|
| Precedente :: Successivo |
| Autore |
Messaggio |
zerothehero
Eroe
Registrato: 25/09/07 22:21
Messaggi: 40
Residenza: somewhere over the rainbow
|
 Inviato: 18 Gen 2008 22:23 Oggetto: [Risolto] ricaduta in CiD |
 |
|
E' con vergogna che torno a chiedere aiuto. Il mio PC ha ripreso Cid. Presumo sia con l'usa di msn live plus ( versione 8.1.
ti allego la schermata di hjt
Logfile of HijackThis v1.99.1
Scan saved at 13.46.20, on 16/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ASUS\ASUS Remote\RemoteControlAppl.exe
C:\Programmi\CyberLink\PowerCinema\PCMService.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\Programmi\WiFiConnector\NintendoWFCReg.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmi\Delux\PS2 Keyboard English Edition\keyboard.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\uTorrent\utorrent.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmi\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.1.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\ASUS\ASUS Remote\RemoteControlAppl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmi\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [memo site kind that] C:\Documents and Settings\All Users\Dati applicazioni\Grid Blue Memo Site\Phone ball.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [32 clock] C:\DOCUME~1\Utente\DATIAP~1\BLEHHI~1\mixteamdata.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - Global Startup: Esegui il programma di registrazione della chiave USB Wi-Fi Nintendo.lnk = C:\Programmi\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PS2 Keyboard English Edition.lnk = ?
O8 - Extra context menu item: &Point&&Go - C:\Programmi\File comuni\Expert System\PGPlatform\PGPlatform.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {070CA17A-4BD2-4612-83B4-32B1B9159B47} - http://uc.sina.com.cn/download/live/weblive2.4.0.0.cab
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} (TVAnts ActiveX Control) - http://www.coolstreaming.us/consolle/plug-in/tvants.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe (file missing)
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
c'è qualcuno che può aiutarmi? e poi che fare per non ricaderci?
grazie e saluti
zth |
|
| Top |
|
 |
Ciccis
Eroe
Registrato: 15/01/08 23:06
Messaggi: 49
|
| Inviato: 19 Gen 2008 01:07 Oggetto: |
|
|
Ciao zerothehero, ho letto il Log.
disattiva il ripristino e avvia in modalità provvisoria
esegui hijackthis clicca su do a system scan only metti il segno di spunta a questa voce:
Citazione:
O4 - HKLM\..\Run: [memo site kind that] C:\Documents and Settings\All Users\Dati applicazioni\Grid Blue Memo Site\Phone ball.exe
O4 - HKCU\..\Run: [32 clock] C:\DOCUME~1\Utente\DATIAP~1\BLEHHI~1\mixteamdata.exe
clicca fix checked
Trova ed elimina i seguenti files:
C:\Documents and Settings\All Users\Dati applicazioni\Grid Blue Memo Site\Phone ball.exe
C:\DOCUME~1\Utente\DATIAP~1\BLEHHI~1\mixteamdata.exe
Riavvia il pc in modalità normale, rifai il log di hijackthis e postalo
Aggiorna il tuo antivirus e fagli fare una scansione completa.
Aggiornami su come stanno le cose !!! |
|
| Top |
|
|
zerothehero
Eroe
Registrato: 25/09/07 22:21
Messaggi: 40
Residenza: somewhere over the rainbow
|
| Inviato: 19 Gen 2008 17:45 Oggetto: |
|
|
Prima di tutto ringrazio il vs staff davero sempre pronto a soccorrerci!!
Poi: ho eseguito le tue istruzioni e pare che già la fastidiose pop up siano scomparse.
Ti allego comunque il logfile post bonifica:
Logfile of HijackThis v1.99.1
Scan saved at 15.54.43, on 19/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ASUS\ASUS Remote\RemoteControlAppl.exe
C:\Programmi\CyberLink\PowerCinema\PCMService.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programmi\WiFiConnector\NintendoWFCReg.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmi\Delux\PS2 Keyboard English Edition\keyboard.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programmi\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.1.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\ASUS\ASUS Remote\RemoteControlAppl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmi\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - Global Startup: Esegui il programma di registrazione della chiave USB Wi-Fi Nintendo.lnk = C:\Programmi\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PS2 Keyboard English Edition.lnk = ?
