Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
Problema continui messaggi di chiusura applicazione....
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
cripuluz
Mortale devoto
Mortale devoto


Registrato: 28/02/07 00:44
Messaggi: 6
MessaggioInviato: 01 Mar 2007 23:20    Oggetto: Problema continui messaggi di chiusura applicazione.... Rispondi citando
Riporto scansione effettuata con HiJackThis 1.99.1, premetto che ho cercato di seguire qualche altro post, ho riavviato in modalità provvisoria, scansione con ViRIT pulito un virus ed ora la situazione sembra migliorata, ma credo ci sia ancora qualcosa.

Logfile of HijackThis v1.99.1
Scan saved at 22.14.31, on 01/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Programmi\AntiVir PersonalEdition Classic\sched.exe
D:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
D:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
D:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
D:\Programmi\Java\jre1.5.0_11\bin\jusched.exe
D:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\VEXPLITE\MONLITE.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\Programmi\Messenger\msmsgs.exe
D:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
D:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\VEXPLITE\viritsvc.exe
D:\mORPH\gUIDA+ FILE\emulev0.47a-MorphXTv8.1-bin\emule\emule.exe
D:\Programmi\Internet Explorer\IEXPLORE.EXE
D:\Programmi\Internet Explorer\IEXPLORE.EXE
D:\Programmi\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\cripu\Desktop\hijackthis_sfx\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Programmi\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "D:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "D:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Programmi\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] D:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: Download all links using BitComet - res://D:\Programmi\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://D:\Programmi\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://D:\Programmi\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172357311031
O20 - AppInit_DLLs:
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - D:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - D:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - D:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - D:\VEXPLITE\viritsvc.exe

Ringrazio anticipatamente. Very Happy
Top
Profilo Invia messaggio privato
Orange
Dio maturo
Dio maturo


Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
MessaggioInviato: 02 Mar 2007 10:06    Oggetto: Rispondi citando
ciao!
vedo che non stai usando nessun firewall, oppure usi quello di Windows per il quale vale lo stesso... Ti consiglio di metterne uno al piu presto. li puoi trovare QUI.

Scarica TOOL della Prevx
e fargli fare la scansione
Per sicurezza scarica anche quest'altro tool di Simantec

scarica GMER
Decomprimilo
Avvialo,portati sul tag "Rootkit"
Clicca su "Scan"
Attendi la fine della scansione e clicca su "Copy"
salva il log

Fai uno scan anche dell'Autostart e salva anche questo

posta qui i log dei tools, log di GMER della scheda Rootkit, e il log aggiornato di HiJack Ciao
Top
Profilo Invia messaggio privato
cripuluz
Mortale devoto
Mortale devoto


Registrato: 28/02/07 00:44
Messaggi: 6
MessaggioInviato: 02 Mar 2007 19:05    Oggetto: Rispondi citando
Intanto posto la scansione effettuata con VirIT che ha rilevato qualcosa

02/03/2007 - 15:26:47

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

C:\WINDOWS\system32\ff_vfw.dll Possibile variante da Trojan.Win32.Agent.AU

Chiavi Registro infette: 0.
Files Infetti: 1.
Files Sospetti: 0.
Files Analizzati: 72783.
Files Totali: 72783.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
Top
Profilo Invia messaggio privato
cripuluz
Mortale devoto
Mortale devoto


Registrato: 28/02/07 00:44
Messaggi: 6
MessaggioInviato: 02 Mar 2007 23:52    Oggetto: Rispondi citando
Ecco qui gli altri log:

Symantec Trojan.Linkoptimizer Removal Tool 1.0.8

Trojan.Linkoptimizer has not been found on your computer.

------------------------------------------------------------------------------------

Removal tool loaded into memory
Gromozon rootkit component not detected - searching for other components
Scanning: D:\WINDOWS
Scanning: D:\Programmi\File comuni


Trojan.Gromozon does not exist - your system is clean.

