Olimpo Informatico

Jon Snow · Eroe Registrato: 23/12/07 00:37 Messaggi: 50

Ciao a tutti, sono nuovo di qui e sono disperato. E' una settimana che provo a risolvere il seguente problema:

Ho provato a usare alcuni antivirus, fare uno scan online, fare ripristino di configurazione di sistema e qualcosa di altro ma nulla.
Cosa posso fare? Sad

Sante62 · Dio maturo Registrato: 27/06/07 17:55 Messaggi: 3477 Residenza: Floridia

Jon Snow · Eroe Registrato: 23/12/07 00:37 Messaggi: 50

Ok cerco di essere più preciso, pensavo che postare già il tipo di errore fosse illuminante ma mi son sbagliato Laughing

Allora, un po' di tempo fa il firewall che usavo (zone-alarm) mi impediva di navigare in internet perchè dopo qualche minuto di navigazione non mi faceva più caricare le pagine web nè con mozilla nè con explorer.
Così ho tolto il firewall, consigliato anche da un amico, e il problema si è risolto. Premetto che zone alarm lo avevo già installato da qualche anno e non mi ha mai dato problemi simili in passato.
Dopo qualche giorno ho notato che non mi si caricava più automaticamente avg, l'antivirus che uso, e nemmeno virit che ho scaricato da meno di un mese, mi sono ricordato allora che il giorno in cui zone alarm mi aveva dato dei problemi non era stato automaticamente caricato dal pc all'avvio e inoltre non partiva se lo caricavo io, per questo poi ho optato per l'eliminazione.
Dallo stesso giorno, una settimana fa cioè, ha cominciato ad apparirmi il simpatico errore di cui sopra e ultimamente capita, pochissime volte ma capita, che l'errore faccia riferimento a memorie che non possono essere read nè written.
Posto ora qui di seguito il log di HJT, spero possa esservi di aiuto:

Logfile of HijackThis v1.99.1
Scan saved at 10.45.06, on 23/12/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\System32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
G:\WINDOWS\system32\spoolsv.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
c:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\Explorer.EXE
G:\VEXPLITE\viritsvc.exe
G:\WINDOWS\Mixer.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
G:\VEXPLITE\MONLITE.EXE
G:\WINDOWS\System32\Offlce.exe
G:\WINDOWS\System32\ctfmon.exe
G:\WINDOWS\System32\WgaTray.exe
C:\Programmi\Corel\Graphics9\Register\Remind32.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
G:\Documents and Settings\Bar Ferraris\Documenti\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freesarticles.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {45E59270-B286-25BC-5A7A-8876342705DB} - G:\WINDOWS\anmul1.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: Virgilio Toolbar - {D3403F28-7D39-435F-A8CB-45016C29E48E} - C:\Programmi\Virgilio Toolbar\VirgilioBand.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programmi\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll (file missing)
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AtiPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\bak\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] G:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [OfficeWord Monitors] G:\WINDOWS\System32\Offlce.exe
O4 - HKLM\..\Run: [Microsoft Oftice] G:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [Windows Networking Monitoring] G:\WINDOWS\System32\mdm.exe
O4 - HKLM\..\Run: [Microsoft Update] G:\WINDOWS\System32\spool.exe
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SOProc_DAP] rundll32 shell32.dll,ShellExec_RunDLL C:\PROGRA~1\SOFTWA~1\soproc.exe -pack DAP
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [Microsoft Oftice] G:\WINDOWS\System32\msmsgs.exe
O4 - HKCU\..\Run: [OfficeWord Monitors] G:\WINDOWS\System32\Offlce.exe
O4 - HKCU\..\Run: [Microsoft Windows Driver] G:\WINDOWS\rundll32.exe
O4 - HKCU\..\Run: [Windows Networking Monitoring] G:\WINDOWS\System32\mdm.exe
O4 - HKCU\..\Run: [Microsoft Update] G:\WINDOWS\System32\spool.exe
O4 - Startup: Fantacalcio Manager 2006 - Top Edition Quick Loader.lnk = C:\Programmi\FCM\FCMLoad.exe
O4 - Startup: Registrazione Corel.lnk = C:\Programmi\Corel\Graphics9\Register\Remind32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programmi\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .pdf: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5190/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{390CA4CF-DCB4-49DD-A3FB-5073DEFE96FC}: NameServer = 85.37.17.48 85.38.28.88
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - c:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - G:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - G:\VEXPLITE\viritsvc.exe

Sante62 · Dio maturo Registrato: 27/06/07 17:55 Messaggi: 3477 Residenza: Floridia

L'errore di svchost in genere deriva dagli aggiornamenti automatici di Windows ma questo lo vedremo dopo aver ripulito il PC, perchè è infetto. Togliere il firewall, poi, è stata una pessima idea ed è strano che ti ha provocato tutti quei problemi. Io ce l'ho da una vita Zone Alarm, e non mi ha mai dato problemi. Ricorda comunque che vanno configurati correttamente e oltretutto è il più facile, oltre che essere in italiano. Valuta la possibilità di installarlo, oppure opta per un altro perchè è importante tanto quanto l'antivirus. Poi ho visto che probabilmente non possiedi il Service Pack 2, se è così scaricatelo urgentemente da quì. Fai altrettanto con Internet Explorer aggiornandolo alla versione 7, o meglio ancora, scaricati Firefox o Opera che sono molto più sicuri.
Veniamo ora alla pulizia del PC. Guarda questa discussione relativa a Combofix, scaricalo e fai la scansione del PC, postando il risultato come indicato, insieme ad un nuovo log di Hijackthis, scaricandoti però la versione aggiornata.