O8 - Extra context menu item: &Point&&Go - C:\Programmi\File comuni\Expert System\PGPlatform\PGPlatform.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {070CA17A-4BD2-4612-83B4-32B1B9159B47} - http://uc.sina.com.cn/download/live/weblive2.4.0.0.cab
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} (TVAnts ActiveX Control) - http://www.coolstreaming.us/consolle/plug-in/tvants.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe (file missing)
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Vedi altre schifezze? l'antivirus sta scandendo (?) il tutto e pare on trovare nulla di male..ritieni sia il caso di passare il pc con qualche altro scan (Kaspersky o altro?)
Ancora una domanda: da dove salta fuori la cartella Bleh hide che si ascone nei miei programmi?
Ma soprattutto .. è possibile fare qualcosa per evitare che al prossimo uso di msn siamo daccapo?
Magari tornando ad una vecchia versione? o dando particolari istruzioni al firewall o all'antivirus? Uso zonealarm e avg free edition
ciao  |
|
| Top |
|
|
zerothehero
Eroe
Registrato: 25/09/07 22:21
Messaggi: 40
Residenza: somewhere over the rainbow
|
| Inviato: 19 Gen 2008 17:57 Oggetto: |
|
|
solo per confermare che la scasione con AVG non trova nessuna minaccia. "no threats found"
zth  |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 19 Gen 2008 20:07 Oggetto: |
|
|
Ciao zerothehero,
il log sembra pulito.
Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato. |
|
| Top |
|
|
zerothehero
Eroe
Registrato: 25/09/07 22:21
Messaggi: 40
Residenza: somewhere over the rainbow
|
| Inviato: 20 Gen 2008 17:06 Oggetto: |
|
|
c'è voluto un pò ma eccomi qui. spero di aver fatto tutto giusto. il logfile di kaspersky è qui link
Mi ci date un'occhiata? IL risultato è un pò inquietante! 
saludos
zth |
|
| Top |
|
|
zerothehero
Eroe
Registrato: 25/09/07 22:21
Messaggi: 40
Residenza: somewhere over the rainbow
|
| Inviato: 28 Gen 2008 22:49 Oggetto: |
|
|
ok ora il cid è sparito, anche se qualche finestra continua ad aprirsi...mah; ma qno sa dirmi se c'è un modo per evitarlo d'ora in poi? esiste un vaccino?
grazie |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 29 Gen 2008 12:09 Oggetto: |
|
|
Ciao zerothehero,
ci sono da eliminare alcune procedure java infette.
Scarica avenger e scompattalo in una sua cartella non temporanea e non sul desktop
Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:
| Citazione: | Files to delete:
C:\Documents and Settings\Utente\Dati applicazioni\Sun\Java\Deployment\cache\6.0\19\4edd2d13-2e50ec5e
C:\Documents and Settings\Utente\Dati applicazioni\Sun\Java\Deployment\cache\6.0\26\66e2f9da-7c7f48f9
C:\Documents and Settings\Utente\Dati applicazioni\Sun\Java\Deployment\cache\6.0\28\464c461c-34c18cf8
C:\Documents and Settings\Utente\Dati applicazioni\Sun\Java\Deployment\cache\6.0\38\42b99f26-6013dfd5
C:\Documents and Settings\Utente\Dati applicazioni\Sun\Java\Deployment\cache\6.0\58\7148fe7a-7473833a
C:\Documents and Settings\Utente\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-526002f4-6d36297c.zip
C:\Documents and Settings\Utente\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-b6c9ce5-5a516050.zip
C:\Documents and Settings\Utente\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\iptRT.jar-222f3c35-7472f24e.zip
C:\Documents and Settings\Utente\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\itrRT.jar-62cebc3d-6e6797b8.zip
C:\Documents and Settings\Utente\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\itrRT.jar-b407274-5e0c0230.zip |
Clicca su Done
Clicca sul semaforo
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato di Avenger con un log aggiornato di hijackthis.
Questo file: C:\Programmi\bsplayer210[1].939_clip.exe, contiene un adware (lo installi e ti compare la pubblicità).
Segui le istruzioni di questo topic per postare il log di combofix. |
|
| Top |
|
|
zerothehero
Eroe
Registrato: 25/09/07 22:21
Messaggi: 40
Residenza: somewhere over the rainbow
|
| Inviato: 29 Gen 2008 21:52 Oggetto: |
|
|
allora, vediamo se ho fatto tutto bene:
questo è avenger:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\iycsgcey
*******************
Script file located at: \??\C:\WINDOWS\lqtlxlyb.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\Documents and Settings\Utente\Dati applicazioni\Sun\Java\Deployment\cache\6.0\19\4edd2d13-2e50ec5e deleted successfully.
