Olimpo Informatico

poiu · Eroe in grazia degli dei Registrato: 07/02/07 12:57 Messaggi: 81

Salve a tutti,
ho diversi problemi con il mio portatile..in particolare non mi è possibile usare internet explorer e appena accedo..cioè effettuo la connessione..il pc da errore e mi si spegne.

vi posto il log di hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 20.28.17, on 26/01/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\Programmi\Symantec\WinFax\WFXMOD32.EXE
C:\WINDOWS\Explorer.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Logitech\Video\LogiTray.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\System32\wfxsnt40.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Documents and Settings\serena\Desktop\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dbsarticles.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\System32\nwchqaie.dll
O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS\DH.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ATLDistrib Object - {83A5F7B7-DC75-44CE-9195-264F41709FA9} - C:\WINDOWS\System32\jkkjh.dll (file missing)
O2 - BHO: XBTB04715 - {A8B0BDED-64A5-495b-97DA-42C0301E229B} - C:\PROGRA~1\TOOLBA~1\TOOLBA~1.DLL (file missing)
O2 - BHO: IE Assistant - {B08D32DE-64B2-4137-8345-87293E70D40B} - C:\WINDOWS\System32\iea.dll (file missing)
O2 - BHO: (no name) - {E5A1BB63-875E-45A6-809E-97138DFC9B1C} - C:\WINDOWS\Fonts\ewbcp.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\System32\pmnnl.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard25.exe
O4 - HKLM\..\Run: [newname] C:\\newname25.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmi\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmi\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programmi\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\RunServices: [Service] svchost32.exe
O4 - HKLM\..\RunServices: [MSN MESSENGER 9.0] messengerr.exe
O4 - HKLM\..\RunServices: [ActiveScript32] C:\WINDOWS\System32\nod.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Updata] yfyvp.exe
O4 - HKLM\..\RunServices: [Windows Service Agccnt] wupbuim.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Acrobat Read] C:\WINDOWS\System32\acroup32.exe
O4 - HKCU\..\Run: [Offices Monitorse] C:\WINDOWS\System32\algose32.exe
O4 - HKCU\..\Run: [MSN MESSENGER 9.0] messengerr.exe
O4 - HKCU\..\Run: [Office Monitor Word Exel R] C:\WINDOWS\System32\u.exe
O4 - HKCU\..\Run: [Office Monitors] C:\WINDOWS\System32\GoogleUpdater.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Service Update] C:\WINDOWS\System32\alggg.exe
O4 - HKCU\..\Run: [Windows Security Center Notification Appls] C:\WINDOWS\System32\sxe.exe
O4 - HKCU\..\Run: [Windows Service Update] C:\WINDOWS\System32\mswsgs.exe
O4 - HKCU\..\Run: [Nex] C:\WINDOWS\System32\nex.exe
O4 - HKCU\..\Run: [Windows Security Centers] C:\WINDOWS\System32\wimnini.exe
O4 - HKCU\..\Run: [ICQ Agent] C:\WINDOWS\System32\icq6.exe
O4 - HKCU\..\Run: [Microsoft Update] C:\WINDOWS\System32\mdm.exe
O4 - HKCU\..\Run: [Network Security] C:\WINDOWS\System32\NSecurity.exe
O4 - HKCU\..\Run: [Office Monitor] C:\WINDOWS\System32\alg32.exe
O4 - HKCU\..\Run: [Intec Service Drivers] C:\WINDOWS\System32\wing32.exe
O4 - HKCU\..\Run: [Microsoft Office] C:\WINDOWS\System32\mdm.exe
O4 - HKCU\..\Run: [Microsoft Windows Updata] yfyvp.exe
O4 - HKCU\..\Run: [Windows Service Agccnt] wupbuim.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Global Startup: Trojan Guarder Gold Version.lnk = C:\Programmi\Trojan Guarder Gold Version\Trojan Guarder.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ewbcp - C:\WINDOWS\Fonts\ewbcp.dll (file missing)
O20 - Winlogon Notify: jkkjh - C:\WINDOWS\System32\jkkjh.dll (file missing)
O20 - Winlogon Notify: pmnnl - pmnnl.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Microsoft Malware Remover (MMRServ) - Unknown owner - C:\WINDOWS\system32\mmrserv.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Universal Plug and Play Manager (PnP Manager) - Unknown owner - C:\WINDOWS\System32\pnpmgr.exe (file missing)
O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINDOWS\shost.exe (file missing)
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE

grazie a chiunque mi sappia dare un diritta!!

Sante62 · Dio maturo Registrato: 27/06/07 17:55 Messaggi: 3477 Residenza: Floridia

Ciao poiu

e benvenuto..
Scarica Vundofix sul desktop
- Esegui VundoFix.exe
- Clicca Scan for Vundo.
- al termine della scansione, clicca Remove Vundo.
- ti chiede se vuoi eliminare i files infetti, clicca YES
- il tuo video diventerà nero durante la rimozione di Vundo.
- al termine ti chiederà di riavviare il pc, clicca OK.
- Copia qui il contenuto del log C:\vundofix.txt e un nuovo log di hijackthis.

Nota: VundoFix potrebbe non riuscire ad eliminare qualche file. In questo caso, VundoFix si avvierà automaticamente al riavvio del pc, ripeti le operazioni indicate sopra partendo da "Clicca Scan for Vundo" quando VundoFix apparirà al riavvio.
Poi Salva questo file sul desktop.
Avvia il pc in modalità provvisoria.
Esegui il programma appena scaricato.
Al termine, riavvia il pc in modalità normale e posta qui il log generato.

bdoriano

Ciao poiu, Ciao

sei conciato parecchio male! Shocked

Scarica VundoFix, VirtumundoBegone , Norman Malware Cleaner e salvali sul desktop.
Disabilita il ripristino di sistema
Avvia VundoFix
Seleziona Scan for Vundo e a scansione terminata scegli Remove Vundo.
Clicca Yes e alla richiesta di riavviare il Pc rispondi Ok.
Al riavvio dovrebbe comparire il blocco-note con dentro il log, salva il contenuto in un file.
Ora avvia in modalità provvisoria
Avvia VirtumundoBeGone e segui le indicazioni a video.
Avvia Norman Malware Cleaner e fagli fare la scansione completa.
Viene generato un log sul desktop chiamandolo NFix_2008-01-gg_hh-mm-ss.log
Riavvia il pc in modalità normale
Segui le istruzioni di questo topic per postare il log di combofix.
Posta anche i logs di VundoFix, VirtuMondeBegone, Norman Malware Cleaner
Fai anche un nuovo log di HijackThis e mettilo qui.

poiu · Eroe in grazia degli dei Registrato: 07/02/07 12:57 Messaggi: 81

"Al riavvio dovrebbe comparire il blocco-note con dentro il log, salva il contenuto in un file. "

non è comparso niente..vado avanti?

bdoriano

vai avanti e fai tutto il resto, al termine posta tutti i logs che puoi. Razz

poiu · Eroe in grazia degli dei Registrato: 07/02/07 12:57 Messaggi: 81

ci siamo..ecco i risultati:

[01/27/2008, 9:29:00] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\serena\Desktop\VirtumundoBeGone.exe" )
[01/27/2008, 9:29:15] - Detected System Information:
[01/27/2008, 9:29:15] - Windows Version: 5.1.2600, Service Pack 1
[01/27/2008, 9:29:15] - Current Username: serena (Admin)
[01/27/2008, 9:29:15] - Windows is in SAFE mode with Networking.
[01/27/2008, 9:29:15] - Searching for Browser Helper Objects:
[01/27/2008, 9:29:15] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[01/27/2008, 9:29:15] - BHO 2: {1557B435-8242-4686-9AA3-9265BF7525A4} ()
[01/27/2008, 9:29:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/27/2008, 9:29:15] - Checking for HKLM\...\Winlogon\Notify\nwchqaie
[01/27/2008, 9:29:15] - Key not found: HKLM\...\Winlogon\Notify\nwchqaie, continuing.
[01/27/2008, 9:29:15] - BHO 3: {6001CDF7-6F45-471b-A203-0225615E35A7} ()
[01/27/2008, 9:29:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/27/2008, 9:29:15] - Checking for HKLM\...\Winlogon\Notify\DH
[01/27/2008, 9:29:15] - Key not found: HKLM\...\Winlogon\Notify\DH, continuing.
[01/27/2008, 9:29:15] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[01/27/2008, 9:29:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/27/2008, 9:29:15] - No filename found. Continuing.
[01/27/2008, 9:29:15] - BHO 5: {A8B0BDED-64A5-495b-97DA-42C0301E229B} (XBTB04715 Class)
[01/27/2008, 9:29:15] - BHO 6: {B08D32DE-64B2-4137-8345-87293E70D40B} (Assistant Class)
[01/27/2008, 9:29:15] - BHO 7: {E5A1BB63-875E-45A6-809E-97138DFC9B1C} ()
[01/27/2008, 9:29:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/27/2008, 9:29:15] - Checking for HKLM\...\Winlogon\Notify\ewbcp
[01/27/2008, 9:29:15] - Found: HKLM\...\Winlogon\Notify\ewbcp - This is probably Virtumundo.
[01/27/2008, 9:29:15] - Assigning {E5A1BB63-875E-45A6-809E-97138DFC9B1C} MSEvents Object
[01/27/2008, 9:29:15] - BHO list has been changed! Starting over...
[01/27/2008, 9:29:15] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[01/27/2008, 9:29:15] - BHO 2: {1557B435-8242-4686-9AA3-9265BF7525A4} ()
[01/27/2008, 9:29:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/27/2008, 9:29:16] - Checking for HKLM\...\Winlogon\Notify\nwchqaie
[01/27/2008, 9:29:16] - Key not found: HKLM\...\Winlogon\Notify\nwchqaie, continuing.
[01/27/2008, 9:29:16] - BHO 3: {6001CDF7-6F45-471b-A203-0225615E35A7} ()
[01/27/2008, 9:29:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/27/2008, 9:29:16] - Checking for HKLM\...\Winlogon\Notify\DH
[01/27/2008, 9:29:16] - Key not found: HKLM\...\Winlogon\Notify\DH, continuing.
[01/27/2008, 9:29:16] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[01/27/2008, 9:29:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/27/2008, 9:29:16] - No filename found. Continuing.
[01/27/2008, 9:29:16] - BHO 5: {A8B0BDED-64A5-495b-97DA-42C0301E229B} (XBTB04715 Class)
[01/27/2008, 9:29:16] - BHO 6: {B08D32DE-64B2-4137-8345-87293E70D40B} (Assistant Class)
[01/27/2008, 9:29:16] - BHO 7: {E5A1BB63-875E-45A6-809E-97138DFC9B1C} (MSEvents Object)
[01/27/2008, 9:29:16] - ALERT: Found MSEvents Object!
[01/27/2008, 9:29:16] - BHO 8: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[01/27/2008, 9:29:16] - Finished Searching Browser Helper Objects
[01/27/2008, 9:29:16] - *** Detected MSEvents Object
[01/27/2008, 9:29:16] - Trying to remove MSEvents Object...
[01/27/2008, 9:29:17] - Terminating Process: IEXPLORE.EXE
[01/27/2008, 9:29:17] - Terminating Process: RUNDLL32.EXE
[01/27/2008, 9:29:17] - Disabling Automatic Shell Restart
[01/27/2008, 9:29:17] - Terminating Process: EXPLORER.EXE
[01/27/2008, 9:29:17] - Suspending the NT Session Manager System Service
[01/27/2008, 9:29:17] - Terminating Windows NT Logon/Logoff Manager
[01/27/2008, 9:29:18] - Re-enabling Automatic Shell Restart
[01/27/2008, 9:29:18] - File to disable: C:\WINDOWS\Fonts\ewbcp.dll
[01/27/2008, 9:29:18] - Removing HKLM\...\Browser Helper Objects\{E5A1BB63-875E-45A6-809E-97138DFC9B1C}
[01/27/2008, 9:29:18] - Removing HKCR\CLSID\{E5A1BB63-875E-45A6-809E-97138DFC9B1C}
[01/27/2008, 9:29:18] - Adding Kill Bit for ActiveX for GUID: {E5A1BB63-875E-45A6-809E-97138DFC9B1C}
[01/27/2008, 9:29:18] - Deleting ATLEvents/MSEvents Registry entries
[01/27/2008, 9:29:18] - Removing HKLM\...\Winlogon\Notify\ewbcp
[01/27/2008, 9:29:18] - Searching for Browser Helper Objects:
[01/27/2008, 9:29:18] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[01/27/2008, 9:29:18] - BHO 2: {1557B435-8242-4686-9AA3-9265BF7525A4} ()
[01/27/2008, 9:29:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/27/2008, 9:29:18] - Checking for HKLM\...\Winlogon\Notify\nwchqaie
[01/27/2008, 9:29:18] - Key not found: HKLM\...\Winlogon\Notify\nwchqaie, continuing.
[01/27/2008, 9:29:18] - BHO 3: {6001CDF7-6F45-471b-A203-0225615E35A7} ()
[01/27/2008, 9:29:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/27/2008, 9:29:18] - Checking for HKLM\...\Winlogon\Notify\DH
[01/27/2008, 9:29:18] - Key not found: HKLM\...\Winlogon\Notify\DH, continuing.
[01/27/2008, 9:29:18] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[01/27/2008, 9:29:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/27/2008, 9:29:18] - No filename found. Continuing.
[01/27/2008, 9:29:18] - BHO 5: {A8B0BDED-64A5-495b-97DA-42C0301E229B} (XBTB04715 Class)
[01/27/2008, 9:29:18] - BHO 6: {B08D32DE-64B2-4137-8345-87293E70D40B} (Assistant Class)
[01/27/2008, 9:29:18] - BHO 7: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[01/27/2008, 9:29:18] - Finished Searching Browser Helper Objects
[01/27/2008, 9:29:18] - Finishing up...
[01/27/2008, 9:29:18] - A restart is needed.
[01/27/2008, 9:29:22] - Attempting to Restart via STOP error (Blue Screen!)