-------------------------------------------------------------------------------------

GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2007-03-02 22:48:59
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.10 ----

SSDT \??\D:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT \??\D:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess

---- Devices - GMER 1.0.10 ----

Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE BA1C0C8A

---- Files - GMER 1.0.10 ----

File C:\23f9708b6dcb5c552afca27e54a75c48\sp1\update
File C:\23f9708b6dcb5c552afca27e54a75c48\sp1\update\spcustom.dll
File C:\23f9708b6dcb5c552afca27e54a75c48\sp1\update\update.exe
File C:\c22de31287e35b8f805645\sp1\update
File C:\c22de31287e35b8f805645\sp1\update\spcustom.dll
File C:\c22de31287e35b8f805645\sp1\update\update.exe
File C:\e14bf\sp1\update
File C:\e14bf\sp1\update\spcustom.dll
File C:\e14bf\sp1\update\update.exe
File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File C:\System Volume Information\_restore{B0BBE244-9BC6-49A8-8BB9-42DB9E5E2E1D}
File D:\System Volume Information\MountPointManagerRemoteDatabase
File D:\System Volume Information\tracking.log
File D:\System Volume Information\_restore{B0BBE244-9BC6-49A8-8BB9-42DB9E5E2E1D}
File E:\System Volume Information\MountPointManagerRemoteDatabase
File E:\System Volume Information\tracking.log
File E:\System Volume Information\_restore{089E1543-3F9E-4D77-A8C0-E4FE119F3256}
File E:\System Volume Information\_restore{249584D8-BF61-4385-B17E-E096FB8445B6}
File E:\System Volume Information\_restore{79C92336-FB92-4606-B859-8E8849D6572D}
File E:\System Volume Information\_restore{B0BBE244-9BC6-49A8-8BB9-42DB9E5E2E1D}
File E:\System Volume Information\_restore{B680913E-9A62-485D-910A-6DB8C5B7D6C5}
File E:\System Volume Information\_restore{BB76FC22-D2AF-4ABD-B83C-A5DA825DC503}
File E:\System Volume Information\_restore{CA43D21E-02EC-4674-9654-E575C8A73E07}
File E:\System Volume Information\_restore{CD6874F2-9962-4A7F-B96E-CF634BC465C2}
File E:\System Volume Information\_restore{EFA78F77-F199-4EBD-8C7B-7EA7197B38D6}
File K:\System Volume Information\MountPointManagerRemoteDatabase
File K:\System Volume Information\tracking.log
File K:\System Volume Information\_restore{B0BBE244-9BC6-49A8-8BB9-42DB9E5E2E1D}
File K:\System Volume Information\_restore{B680913E-9A62-485D-910A-6DB8C5B7D6C5}
File K:\System Volume Information\_restore{CA43D21E-02EC-4674-9654-E575C8A73E07}

---- EOF - GMER 1.0.10 ----
-----------------------------------------------------------------------------------

GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2007-03-02 22:49:38
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = D:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon@DLLName = WgaLogon.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs =

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AntiVirScheduler /*AntiVir PersonalEdition Classic Scheduler*/@ = D:\Programmi\AntiVir PersonalEdition Classic\sched.exe
AntiVirService /*AntiVir PersonalEdition Classic Guard*/@ = D:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
AVG Anti-Spyware Guard /*AVG Anti-Spyware Guard*/@ = D:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
SoundMAX Agent Service (default) /*SoundMAX Agent Service*/@ = D:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
Utilità di pianificazione di LiveUpdate automatico /*Utilità di pianificazione di LiveUpdate automatico*/@ = "D:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SoundMAXPnPD:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe /*file not found*/ = D:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe /*file not found*/
@SoundMAX"D:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray /*file not found*/ = "D:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray /*file not found*/
@PtiuPbmdRundll32.exe ptipbm.dll,SetWriteBack = Rundll32.exe ptipbm.dll,SetWriteBack
@NeroFilterCheckD:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe = D:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
@avgnt"D:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min = "D:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
@SunJavaUpdateSched"D:\Programmi\Java\jre1.5.0_11\bin\jusched.exe" = "D:\Programmi\Java\jre1.5.0_11\bin\jusched.exe"
@!AVG Anti-Spyware"D:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized = "D:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXED:\WINDOWS\system32\ctfmon.exe = D:\WINDOWS\system32\ctfmon.exe
@MSMSGS"D:\Programmi\Messenger\msmsgs.exe" /background = "D:\Programmi\Messenger\msmsgs.exe" /background
@BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"D:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" = "D:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = D:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{57B86673-276A-48B2-BAE7-C6DBB3020EB8} = D:\Programmi\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/D:\Programmi\WinRAR\rarext.dll = D:\Programmi\WinRAR\rarext.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/D:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = D:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/D:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = D:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/D:\Programmi\AntiVir PersonalEdition Classic\shlext.dll = D:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = D:\Programmi\Grisoft\AVG Anti-Spyware 7.5\context.dll
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = D:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = D:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = D:\Programmi\Grisoft\AVG Anti-Spyware 7.5\context.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = D:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = D:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}D:\Programmi\BitComet\tools\BitCometBHO_1.1.2.7.dll = D:\Programmi\BitComet\tools\BitCometBHO_1.1.2.7.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}D:\Programmi\Java\jre1.5.0_11\bin\ssv.dll = D:\Programmi\Java\jre1.5.0_11\bin\ssv.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = D:\WINDOWS\System32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageD:\WINDOWS\system32\blank.htm = D:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = D:\WINDOWS\system32\msvidctl.dll
its@CLSID = D:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = D:\WINDOWS\system32\itss.dll
tv@CLSID = D:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = D:\WINDOWS\system32\wiascr.dll