File C:\Documents and Settings\Utente\Dati applicazioni\Sun\Java\Deployment\cache\6.0\26\66e2f9da-7c7f48f9 deleted successfully.
File C:\Documents and Settings\Utente\Dati applicazioni\Sun\Java\Deployment\cache\6.0\28\464c461c-34c18cf8 deleted successfully.
File C:\Documents and Settings\Utente\Dati applicazioni\Sun\Java\Deployment\cache\6.0\38\42b99f26-6013dfd5 deleted successfully.
File C:\Documents and Settings\Utente\Dati applicazioni\Sun\Java\Deployment\cache\6.0\58\7148fe7a-7473833a deleted successfully.
File C:\Documents and Settings\Utente\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-526002f4-6d36297c.zip deleted successfully.
File C:\Documents and Settings\Utente\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-b6c9ce5-5a516050.zip deleted successfully.
File C:\Documents and Settings\Utente\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\iptRT.jar-222f3c35-7472f24e.zip deleted successfully.
File C:\Documents and Settings\Utente\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\itrRT.jar-62cebc3d-6e6797b8.zip deleted successfully.
File C:\Documents and Settings\Utente\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\itrRT.jar-b407274-5e0c0230.zip deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
questo è hjt:Logfile of HijackThis v1.99.1
Scan saved at 18.08.39, on 29/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ASUS\ASUS Remote\RemoteControlAppl.exe
C:\Programmi\CyberLink\PowerCinema\PCMService.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\Programmi\WiFiConnector\NintendoWFCReg.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmi\Delux\PS2 Keyboard English Edition\keyboard.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programmi\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.1.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\ASUS\ASUS Remote\RemoteControlAppl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmi\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - Global Startup: Esegui il programma di registrazione della chiave USB Wi-Fi Nintendo.lnk = C:\Programmi\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PS2 Keyboard English Edition.lnk = ?
O8 - Extra context menu item: &Point&&Go - C:\Programmi\File comuni\Expert System\PGPlatform\PGPlatform.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {070CA17A-4BD2-4612-83B4-32B1B9159B47} - http://uc.sina.com.cn/download/live/weblive2.4.0.0.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} (TVAnts ActiveX Control) - http://www.coolstreaming.us/consolle/plug-in/tvants.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe (file missing)
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
e infine combofix:
ComboFix 08-01-29.3 - Utente 2008-01-29 20:31:15.1 - NTFSx86
Eseguito da: C:\Documents and Settings\Utente\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Creati Da 2007-12-28 al 2008-01-29 )))))))))))))))))))))))))))))))))))
.
2008-01-29 17:57 . 2008-01-29 17:57 127,378 --a------ C:\Programmi\avenger.zip
2008-01-19 15:33 . 2008-01-19 15:33 51,078 --a------ C:\Programmi\BootSafe.zip
2008-01-15 18:44 . 2008-01-15 18:44 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\Thinstall
2008-01-13 14:59 . 2008-01-13 15:00 2,889,336 --a------ C:\Programmi\TvantsSetup_for_Myp2p.eu.exe
2008-01-12 15:04 . 2008-01-12 15:14 <DIR> d-------- C:\Programmi\DivX
2008-01-12 15:03 . 2007-09-20 22:52 53,403,480 --a------ C:\Programmi\DivXAuthor.exe
2008-01-11 21:13 . 2008-01-12 15:07 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-11 21:13 . 2008-01-11 21:13 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-11 21:12 . 2008-01-11 21:12 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\Pegasys Inc
2008-01-11 20:40 . 2008-01-11 20:47 <DIR> d-------- C:\Programmi\Avi2Dvd
2008-01-10 21:29 . 2008-01-10 21:29 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\Nero
2008-01-10 21:23 . 2008-01-10 21:23 <DIR> d-------- C:\Programmi\Nero
2008-01-10 21:23 . 2008-01-10 21:27 <DIR> d-------- C:\Programmi\File comuni\Nero
2008-01-10 21:23 . 2008-01-10 21:23 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Nero
2008-01-09 23:45 . 2008-01-09 23:45 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-01-09 21:38 . 2008-01-09 21:38 <DIR> d--h----- C:\WINDOWS\PIF
2008-01-09 20:23 . 2001-05-07 11:56 19,805 -ra------ C:\WINDOWS\system32\drivers\usbio.sys
2008-01-09 20:09 . 2008-01-09 20:09 <DIR> d-------- C:\Programmi\Datel
2008-01-06 17:54 . 2008-01-06 23:30 <DIR> d-------- C:\Programmi\ESTsoft
2008-01-06 17:54 . 2008-01-06 23:30 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\ESTsoft
2008-01-06 17:54 . 2008-01-06 23:30 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\ESTsoft
2008-01-05 21:31 . 2008-01-05 21:35 <DIR> d-------- C:\Programmi\codec
2008-01-04 14:21 . 2008-01-04 14:21 <DIR> d-------- C:\Programmi\File comuni\EZB Systems
2008-01-04 14:20 . 2008-01-04 14:21 <DIR> d-------- C:\Programmi\ultraiso
2008-01-04 14:12 . 2008-01-04 23:10 <DIR> d-------- C:\Programmi\EasyBurning
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-29 19:25 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\uTorrent
2008-01-29 14:56 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\avg7
2008-01-27 23:00 --------- d-----w C:\Documents and Settings\LocalService\Dati applicazioni\AVG7
2008-01-23 19:25 --------- d-----w C:\Programmi\eMule047
2008-01-22 20:35 --------- d-----w C:\Programmi\Namo
2008-01-19 21:34 --------- d-----w C:\Programmi\uTorrent
2008-01-19 14:47 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\BLEH HIDE
2008-01-19 14:46 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Grid Blue Memo Site
2008-01-13 14:00 --------- d-----w C:\Programmi\TVAnts
2008-01-11 20:08 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\Vso
2008-01-11 19:42 --------- d-----w C:\Programmi\AviSynth 2.5
2008-01-09 19:57 --------- d-----w C:\Programmi\Ahead
2008-01-07 14:32 --------- d-----w C:\Programmi\Windows Live Safety Center
2008-01-05 11:53 --------- d-----w C:\Programmi\MSN Messenger
2008-01-05 11:53 --------- d-----w C:\Programmi\Messenger Plus! Live
2008-01-04 17:39 --------- d-----w C:\Programmi\MVM 2004 - Tzar-Excalibur e il Re Artù
2008-01-03 12:00 --------- d-----w C:\Programmi\Google
2008-01-01 15:45 --------- d-----w C:\Programmi\MVM 2005 - Imperivm - Le Grandi Battaglie di Roma
2007-12-30 13:20 --------- d-----w C:\Programmi\MVM 2005 - Port Royale
2007-12-25 09:05 --------- d-----w C:\Programmi\Windows Media Connect 2
2007-12-25 09:00 --------- d-----w C:\Programmi\Common Files
2007-12-19 18:27 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\Ahead
2007-12-18 22:22 --------- d-----w C:\Programmi\Alcohol Soft
2007-12-18 22:18 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-16 20:45 --------- d-----w C:\Programmi\SopCast
2007-12-16 20:39 3,328,542 ----a-w C:\Programmi\SopCast.zip
2007-12-16 20:10 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\SopCast
2007-12-14 14:54 --------- d-----w C:\Programmi\Java
2007-12-07 15:39 9,733,451 ----a-w C:\Programmi\vlc-0.8.6d-win32.exe
2007-12-07 15:39 --------- d-----w C:\Programmi\VideoLAN
2007-11-25 08:46 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-11-25 08:46 249,856 ------w C:\WINDOWS\Setup1.exe
2007-11-20 18:39 2,132,261 ----a-w C:\Programmi\MDIviewer.exe
2007-11-16 13:59 1,200,623 ----a-w C:\Programmi\ezsplitter.exe
2007-09-26 20:10 502,055 ----a-w C:\Programmi\gmer.zip
2007-09-16 18:24 1,351,932 ----a-w C:\Programmi\ac3filter135b.zip
2007-09-16 18:23 747,448 ----a-w C:\Programmi\ac3filter-111f.zip
2007-09-05 21:14 2,613,800 ----a-w C:\Programmi\ccsetup200.exe
2007-08-31 09:23 5,752,840 ----a-w C:\Programmi\Azureus_3.0.2.2_windows.exe
2007-07-17 18:47 3,868,248 ----a-w C:\Programmi\MsgPlusLive-423.exe
2007-05-19 19:01 4,666,480 ----a-w C:\Programmi\AWCSetup.exe
2007-05-13 12:09 29,059,984 ----a-w C:\Programmi\mm4psp20b_ita.exe
2007-05-08 18:55 20,182,016 ----a-w C:\Programmi\Imperivm III-1.40-IT.exe
2007-05-07 19:02 23,374,848 ----a-w C:\Programmi\Imperivm GBR-1.28.exe
2007-04-10 14:47 696,814 ----a-w C:\Programmi\uTorrent-1.6.1-install.exe
2007-04-10 14:47 383,681 ----a-w C:\Programmi\utorrent.lng
2007-04-10 14:46 177,152 ----a-w C:\Programmi\utorrent.exe
2007-04-01 09:22 41,697,432 ----a-w C:\Programmi\zlsSetup_70_337_000_it.exe
2007-03-25 19:20 19,964,984 ----a-w C:\Programmi\GoogleSketchUpWEN.exe
2007-02-27 19:50 14,993,976 ----a-w C:\Programmi\GoogleEarthWin.exe
2007-01-02 17:31 2,855,080 ----a-w C:\Programmi\aawsepersonal.exe
2007-01-01 22:55 16 ---ha-w C:\Programmi\mxfilerelatedcache.mxc2
2006-12-10 11:07 2,962,733 ----a-w C:\Programmi\pac man.exe
2006-12-04 20:03 5,037,072 ----a-w C:\Programmi\spybotsd14.exe
2006-12-04 19:38 2,566,736 ----a-w C:\Programmi\spywareblastersetup351.exe
2006-12-02 21:34 8,604,464 ----a-w C:\Programmi\spyware.exe
2006-09-25 19:04 2,136,746 ----a-w C:\Programmi\setup_ppstream.exe
2006-09-24 19:13 750,608 ----a-w C:\Programmi\P2Ptv_Remote_Control.exe
2006-09-22 18:36 3,815,632 ----a-w C:\Programmi\MSReaderSetupITA.exe
2006-09-09 18:11 1,138,128 ----a-w C:\Programmi\PPLiveSetup(1.2.33).exe
2006-09-09 18:11 1,098,952 ----a-w C:\Programmi\mlp_v0721113.exe
2006-09-08 20:11 6,849,614 ----a-w C:\Programmi\IHP_Kitchen_v331.exe
2006-08-25 16:07 609,022 ----a-w C:\Programmi\Mediacenter0.4Setup.exe
2006-08-12 14:44 14,320,552 ----a-w C:\Programmi\zlsSetup_65_731_000_it.exe
2006-08-01 16:13 692 ----a-w C:\Programmi\file_id.diz
2006-07-27 20:05 8,542,338 ----a-w C:\Programmi\klcodec227f.exe
2006-07-13 17:24 6,337,295 ----a-w C:\Programmi\bsplayer210[1].939_clip.exe
2006-07-06 21:10 8,282,187 ----a-w C:\Programmi\vlc-0.8.5-win32.exe
2006-07-06 19:37 6,206,440 ----a-w C:\Programmi\winamp524_full_emusic-7plus.exe
2006-04-28 21:09 6,970,910 ----a-w C:\Programmi\vsoConvertXtoDVD2_setup.exe
2006-03-30 19:50 3,185,664 ----a-w C:\Programmi\bxp3.exe
2006-03-30 19:45 6,221,824 ----a-w C:\Programmi\datamp.exe
2006-02-23 20:19 36,526,792 ----a-w C:\Programmi\iTunesSetup.exe
2006-02-20 19:38 329,375 ----a-w C:\Programmi\setup.exe
2006-02-07 21:30 3,641,989 ----a-w C:\Programmi\XnView-win.exe
2004-07-26 01:16 1,117,491 ----a-w C:\Programmi\dvdshrink32setup.exe
2002-10-13 19:41 7,877 ----a-w C:\Programmi\Setup.Lst
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 13:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35 202024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2004-06-11 04:15 83968]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-21 18:54 579072]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 11:48 77824 C:\WINDOWS\SOUNDMAN.EXE]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"ATICCC"="C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
"RemoteControl"="C:\Programmi\ASUS\ASUS Remote\RemoteControlAppl.exe" [2006-02-14 14:09 69632]
"PCMService"="C:\Programmi\CyberLink\PowerCinema\PCMService.exe" [2005-05-11 20:58 127118]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2006-09-25 20:22 185784]
"ZoneAlarm Client"="C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02 919280]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-02-23 21:23 155648]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"NeroFilterCheck"="C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 13:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-22 16:02 219136]
"msnmsgr"="C:\Programmi\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Esegui il programma di registrazione della chiave USB Wi-Fi Nintendo.lnk - C:\Programmi\WiFiConnector\NintendoWFCReg.exe [2007-09-19 20:31:49 1073152]
hp psc 1000 series.lnk - C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 01:17:18 147456]
hpoddt01.exe.lnk - C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58 28672]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588]
PS2 Keyboard English Edition.lnk - C:\Programmi\Delux\PS2 Keyboard English Edition\keyboard.exe [2006-02-05 12:25:06 245760]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-11 20:36]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
mysee2 REG_MULTI_SZ Mysee2_Runtime
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93d4b64f-4c83-11da-a7ef-806d6172696f}]
\Shell\AutoRun\command - E:\Bin\assetup.exe
.
Contenuto della cartella 'Scheduled Tasks'
"2008-01-29 19:00:00 C:\WINDOWS\Tasks\AFB09019918B0E45.job"
- c:\docume~1\utente\datiap~1\blehhi~1\phoneokayshim.exe
"2006-05-16 13:25:22 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1139319375.job"
- C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-29 20:38:03
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ASUS\ASUS Remote\RemoteControlAppl.exe
C:\Programmi\CyberLink\PowerCinema\PCMService.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\WiFiConnector\NintendoWFCReg.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmi\Delux\PS2 Keyboard English Edition\keyboard.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
.
**************************************************************************
.
Ora fine scansione: 2008-01-29 20:43:08 - machine was rebooted [Utente]
ComboFix-quarantined-files.txt 2008-01-29 19:43:03
.
2008-01-24 02:06:36 --- E O F ---
Troppa roba? 
Attendo notizie
saludos |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 29 Gen 2008 21:59 Oggetto: |
|
|
Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:
| Citazione: | Files to delete:
C:\WINDOWS\Tasks\AFB09019918B0E45.job
c:\docume~1\utente\datiap~1\blehhi~1\phoneokayshim.exe |
Clicca su Done
Clicca sul semaforo
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato di Avenger con un log aggiornato di hijackthis. |
|
| Top |
|
|
zerothehero
Eroe
Registrato: 25/09/07 22:21
Messaggi: 40
Residenza: somewhere over the rainbow
|
| Inviato: 29 Gen 2008 22:13 Oggetto: |
|
|
 rieccomi
hjt dice così:
Logfile of HijackThis v1.99.1
Scan saved at 21.09.37, on 29/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ASUS\ASUS Remote\RemoteControlAppl.exe
C:\Programmi\CyberLink\PowerCinema\PCMService.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\WiFiConnector\NintendoWFCReg.exe
C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmi\Delux\PS2 Keyboard English Edition\keyboard.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.1.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\ASUS\ASUS Remote\RemoteControlAppl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmi\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - Global Startup: Esegui il programma di registrazione della chiave USB Wi-Fi Nintendo.lnk = C:\Programmi\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PS2 Keyboard English Edition.lnk = ?
O8 - Extra context menu item: &Point&&Go - C:\Programmi\File comuni\Expert System\PGPlatform\PGPlatform.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {070CA17A-4BD2-4612-83B4-32B1B9159B47} - http://uc.sina.com.cn/download/live/weblive2.4.0.0.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} (TVAnts ActiveX Control) - http://www.coolstreaming.us/consolle/plug-in/tvants.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe (file missing)
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
così invece avenger:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\emmgtfyg
*******************
Script file located at: \??\C:\Documents and Settings\nlyeaqig.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\Tasks\AFB09019918B0E45.job deleted successfully.
File c:\docume~1\utente\datiap~1\blehhi~1\phoneokayshim.exe not found!
Deletion of file c:\docume~1\utente\datiap~1\blehhi~1\phoneokayshim.exe failed!
Could not process line:
c:\docume~1\utente\datiap~1\blehhi~1\phoneokayshim.exe
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
what about?
bye |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 29 Gen 2008 22:16 Oggetto: |
|
|
| Il log sembra pulito, riscontri ancora problemi? |
|
| Top |
|
|
zerothehero
Eroe
Registrato: 25/09/07 22:21
Messaggi: 40
Residenza: somewhere over the rainbow
|
| Inviato: 29 Gen 2008 22:23 Oggetto: |
 |
|
mah ora provo a navigare e ti so dire...comunque, davvero non so come ringraziare , anche per la prontezza delle risposte...
davvero grandissimi....  |
|
| Top |
|
|
|
|
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