Jon Snow · Eroe Registrato: 23/12/07 00:37 Messaggi: 50

Ho scaricato tutto quello che mi hai detto ma non riesco ad aggiornare il pc al service pack 2.
Dice che c'è un errore nel product key, non so che fare perchè windows mi era stato già installato quando ho comprato il computer, pensavo fosse originale ed evidentemente c'è qualcosa che non va. Qualche consiglio?
Inoltre quando provo a reinstallare zonealarm mi si riavvia da solo il pc mentre il programma sta facendo l'inizializzazione. Crying or Very sad

Sante62 · Dio maturo Registrato: 27/06/07 17:55 Messaggi: 3477 Residenza: Floridia

Jon Snow · Eroe Registrato: 23/12/07 00:37 Messaggi: 50

In attesa di chiarimenti per windows ho usato combofix e il nuovo HJT, posto qui di seguito i 2 log:

Combofix:

ComboFix 07-12-23.2 - Bar Ferraris 2007-12-23 17.20.14.1 - NTFSx86
Eseguito da: G:\Documents and Settings\Bar Ferraris\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Programmi\winupdates
C:\Programmi\winupdates\a.zip
G:\Documents and Settings\Bar Ferraris\Impostazioni locali\Temporary Internet Files\sc
G:\Documents and Settings\Bar Ferraris\Impostazioni locali\Temporary Internet Files\sc\console.html
G:\WINDOWS\10.tmp
G:\WINDOWS\12.tmp
G:\WINDOWS\NDNuninstall5_48.exe
G:\WINDOWS\rundll32.exe
G:\WINDOWS\system32\a.exe
G:\WINDOWS\system32\msmsgs.exe

.
((((((((((((((((((((((((( Files Creati Da 2007-11-23 al 2007-12-23 )))))))))))))))))))))))))))))))))))
.

2007-12-23 00:23 . 2007-12-23 00:26 <DIR> d-------- G:\QUARANTENA_VIRIT
2007-12-22 22:22 . 2007-12-22 22:22 <DIR> d-------- C:\Programmi\RegCure
2007-12-21 22:21 . 2007-12-22 00:59 482 --a------ G:\WINDOWS\system32\tj
2007-12-21 22:21 . 2007-12-21 22:21 0 --a------ G:\WINDOWS\system32\bb.exe
2007-12-21 21:13 . 2007-06-05 10:56 44,928 --a------ G:\WINDOWS\system32\drivers\SDTHOOK.SYS
2007-12-21 20:52 . 2007-12-21 21:22 <DIR> d-------- G:\WINDOWS\system32\ActiveScan
2007-12-21 20:52 . 2007-12-21 20:52 30,590 --a------ G:\WINDOWS\system32\pavas.ico
2007-12-21 20:31 . 2007-12-21 20:31 <DIR> d-------- G:\WINDOWS\McAfee.com
2007-12-20 21:13 . 2007-12-20 21:13 0 --a------ G:\WINDOWS\system32\gg.exe
2007-12-19 22:49 . 2007-12-19 22:49 0 --a------ G:\WINDOWS\system32\sh.exe
2007-12-16 20:05 . 2007-12-16 20:05 208 --a------ G:\WINDOWS\system32\MRT.INI
2007-12-16 14:31 . 2007-12-16 22:22 53,248 ---hs---- G:\WINDOWS\system32\Offlce.exe
2007-12-14 21:20 . 2007-12-14 21:20 <DIR> d-------- G:\WINDOWS\system32\bak
2007-12-14 09:00 . 2007-12-14 09:00 244 --ah----- G:\sqmnoopt19.sqm
2007-12-14 09:00 . 2007-12-14 09:00 232 --ah----- G:\sqmdata19.sqm
2007-12-14 08:56 . 2007-12-14 08:56 244 --ah----- G:\sqmnoopt18.sqm
2007-12-14 08:56 . 2007-12-14 08:56 244 --ah----- G:\sqmnoopt17.sqm
2007-12-14 08:56 . 2007-12-14 08:56 244 --ah----- G:\sqmnoopt16.sqm
2007-12-14 08:56 . 2007-12-14 08:56 232 --ah----- G:\sqmdata18.sqm
2007-12-14 08:56 . 2007-12-14 08:56 232 --ah----- G:\sqmdata17.sqm
2007-12-14 08:56 . 2007-12-14 08:56 232 --ah----- G:\sqmdata16.sqm
2007-12-13 09:04 . 2007-12-13 09:04 244 --ah----- G:\sqmnoopt15.sqm
2007-12-13 09:04 . 2007-12-13 09:04 232 --ah----- G:\sqmdata15.sqm
2007-12-12 18:45 . 2007-12-12 18:45 244 --ah----- G:\sqmnoopt14.sqm
2007-12-12 18:45 . 2007-12-12 18:45 232 --ah----- G:\sqmdata14.sqm
2007-12-12 18:24 . 2007-12-12 18:24 244 --ah----- G:\sqmnoopt13.sqm
2007-12-12 18:24 . 2007-12-12 18:24 232 --ah----- G:\sqmdata13.sqm
2007-12-11 20:46 . 2007-12-11 20:46 3,596,288 --a------ G:\WINDOWS\system32\qt-dx331.dll
2007-12-11 20:46 . 2007-12-11 20:46 524,288 --a------ G:\WINDOWS\system32\DivXsm.exe
2007-12-11 20:46 . 2007-12-11 20:46 4,816 --a------ G:\WINDOWS\system32\divxsm.tlb
2007-12-11 20:45 . 2007-12-11 20:45 1,044,480 --a------ G:\WINDOWS\system32\libdivx.dll
2007-12-11 20:45 . 2007-12-11 20:45 200,704 --a------ G:\WINDOWS\system32\ssldivx.dll
2007-12-11 20:43 . 2007-12-11 20:43 12,288 --a------ G:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-11 12:18 . 2007-12-11 12:18 244 --ah----- G:\sqmnoopt12.sqm
2007-12-11 12:18 . 2007-12-11 12:18 232 --ah----- G:\sqmdata12.sqm
2007-12-11 12:17 . 2007-12-11 12:17 244 --ah----- G:\sqmnoopt11.sqm
2007-12-11 12:17 . 2007-12-11 12:17 232 --ah----- G:\sqmdata11.sqm
2007-12-11 09:58 . 2007-12-11 09:58 244 --ah----- G:\sqmnoopt10.sqm
2007-12-11 09:58 . 2007-12-11 09:58 232 --ah----- G:\sqmdata10.sqm
2007-12-11 09:45 . 2007-12-11 09:45 244 --ah----- G:\sqmnoopt09.sqm
2007-12-11 09:45 . 2007-12-11 09:45 232 --ah----- G:\sqmdata09.sqm
2007-12-11 09:37 . 2007-12-11 09:37 244 --ah----- G:\sqmnoopt08.sqm
2007-12-11 09:37 . 2007-12-11 09:37 232 --ah----- G:\sqmdata08.sqm
2007-12-11 09:36 . 2007-12-11 09:36 244 --ah----- G:\sqmnoopt07.sqm
2007-12-11 09:36 . 2007-12-11 09:36 244 --ah----- G:\sqmnoopt06.sqm
2007-12-11 09:36 . 2007-12-11 09:36 232 --ah----- G:\sqmdata07.sqm
2007-12-11 09:36 . 2007-12-11 09:36 232 --ah----- G:\sqmdata06.sqm
2007-12-11 09:35 . 2007-12-11 09:35 244 --ah----- G:\sqmnoopt05.sqm
2007-12-11 09:35 . 2007-12-11 09:35 232 --ah----- G:\sqmdata05.sqm
2007-12-11 09:33 . 2007-12-11 09:33 244 --ah----- G:\sqmnoopt04.sqm
2007-12-11 09:33 . 2007-12-11 09:33 232 --ah----- G:\sqmdata04.sqm
2007-12-08 10:58 . 2007-12-08 10:58 244 --ah----- G:\sqmnoopt03.sqm
2007-12-08 10:58 . 2007-12-08 10:58 232 --ah----- G:\sqmdata03.sqm
2007-12-06 11:52 . 2007-12-06 11:52 244 --ah----- G:\sqmnoopt02.sqm
2007-12-06 11:52 . 2007-12-06 11:52 232 --ah----- G:\sqmdata02.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-23 15:08 --------- d-----w C:\Programmi\eMule
2007-12-22 20:48 --------- d---a-w G:\Documents and Settings\All Users\Dati applicazioni\TEMP
2007-12-22 10:03 53,760 -csh--w G:\WINDOWS\system32\MDM.EXE
2007-12-21 20:32 --------- d-----w G:\Documents and Settings\Bar Ferraris\Dati applicazioni\AVG7
2007-12-21 20:26 --------- d-----w C:\Programmi\a-squared Free
2007-12-19 16:36 --------- d-----w C:\Programmi\DivX
2007-12-15 10:15 9,344 ----a-w G:\WINDOWS\system32\drivers\NSDriver.sys
2007-12-15 10:15 8,320 ----a-w G:\WINDOWS\system32\drivers\AWRTRD.sys
2007-12-14 20:27 --------- d-----w C:\Programmi\QuickTime
2007-12-14 20:27 --------- d-----w C:\Programmi\DAEMON Tools
2007-12-11 19:44 823,296 ----a-w G:\WINDOWS\system32\divx_xx0c.dll
2007-12-11 19:44 823,296 ----a-w G:\WINDOWS\system32\divx_xx07.dll
2007-12-11 19:44 81,920 ----a-w G:\WINDOWS\system32\dpl100.dll
2007-12-11 19:44 802,816 ----a-w G:\WINDOWS\system32\divx_xx11.dll
2007-12-11 19:44 682,496 ----a-w G:\WINDOWS\system32\DivX.dll
2007-12-11 19:44 593,920 ----a-w G:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 19:44 57,344 ----a-w G:\WINDOWS\system32\dpv11.dll
2007-12-11 19:44 53,248 ----a-w G:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 19:44 344,064 ----a-w G:\WINDOWS\system32\dpus11.dll
2007-12-11 19:44 294,912 ----a-w G:\WINDOWS\system32\dpu11.dll
2007-12-11 19:44 294,912 ----a-w G:\WINDOWS\system32\dpu10.dll
2007-12-11 19:44 196,608 ----a-w G:\WINDOWS\system32\dtu100.dll
2007-12-11 19:44 156,992 ----a-w G:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-30 19:05 --------- d-----w C:\Programmi\XviD
2007-11-26 20:39 11,060,978 ----a-w G:\WINDOWS\Internet Logs\zlclient_2nd_2007_11_22_15_33_24_full.dmp.zip
2007-11-23 19:04 36,096 ----a-w G:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2007-11-22 15:07 --------- d-----w G:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2007-11-22 15:07 --------- d-----w C:\Programmi\Lavasoft
2007-11-22 15:07 --------- d-----w C:\Documents and Settings\Bar Ferraris\Dati applicazioni\Lavasoft
2007-11-22 15:06 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2007-11-11 13:04 --------- d-----w C:\Programmi\PDFCreator
2007-11-11 13:02 264,097 ----a-w G:\WINDOWS\PDFCreator_Toolbar_Uninstaller_875.exe
2007-11-11 13:02 --------- d-----w C:\Programmi\PDFCreator Toolbar
2007-11-11 12:51 98,304 ----a-w G:\WINDOWS\system32\pdfmona.dll
2007-11-11 12:51 50,364 ----a-w G:\WINDOWS\system32\pdf995mon.dll
2007-11-09 18:52 --------- d-----w C:\Programmi\PDF-Creator 2
2007-11-09 18:49 72,192 ----a-w G:\WINDOWS\cadkasdeinst01e.exe
2007-11-07 17:04 --------- d-----w C:\Programmi\Google
2007-10-04 12:20 36,885 ----a-w G:\WINDOWS\Internet Logs\zlclient_2nd_2007_10_02_16_55_45_small.dmp.zip
2007-08-24 06:32 38,146 ----a-w G:\WINDOWS\Internet Logs\zlclient_2nd_2007_08_24_08_15_44_small.dmp.zip
2007-08-17 16:33 36,224 ----a-w G:\WINDOWS\Internet Logs\zlclient_2nd_2007_08_17_18_27_28_small.dmp.zip
2007-08-04 05:34 36,390 ----a-w G:\WINDOWS\Internet Logs\zlclient_2nd_2007_08_02_15_57_22_small.dmp.zip
2007-07-12 12:40 36,471 ----a-w G:\WINDOWS\Internet Logs\zlclient_2nd_2007_07_12_14_32_27_small.dmp.zip
2007-07-11 10:58 42,078 ----a-w G:\WINDOWS\Internet Logs\zlclient_2nd_2007_07_11_12_52_14_small.dmp.zip
2007-05-12 09:15 39,621 ----a-w G:\WINDOWS\Internet Logs\zlclient_2nd_2007_05_12_11_06_29_small.dmp.zip
2007-04-05 08:43 39,883 ----a-w G:\WINDOWS\Internet Logs\zlclient_2nd_2007_04_05_10_35_39_small.dmp.zip
2007-03-29 15:57 38,721 ----a-w G:\WINDOWS\Internet Logs\zlclient_2nd_2007_03_27_12_07_06_small.dmp.zip
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45E59270-B286-25BC-5A7A-8876342705DB}]
G:\WINDOWS\anmul1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="G:\WINDOWS\System32\ctfmon.exe" [2001-08-31 11:00]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-11-15 15:18]
"SOProc_DAP"="shell32.dll" [2004-08-20 22:49 G:\WINDOWS\system32\shell32.dll]
"updateMgr"="C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2007-12-14 21:25]
"Microsoft Oftice"="G:\WINDOWS\System32\msmsgs.exe" []
"OfficeWord Monitors"="G:\WINDOWS\System32\Offlce.exe" [2007-12-16 22:22]
"Microsoft Windows Driver"="G:\WINDOWS\rundll32.exe" []
"Windows Networking Monitoring"="G:\WINDOWS\System32\mdm.exe" [2007-12-22 11:03]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2001-12-07 16:24 G:\WINDOWS\mixer.exe]
"AtiPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2007-12-14 21:25]
"HydarVisionDesktopManager"="" []
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2007-12-14 21:25]
"QuickTime Task"="C:\Programmi\QuickTime\bak\qttask.exe" [2003-05-02 08:57]
"DownloadAccelerator"="C:\PROGRA~1\DAP\DAP.exe" []
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.5.0_03\bin\jusched.exe" [2007-12-14 21:25]
"DAEMON Tools"="C:\Programmi\DAEMON Tools\daemon.exe" [2007-12-14 21:25]
"AVG7_CC"="G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-14 21:25]
"VIRIT LITE MONITOR"="G:\VEXPLITE\MONLITE.EXE" [2007-12-22 22:19]
"OfficeWord Monitors"="G:\WINDOWS\System32\Offlce.exe" [2007-12-16 22:22]
"Microsoft Oftice"="G:\WINDOWS\System32\msmsgs.exe" []
"Windows Networking Monitoring"="G:\WINDOWS\System32\mdm.exe" [2007-12-22 11:03]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-31 11:00]
"AVG7_Run"="G:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-31 08:34]
"OfficeWord Monitors"="G:\WINDOWS\System32\Offlce.exe" [2007-12-16 22:22]
"Microsoft Oftice"="G:\WINDOWS\System32\msmsgs.exe" []
"Microsoft Windows Driver"="G:\WINDOWS\rundll32.exe" []
"Windows Networking Monitoring"="G:\WINDOWS\System32\mdm.exe" [2007-12-22 11:03]
"Microsoft Update"="G:\WINDOWS\System32\spool.exe" []

G:\Documents and Settings\Bar Ferraris\Menu Avvio\Programmi\Esecuzione automatica\
Fantacalcio Manager 2006 - Top Edition Quick Loader.lnk - C:\Programmi\FCM\FCMLoad.exe [2005-07-05 14:59:42]
Registrazione Corel.lnk - C:\Programmi\Corel\Graphics9\Register\Remind32.exe [2002-08-09 10:00:14]

G:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Speed Launch.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26]
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2005-10-22 13:39:55]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office\OSA9.EXE [1999-02-17 18:05:56]

R0 BsStor;InCD Storage Helper Driver;G:\WINDOWS\System32\DRIVERS\bsstor.sys [2002-08-09 10:07]
R0 VIRAGTLT;VIRAGTLT;G:\WINDOWS\System32\drivers\VIRAGTLT.SYS [2007-11-23 20:04]
S3 s3m;s3m;G:\WINDOWS\System32\DRIVERS\s3m.sys [2001-08-17 19:50]
S3 SDTHOOK;SDTHOOK;G:\WINDOWS\System32\DRIVERS\SDTHOOK.sys [2007-06-05 10:56]
S4 BsUDF;InCD UDF Driver;G:\WINDOWS\System32\drivers\BsUDF.sys [2002-08-09 10:07]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install
.
Contenuto della cartella 'Scheduled Tasks'
"2007-12-23 16:00:50 G:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Programmi\RegCure\RegCure.exe
"2007-12-22 21:22:35 G:\WINDOWS\Tasks\RegCure.job"
- C:\Programmi\RegCure\RegCure.exe
"2007-12-23 16:01:07 G:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Programmi\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-23 17:32:17
Windows 5.1.2600 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

G:\WINDOWS\erdnt

Scansione completata con successo
Files nascosti: 1

**************************************************************************
.
Ora fine scansione: 2007-12-23 17.33.16
.
2007-12-16 19:05:04 --- E O F ---

HJT:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 17.42.57, on 23/12/2007
Platform: Windows XP (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\System32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
G:\WINDOWS\system32\spoolsv.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
c:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\System32\svchost.exe
G:\VEXPLITE\viritsvc.exe
G:\WINDOWS\Mixer.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
G:\VEXPLITE\MONLITE.EXE
G:\WINDOWS\System32\Offlce.exe
G:\WINDOWS\System32\ctfmon.exe
G:\WINDOWS\System32\mdm.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Corel\Graphics9\Register\Remind32.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
G:\WINDOWS\System32\wuauclt.exe
G:\Documents and Settings\Bar Ferraris\Desktop\HiJackThis_v2.exe
C:\Programmi\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dbsarticles.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {45E59270-B286-25BC-5A7A-8876342705DB} - G:\WINDOWS\anmul1.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: Virgilio Toolbar - {D3403F28-7D39-435F-A8CB-45016C29E48E} - C:\Programmi\Virgilio Toolbar\VirgilioBand.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programmi\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll (file missing)
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AtiPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\bak\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] G:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [OfficeWord Monitors] G:\WINDOWS\System32\Offlce.exe
O4 - HKLM\..\Run: [Microsoft Oftice] G:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [Windows Networking Monitoring] G:\WINDOWS\System32\mdm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SOProc_DAP] rundll32 shell32.dll,ShellExec_RunDLL C:\PROGRA~1\SOFTWA~1\soproc.exe -pack DAP
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [Microsoft Oftice] G:\WINDOWS\System32\msmsgs.exe
O4 - HKCU\..\Run: [OfficeWord Monitors] G:\WINDOWS\System32\Offlce.exe
O4 - HKCU\..\Run: [Microsoft Windows Driver] G:\WINDOWS\rundll32.exe
O4 - HKCU\..\Run: [Windows Networking Monitoring] G:\WINDOWS\System32\mdm.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] G:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Windows Driver] G:\WINDOWS\rundll32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Networking Monitoring] G:\WINDOWS\System32\mdm.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Update] G:\WINDOWS\System32\spool.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Fantacalcio Manager 2006 - Top Edition Quick Loader.lnk = C:\Programmi\FCM\FCMLoad.exe
O4 - Startup: Registrazione Corel.lnk = C:\Programmi\Corel\Graphics9\Register\Remind32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programmi\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .pdf: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5190/mcfscan.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - G:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - G:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - G:\VEXPLITE\viritsvc.exe

--
End of file - 8201 bytes

Sante62 · Dio maturo Registrato: 27/06/07 17:55 Messaggi: 3477 Residenza: Floridia

Avvia Hijakthis e seleziona a sinistra queste righe (quelle in rosso se le conosci non selezionarle), anche se ho il dubbio sul file spool.exe; dovrebbe essere Spoolsv:

Jon Snow · Eroe Registrato: 23/12/07 00:37 Messaggi: 50

HJT lo faccio partire da modalità normale o provvisoria? Le voci rosse non le ho messe io e le toglierò.

Sante62 · Dio maturo Registrato: 27/06/07 17:55 Messaggi: 3477 Residenza: Floridia

Dalla modalità normale.

Jon Snow · Eroe Registrato: 23/12/07 00:37 Messaggi: 50

Ho fixato tutto come detto, riavviato, fatto una scansione con virit aggiornato (mi ha trovato solo un file infetto: MSASP32.exe infetto da Backdoor.Sdbot.QB), posto qui di seguito il nuovo log di HJT (ora mi appresto a usare GMER):

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20.28.32, on 23/12/2007
Platform: Windows XP (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\System32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
G:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\System\MSASP32.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
c:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
G:\WINDOWS\System32\svchost.exe
G:\VEXPLITE\viritsvc.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\System32\WgaTray.exe
G:\WINDOWS\Mixer.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
G:\VEXPLITE\MONLITE.EXE
G:\WINDOWS\System32\msmsgs.exe
G:\WINDOWS\System32\mdm.exe
G:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Corel\Graphics9\Register\Remind32.exe
C:\Programmi\Mozilla Firefox\firefox.exe
G:\WINDOWS\rundll32.exe
G:\Documents and Settings\Bar Ferraris\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dbsarticles.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Virgilio Toolbar - {D3403F28-7D39-435F-A8CB-45016C29E48E} - C:\Programmi\Virgilio Toolbar\VirgilioBand.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AtiPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\bak\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] G:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [Microsoft Oftice] G:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [Windows Networking Monitoring] G:\WINDOWS\System32\mdm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [Microsoft Oftice] G:\WINDOWS\System32\msmsgs.exe
O4 - HKCU\..\Run: [Windows Networking Monitoring] G:\WINDOWS\System32\mdm.exe
O4 - HKCU\..\Run: [Microsoft Windows Driver] G:\WINDOWS\rundll32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] G:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Networking Monitoring] G:\WINDOWS\System32\mdm.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Fantacalcio Manager 2006 - Top Edition Quick Loader.lnk = C:\Programmi\FCM\FCMLoad.exe
O4 - Startup: Registrazione Corel.lnk = C:\Programmi\Corel\Graphics9\Register\Remind32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programmi\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .pdf: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5190/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{390CA4CF-DCB4-49DD-A3FB-5073DEFE96FC}: NameServer = 85.37.17.48 85.38.28.88
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - G:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - G:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Advance Service Process - Unknown owner - C:\Programmi\File comuni\System\MSASP32.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - G:\VEXPLITE\viritsvc.exe

--
End of file - 7498 bytes

Sante62 · Dio maturo Registrato: 27/06/07 17:55 Messaggi: 3477 Residenza: Floridia

Alcune righe in HJT non sono andate via. Avvia HJT questa volta dalla modalità provvisoria e fixa queste:

Jon Snow · Eroe Registrato: 23/12/07 00:37 Messaggi: 50

Innanzitutto grazie per il modo in cui ti stai prodigando per me in periodo natalizio. Very Happy

Tornando al problema, ho cancellato i file come mi hai detto dalla modalità provvisoria ma ho notato che rundll32.exe si è riformato.
Ho fatto solo il log di autostart con GMER perchè se faccio il log di rootkit mi si blocca il pc. Smette di caricare e non apre più nulla rallentando anche lo spostamento del cursore, se clicco ovunque nn succede assolutamente nulla, sento il pc caricare un secondo ad ogni clic che faccio e poi il silenzio...
Rolling Eyes

Comunque ti allego il log di GMER parte Autostart qui:

http://www.freefilehosting.net/download/39djb

e qui di seguito il nuovo log con HJT qui:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 0.06.56, on 24/12/2007
Platform: Windows XP (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\System32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
G:\WINDOWS\system32\spoolsv.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
c:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
G:\WINDOWS\System32\svchost.exe
G:\VEXPLITE\viritsvc.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\System32\WgaTray.exe
G:\WINDOWS\Mixer.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
G:\VEXPLITE\MONLITE.EXE
G:\WINDOWS\System32\msmsgs.exe
G:\WINDOWS\System32\mdm.exe
G:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Corel\Graphics9\Register\Remind32.exe
G:\WINDOWS\rundll32.exe
G:\Documents and Settings\Bar Ferraris\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dbsarticles.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Virgilio Toolbar - {D3403F28-7D39-435F-A8CB-45016C29E48E} - C:\Programmi\Virgilio Toolbar\VirgilioBand.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AtiPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\bak\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] G:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [Microsoft Oftice] G:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [Windows Networking Monitoring] G:\WINDOWS\System32\mdm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [Microsoft Oftice] G:\WINDOWS\System32\msmsgs.exe
O4 - HKCU\..\Run: [Windows Networking Monitoring] G:\WINDOWS\System32\mdm.exe
O4 - HKCU\..\Run: [Microsoft Windows Driver] G:\WINDOWS\rundll32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] G:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Fantacalcio Manager 2006 - Top Edition Quick Loader.lnk = C:\Programmi\FCM\FCMLoad.exe
O4 - Startup: Registrazione Corel.lnk = C:\Programmi\Corel\Graphics9\Register\Remind32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programmi\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .pdf: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5190/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{390CA4CF-DCB4-49DD-A3FB-5073DEFE96FC}: NameServer = 85.37.17.48 85.38.28.88
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - G:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - G:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - G:\VEXPLITE\viritsvc.exe

--
End of file - 7247 bytes

Sante62 · Dio maturo Registrato: 27/06/07 17:55 Messaggi: 3477 Residenza: Floridia

Quella chiave non vuole farsi eliminare Evil or Very Mad

Vai su Start->Esegui e digita regedit; si aprirà il registro di sistema;
aiutandoti con i + naviga attraverso questa chiave:

Jon Snow · Eroe Registrato: 23/12/07 00:37 Messaggi: 50

Ho fatto come mi hai detto ma ho notato che non appena mi collego il processo si ricrea. Ho provato dopo averlo cancellato a installare zone alarm ma mi si riavvia come ti dicevo. Ho fatto partire anche GMER rootkit ma a un certo punto si è riavviato il pc. Ho fatto un log di HJT dopo aver eliminato di nuovo i file che mi hai detto e poi ho annullato i punti di ripristino visto che in passato avevo provato ad utilizzare uno stato precedente del sistema senza però riuscirci. Mi sono ricordato poi che in passato per eliminare un problema ho dovuto annullare i punti di ripristino però per questo non è servito a nulla, infatti il rundll32.exe è di nuovo in azione ora nel sistema.. Questo log che ti posto di HJT è precedente alla mia connessione. Se vuoi ti riposto un log che sia successivo alla connessione dopo questo. E' davvero un osso duro sto virus... In più virit mi è scaduto ieri e nn posso più aggiornarlo a meno di comprarlo.. Sad

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12.38.47, on 24/12/2007
Platform: Windows XP (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\System32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
G:\WINDOWS\system32\spoolsv.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
c:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
G:\WINDOWS\System32\svchost.exe
G:\VEXPLITE\viritsvc.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\System32\WgaTray.exe
G:\WINDOWS\Mixer.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
G:\VEXPLITE\MONLITE.EXE
G:\WINDOWS\System32\msmsgs.exe
G:\WINDOWS\System32\mdm.exe
G:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Corel\Graphics9\Register\Remind32.exe
C:\Programmi\Internet Explorer\iexplore.exe
G:\Documents and Settings\Bar Ferraris\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dbsarticles.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Virgilio Toolbar - {D3403F28-7D39-435F-A8CB-45016C29E48E} - C:\Programmi\Virgilio Toolbar\VirgilioBand.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AtiPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\bak\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] G:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [Microsoft Oftice] G:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [Windows Networking Monitoring] G:\WINDOWS\System32\mdm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [Microsoft Oftice] G:\WINDOWS\System32\msmsgs.exe
O4 - HKCU\..\Run: [Windows Networking Monitoring] G:\WINDOWS\System32\mdm.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] G:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Fantacalcio Manager 2006 - Top Edition Quick Loader.lnk = C:\Programmi\FCM\FCMLoad.exe
O4 - Startup: Registrazione Corel.lnk = C:\Programmi\Corel\Graphics9\Register\Remind32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programmi\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .pdf: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5190/mcfscan.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - G:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - G:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - G:\VEXPLITE\viritsvc.exe

--
End of file - 7134 bytes

Jon Snow · Eroe Registrato: 23/12/07 00:37 Messaggi: 50

Ora che sono online ho rifatto partire HJT e ho fissato il processo malefico. Per ora rundll32.exe è sparito, ma temo che si possa riformare. In caso succeda lo scrivo.

Sante62 · Dio maturo Registrato: 27/06/07 17:55 Messaggi: 3477 Residenza: Floridia

Nel log HJT quì sopra non compare quel file. Nemmeno ora si avvia il log Rootkit di GMER? Se è così Scarica Navilog1
installalo, riavvia il PC in modalità provvisoria;
Poi, fai doppio click sull'icona navilog1 che si è creata sul desktop
digita E clicca invio;
continua premendo un tasto qualsiasi per andare avanti;
digita 2 e clicca invio;
inizierà a rimuovere i file trovati infetti;
aspetta che finisca la scansione finchè si aprirà il blocco note
Al riavvio alla modalità normale incolla quì il file C:\fixnavi.txt

Jon Snow · Eroe Registrato: 23/12/07 00:37 Messaggi: 50

Ho fatto tutto quello che mi hai detto ma prima di digitare 2 ho dovuto fare la ricerca digitando 1. Ho quindi due log fatti con Navilog: fixnavi e cleannavi, li posto entrambi. Ti posto pure il nuovo log di HJT in cui riappare rundll32.exe. Anche virit lo trova ma dice che è sospetto e non lo rimuove Sad

:

Fixnavi

Search Navipromo version 3.3.8 began on 24/12/2007 at 13.59.59,01

!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
!!! Don't continue with removal unless instructed by an authorized helper !!!
Fix running from C:\Programmi\navilog1
Updated on 11.12.2007 at 18h00 by IL-MAFIOSO

Microsoft Windows XP [Versione 5.1.2600]
Version Internet Explorer : 6.0.2800.1106
Filesystem type : NTFS

Done in safe mode

*** Searching for installed Software ***

*** Search folders in G:\WINDOWS ***

*** Search folders in C:\Programmi ***

*** Search folders in G:\DOCUME~1\ALLUSE~1\DATIAP~1 ***

*** Search folders in "G:\Documents and Settings\Bar Ferraris\dati applicazioni" ***

*** Search folders in G:\DOCUME~1\ALLUSE~1\MENUAV~1\PROGRA~1 ***

*** Search with Catchme-rootkit/stealth malware detector by gmer ***
for more info : http://www.gmer.net

No file found

*** Search with GenericNaviSearch ***
!!! Possibility of legitimate files in the result !!!
!!! Must always be checked before manually deleting !!!

* Scan in G:\WINDOWS\system32 *

* Scan in "G:\Documents and Settings\Bar Ferraris\impostazioni locali\dati applicazioni" *

*** Search files ***

*** Search specific Registry keys ***

*** Complementary Search ***
(Search specific files)

1)Search new Instant Access files :

2)Heuristic Search :

* In G:\WINDOWS\system32 :

* In "G:\Documents and Settings\Bar Ferraris\impostazioni locali\dati applicazioni" :

3)Certificates Search :

Egroup certificate not found !

4)Search known files :

*** Search completed on 24/12/2007 at 14.11.20,00 ***

Cleannavi

Navipromo Removal version 3.3.8 started on 24/12/2007 at 14.12.05,75

Fix running from C:\Programmi\navilog1
Updated on 11.12.2007 at 18h00 by IL-MAFIOSO

Microsoft Windows XP [Versione 5.1.2600]
Internet Explorer : 6.0.2800.1106
Filesystem type : NTFS

Automatic removal

Done in safe mode

*** fsbl1.txt not found ***
(Check that Catchme found nothing in Search Mode)

*** Deleting with Backups GenericNaviSearch results ***

* Deletion in G:\WINDOWS\System32 *

* Deletion in "G:\Documents and Settings\Bar Ferraris\impostazioni locali\dati applicazioni" *

*** Deleting folders in G:\WINDOWS ***

*** Deleting folders in C:\Programmi ***

*** Deleting folders in G:\DOCUME~1\ALLUSE~1\DATIAP~1 ***

*** Deleting folders in "G:\Documents and Settings\Bar Ferraris\dati applicazioni" ***

*** Deleting folders in G:\DOCUME~1\ALLUSE~1\MENUAV~1\PROGRA~1 ***

*** Deleting files ***

*** Deleting temporary files ***

Cleaning of G:\WINDOWS\Temp done !
Cleaning of G:\Documents and Settings\Bar Ferraris\impostazioni locali\Temp done !

*** Complementary Search ***
(Search specific files)

1)Deletion with backups new Instant Access files:

2)Heuristic search and deletion with backups :

* In G:\WINDOWS\system32 *

* In "G:\Documents and Settings\Bar Ferraris\impostazioni locali\dati applicazioni" *

*** Copy Registry to Backupnavi folder ***

Backing up Registry done !

*** Cleaning Registry ***

Registry cleaned

*** Certificates ***

Egroup Certificate not found !

*** Cleaning stage complete on 24/12/2007 at 14.13.54,12 ***

HJT

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14.24.15, on 24/12/2007
Platform: Windows XP (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\System32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
G:\WINDOWS\system32\spoolsv.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
c:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
G:\WINDOWS\System32\svchost.exe
G:\VEXPLITE\viritsvc.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\Mixer.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
G:\VEXPLITE\MONLITE.EXE
G:\WINDOWS\System32\msmsgs.exe
G:\WINDOWS\System32\mdm.exe
G:\WINDOWS\System32\ctfmon.exe
G:\WINDOWS\System32\wuauclt.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Corel\Graphics9\Register\Remind32.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Internet Explorer\iexplore.exe
G:\WINDOWS\rundll32.exe
G:\Documents and Settings\Bar Ferraris\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dbsarticles.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Virgilio Toolbar - {D3403F28-7D39-435F-A8CB-45016C29E48E} - C:\Programmi\Virgilio Toolbar\VirgilioBand.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AtiPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\bak\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] G:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [Microsoft Oftice] G:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [Windows Networking Monitoring] G:\WINDOWS\System32\mdm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [Microsoft Oftice] G:\WINDOWS\System32\msmsgs.exe
O4 - HKCU\..\Run: [Windows Networking Monitoring] G:\WINDOWS\System32\mdm.exe
O4 - HKCU\..\Run: [Microsoft Windows Driver] G:\WINDOWS\rundll32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] G:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Fantacalcio Manager 2006 - Top Edition Quick Loader.lnk = C:\Programmi\FCM\FCMLoad.exe
O4 - Startup: Registrazione Corel.lnk = C:\Programmi\Corel\Graphics9\Register\Remind32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programmi\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .pdf: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5190/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{390CA4CF-DCB4-49DD-A3FB-5073DEFE96FC}: NameServer = 85.37.17.48 85.38.28.88
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - G:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - G:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - G:\VEXPLITE\viritsvc.exe

--
End of file - 7293 bytes

Sante62 · Dio maturo Registrato: 27/06/07 17:55 Messaggi: 3477 Residenza: Floridia

Passaimo alle maniere più forti:
Apri il Notepad e inserisci queste righe:

Jon Snow · Eroe Registrato: 23/12/07 00:37 Messaggi: 50

Al momento AVG ha ripreso a funzionare e quando ho guardato se il file era ancora nella cartella G:\Windows l'antivirus ha trovato ed eliminato il file. Da una settimana AVG non partiva più in modalità protezione, ora invece mi viene anche caricato automaticamente all'avvio. Se rundll32.exe si riforma faccio tutto quello che mi hai specificato per rimuoverlo, ma al momento non ce ne è traccia.
Ho anche riavviato il pc per vedere se si riforma ma per ora non è successo nulla.
Comunque c'è sempre qualcosa che non va visto che non riesco ad installare zone alarm perchè mi si riavvia da solo il computer. Rolling Eyes