---- EOF - GMER 1.0.10 ----
-------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 22.50.38, on 02/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Programmi\AntiVir PersonalEdition Classic\sched.exe
D:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
D:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
D:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
D:\Programmi\Java\jre1.5.0_11\bin\jusched.exe
D:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
D:\Programmi\Internet Explorer\IEXPLORE.EXE
D:\Programmi\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\cripu\Desktop\hijackthis_sfx\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Programmi\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "D:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "D:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Programmi\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: Download all links using BitComet - res://D:\Programmi\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://D:\Programmi\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://D:\Programmi\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172357311031
O20 - AppInit_DLLs:
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - D:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - D:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - D:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe

-------------------------------------------------------------------------------------

Devo dire che mi sembra le cose vadano un pò meglio ora, ma attendo vostre indicazioni.
Ciao e grazie Very Happy Very Happy
Top
Profilo Invia messaggio privato
Orange
Dio maturo
Dio maturo


Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
MessaggioInviato: 03 Mar 2007 00:29    Oggetto: Rispondi citando
ciao!
in effetti vai meglio...
adesso
Avvia il PC in modalita provvisoria, avvia HiJackThis, clicca "Do a sistem scan only", seleziona queste voci e premi su "fix checked":

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O20 - AppInit_DLLs:

ripulisci il sistema con CCleaner
prima di effettuare la pulizia, vai in Opzioni\Avanzate e togli la spunta a :
"Cancella files in windows temp solo se piu vecchi di 48 ore"

Pulisci il registro con Eusing Free Registry Cleaner

rifai la scansione con HiJack e posta qui il risultato per l'ultimo controllo
Top
Profilo Invia messaggio privato
cripuluz
Mortale devoto
Mortale devoto


Registrato: 28/02/07 00:44
Messaggi: 6
MessaggioInviato: 03 Mar 2007 01:07    Oggetto: Rispondi citando
...eseguito tutto...riposto il nuovo log:

Logfile of HijackThis v1.99.1
Scan saved at 0.05.48, on 03/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Programmi\AntiVir PersonalEdition Classic\sched.exe
D:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
D:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Programmi\Comodo\Firewall\cmdagent.exe
D:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
D:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
D:\Programmi\Java\jre1.5.0_11\bin\jusched.exe
D:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Programmi\Comodo\Firewall\CPF.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Programmi\Messenger\msmsgs.exe
D:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
D:\Programmi\Internet Explorer\IEXPLORE.EXE
D:\mORPH\gUIDA+ FILE\emulev0.47a-MorphXTv8.1-bin\emule\emule.exe
D:\Documents and Settings\cripu\Desktop\hijackthis_sfx\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Programmi\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "D:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Programmi\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\Programmi\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: Download all links using BitComet - res://D:\Programmi\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://D:\Programmi\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://D:\Programmi\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172357311031
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - D:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - D:\Programmi\Comodo\Firewall\cmdagent.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - D:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - D:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe

ora è tutto ok? Shocked
Top
Profilo Invia messaggio privato
Orange
Dio maturo
Dio maturo


Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
MessaggioInviato: 03 Mar 2007 01:19    Oggetto: Rispondi citando
Adesso è perfetto Vittoria
Riscontri ancora problemi?
Top
Profilo Invia messaggio privato
cripuluz
Mortale devoto
Mortale devoto


Registrato: 28/02/07 00:44
Messaggi: 6
MessaggioInviato: 03 Mar 2007 09:42    Oggetto: Rispondi
ora funziona molto bene grazie mille!!! Very Happy Very Happy
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Pagina 1 di 1

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi