcg (key deleted)
reg: ...\SpecialAccounts\UserList\EGppFW (value deleted)
folder: \\?\C:\Documents and Settings\EGppFW (deleted)
user: EGppFW (deleted)



Trojan.Linkoptimizer has been successfully removed from your computer!

Here is the report:

The total number of the scanned files: 86541
The number of deleted threat files: 1
The number of directories deleted: 1
The number of threat processes terminated: 0
The number of threat threads terminated: 0
The number of registry entries fixed: 4
The number of threat services removed: 1
The number of accounts disabled: 1

The tool initiated a system reboot.

registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (cleared)
DIMMICHE ALTRO DEVO FARE A VIRIT NONHA TROVATO NULLA E NEMMENO L'ANTI-ROOTKIT
GRAZIE MILLE
pidue
Inviato: Wednesday, January 10, 2007 9:27:30 PM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
Se leggi bene, il tool della Symantec il rootkit l'ha scovato e l'ha rimosso. C'è anche scritto <b>Trojan.Linkoptimizer has been successfully removed from your computer!</b>

Adesso possta il lo di HijackThis e forse ce ne sbarazziamo definitivamente.


Edited by - pidue on 01/10/2007 21:29:44



pasti
Inviato: Thursday, January 11, 2007 9:14:08 AM

Rank: AiutAmico

Iscritto dal : 11/28/2006
Posts: 199
GRAZIE...SCUSA L'IGNORANZA I LOG DI HIJ LO POSTO IN PROVVISORIA O ANCHE NORMALMENTE?
pidue
Inviato: Thursday, January 11, 2007 2:40:15 PM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
In modalità normale.



giza
Inviato: Thursday, January 11, 2007 2:43:53 PM

Rank: AiutAmico

Iscritto dal : 10/27/2006
Posts: 9,618
pasti
Inviato: Thursday, January 11, 2007 3:04:29 PM

Rank: AiutAmico

Iscritto dal : 11/28/2006
Posts: 199
grazie sia a gizia che a pidue..
pidue eccoil log:
Logfile of HijackThis v1.99.1
Scan saved at 15.00.06, on 11/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programmi\U.S. Robotics\Wireless USB Manager\PRISMSVR.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmi\ClamWin\bin\ClamTray.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\U.S. Robotics\Wireless USB Manager\USR11G.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
D:\DOCUMENTI SECONDARIO\INFORMATICA\PROGRAMMI SCARICATI\hij\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice.it/oggi/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0577A6C1-C18D-BD84-C533-9EB0BEB16421} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4145FDCA-2663-4068-87E3-13FB19A94FE6} - (no file)
O2 - BHO: (no name) - {5354AF8B-4C39-42AD-94CF-403B470AE050} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Programmi\U.S. Robotics\Wireless USB Manager\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [KernelFaultCheck] :systemroot:\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programmi\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: U.S. Robotics Wireless USB Adapter.lnk = C:\Programmi\U.S. Robotics\Wireless USB Manager\USR11G.exe
O8 - Extra context menu item: andICQ Toolbar Search - res://C:\Programmi\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: andPointandandGo - C:\Programmi\File comuni\Expert System\PGPlatform\PGPlatform.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - :windir:\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: www.adobe.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1147302423734
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155758932781
O17 - HKLM\System\CCS\Services\Tcpip\..\{050367CD-C0E4-479A-9E0D-11E439AE0A0B}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{050367CD-C0E4-479A-9E0D-11E439AE0A0B}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{050367CD-C0E4-479A-9E0D-11E439AE0A0B}: NameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{050367CD-C0E4-479A-9E0D-11E439AE0A0B}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: \\?\C:\WINDOWS\system32\lpt5.zxd
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecAcg - Unknown owner - C:\Programmi\Windows NT\zAg.exe (file missing)
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

pidue
Inviato: Thursday, January 11, 2007 5:07:37 PM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
Ciao ,
- <b>Disattiva il ripristino di configurazione di sistema</b>;

- <b>Riavvia in modalità provvisoria</b>;
- <b>rendi visibili le cartelle nascoste:</b>

- da Risorse del computer >> Strumenti >> Opzioni cartella >> visualizzazione
metti la spunta su:
<i>"Visualizza file e cartelle nascoste"</i>;

toglila da:
<i>"Nascondi file protetti del sistema (consigliato)"</i>

Chiudi HJT in una cartella sua, non sul desktop, per esempio in C:\HJT;

Avvia hijackthis, con tutte le applicazioni chiuse,premi su <b>do a system scan only</b>, spunta ed elimina ( premi il tasto<b>fix checked)</b> la voci che sotto ti elenco:
____________________________________________
<font color=red>
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {4145FDCA-2663-4068-87E3-13FB19A94FE6} - (no file)
O2 - BHO: (no name) - {5354AF8B-4C39-42AD-94CF-403B470AE050} - (no file)
O8 - Extra context menu item: andICQ Toolbar Search - res://C:\Programmi\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - :windir:\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing
O15 - Trusted Zone: www.adobe.com
O20 - AppInit_DLLs: \\?\C:\WINDOWS\system32\ lpt5.zxd
O23 - Service: SecAcg - Unknown owner - C:\Programmi\Windows NT\zAg.exe (file missing)
</font id=red>__________________________________________


- Cerca ed elimina il file in rosso<b>
=========================================
C:\WINDOWS\system32\<font color=red>lpt5.zxd</font id=red></b>

===========================================

- Una volta terminata l'operazione di disinfezione di Hijackthis, apri
Pannello di controllo >> Opzioni internet >> Programmi >> premi il pulsante
"Ripristina impostazioni web". Conferma con OK.

Segui il punto <b>1</b> qui sotto <b>Operazioni preliminari</b>:
http://www.microsoft.com/italy/technet/community/mvp/editoriali/spyware.mspx



Elimina tutto il contenuto della cartella Temp nel tuo profilo.

- Svuota il Cestino.

- <b>Alla fine:</b>

rinascondi le cartelle di sistema;
riattiva il ripristino configurazione di sistema e crea un nuovo punto di ripristino.


.



pasti
Inviato: Thursday, January 11, 2007 11:08:44 PM

Rank: AiutAmico

Iscritto dal : 11/28/2006
Posts: 199
NON TROVO LA DLL NEL PERCORSO:
C:\WINDOWS\system32\lpt5.zxd
COSA FACCIO???GRAZIE
pidue
Inviato: Thursday, January 11, 2007 11:13:38 PM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
Meglio così, questo significa che è bastato fixare la riga 020. Elimina il resto e posta un nuovo log. Ciao

Edited by - pidue on 01/11/2007 23:19:36



pasti
Inviato: Friday, January 12, 2007 2:49:40 PM

Rank: AiutAmico

Iscritto dal : 11/28/2006
Posts: 199
TI RIPOSTO IL LOG DIMMI SE è TUTTO OK E GRAZIE:
Logfile of HijackThis v1.99.1
Scan saved at 14.26.45, on 12/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\DOCUMENTI SECONDARIO\INFORMATICA\PROGRAMMI SCARICATI\hij\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice.it/oggi/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {0577A6C1-C18D-BD84-C533-9EB0BEB16421} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Programmi\U.S. Robotics\Wireless USB Manager\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [KernelFaultCheck] :systemroot:\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programmi\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: U.S. Robotics Wireless USB Adapter.lnk = C:\Programmi\U.S. Robotics\Wireless USB Manager\USR11G.exe
O8 - Extra context menu item: andPointand&Go - C:\Programmi\File comuni\Expert System\PGPlatform\PGPlatform.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1147302423734
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155758932781
O17 - HKLM\System\CCS\Services\Tcpip\..\{050367CD-C0E4-479A-9E0D-11E439AE0A0B}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{050367CD-C0E4-479A-9E0D-11E439AE0A0B}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{050367CD-C0E4-479A-9E0D-11E439AE0A0B}: NameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{050367CD-C0E4-479A-9E0D-11E439AE0A0B}: NameServer = 192.168.1.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

PASTI
pidue
Inviato: Friday, January 12, 2007 4:16:43 PM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
Ciao, è rimasta questa riga:


<font color=red>O2 - BHO: (no name) - {0577A6C1-C18D-BD84-C533-9EB0BEB16421} - (no file)
</font id=red>

Riprova con HijackThis in modalità provvisoria.

Per il resto, dimmi se compare ancora il malware, anche se mi sembra che non ci sia più il file <b>xoffy1.dll</b>


Edited by - pidue on 01/12/2007 16:19:52



pasti
Inviato: Saturday, January 13, 2007 3:19:05 AM

Rank: AiutAmico

Iscritto dal : 11/28/2006
Posts: 199
ciao eccomi qua scusa l'ora!!! fixato anche questo ma sembra che ci sia ancora qualcosanel log mida un'ultima occhiata??grazie:
Logfile of HijackThis v1.99.1
Scan saved at 2.59.02, on 13/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\DOCUMENTI SECONDARIO\INFORMATICA\PROGRAMMI SCARICATI\hij\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice.it/oggi/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Programmi\U.S. Robotics\Wireless USB Manager\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [KernelFaultCheck] :systemroot:\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programmi\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: U.S. Robotics Wireless USB Adapter.lnk = C:\Programmi\U.S. Robotics\Wireless USB Manager\USR11G.exe
O8 - Extra context menu item: andPointand&Go - C:\Programmi\File comuni\Expert System\PGPlatform\PGPlatform.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1147302423734
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155758932781
O17 - HKLM\System\CCS\Services\Tcpip\..\{050367CD-C0E4-479A-9E0D-11E439AE0A0B}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{050367CD-C0E4-479A-9E0D-11E439AE0A0B}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{050367CD-C0E4-479A-9E0D-11E439AE0A0B}: NameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{050367CD-C0E4-479A-9E0D-11E439AE0A0B}: NameServer = 192.168.1.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

pidue
Inviato: Saturday, January 13, 2007 9:33:52 AM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
Ciao, il log è a posto. Ci sarebbe questa riga, non te l'ho fatta fixare perchè non era qui il problema e poi perchè potrebbe essere qualcosa che conosci. Fixala solo se ti è sconosciuta.

<font color=red>O8 - Extra context menu item: andPointand&Go - C:\Programmi\File comuni\Expert System\PGPlatform\PGPlatform.htm
</font id=red>



pasti
Inviato: Saturday, January 13, 2007 1:49:10 PM

Rank: AiutAmico

Iscritto dal : 11/28/2006
Posts: 199
no non ti preoccupare la conosco grazie mille invece dell'aiuto ma dove potrei essermi infettato con questa roba?ede pericola ai fini della privacy delle mie password ad es.un collegamento con in https con bache o altro??
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.