[01/27/2008, 9:30:53] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\serena\Desktop\VirtumundoBeGone.exe" )
[01/27/2008, 9:31:05] - Detected System Information:
[01/27/2008, 9:31:05] - Windows Version: 5.1.2600, Service Pack 1
[01/27/2008, 9:31:05] - Current Username: serena (Admin)
[01/27/2008, 9:31:05] - Windows is in SAFE mode.
[01/27/2008, 9:31:05] - Searching for Browser Helper Objects:
[01/27/2008, 9:31:05] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[01/27/2008, 9:31:05] - BHO 2: {1557B435-8242-4686-9AA3-9265BF7525A4} ()
[01/27/2008, 9:31:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/27/2008, 9:31:05] - Checking for HKLM\...\Winlogon\Notify\nwchqaie
[01/27/2008, 9:31:05] - Key not found: HKLM\...\Winlogon\Notify\nwchqaie, continuing.
[01/27/2008, 9:31:05] - BHO 3: {6001CDF7-6F45-471b-A203-0225615E35A7} ()
[01/27/2008, 9:31:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/27/2008, 9:31:05] - Checking for HKLM\...\Winlogon\Notify\DH
[01/27/2008, 9:31:05] - Key not found: HKLM\...\Winlogon\Notify\DH, continuing.
[01/27/2008, 9:31:05] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[01/27/2008, 9:31:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/27/2008, 9:31:05] - No filename found. Continuing.
[01/27/2008, 9:31:05] - BHO 5: {A8B0BDED-64A5-495b-97DA-42C0301E229B} (XBTB04715 Class)
[01/27/2008, 9:31:05] - BHO 6: {B08D32DE-64B2-4137-8345-87293E70D40B} (Assistant Class)
[01/27/2008, 9:31:05] - BHO 7: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[01/27/2008, 9:31:05] - Finished Searching Browser Helper Objects
[01/27/2008, 9:31:05] - Finishing up...
[01/27/2008, 9:31:05] - Nothing found! Exiting...

--------------------------------------------------------------------------------------

Norman Malware Cleaner
Copyright © 1990 - 2007, Norman ASA. Built 2008/01/21 17:03:23

Norman Scanner Engine Version: 5.91.08
Nvcbin.def Version: 5.90.00, Date: 2008/01/21 17:03:23, Variants: 1190495

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Home 5.1.2600(Safe mode with network) Service Pack 1
Logged on user: SERENA-B96L5WC7\serena

Scan started: 27/01/2008 09:32:24

Scanning running processes and process memory...

C:\WINDOWS\System32\Drivers\Fgmd48.sys (Infected with W32/Rootkit.AVX)
Deleted file

Number of processes/threads found: 564
Number of processes/threads scanned: 564
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 12s

Scanning file system...

Scanning: C:\*.*

C:\c2asdp.exe (Infected with Multidrp.HD)
Deleted file

C:\cp.exe (Infected with Multidrp.HD)
Deleted file

C:\Installer.exe (Infected with W32/SmartLoad.C)
Deleted file

C:\msrwl32.exe (Infected with Suspicious_F.gen)
Deleted file

C:\nenc.exe (Infected with Tibs.gen116)
Deleted file

C:\ntlds (Infected with W32/Ircbot.YPU)
Deleted file

C:\warebundle.exe (Infected with W32/SmartLoad.C)
Deleted file

C:\CA\eTrust EZ Armor\eTrust EZ Antivirus\autodown.exe (Infected with W32/Malware.JX)
Deleted file

C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\N1NVOFTS\adv691[1].exe (Infected with Suspicious_F.gen)
Deleted file

C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\N1NVOFTS\cp[1].exe (Infected with Multidrp.HD)
Deleted file

C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\Z09961CG\adv691[1].exe (Infected with Suspicious_F.gen)
Deleted file

C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\Z09961CG\adv691[2].exe (Infected with Suspicious_F.gen)
Deleted file

C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\Z09961CG\adv691[3].exe (Infected with Suspicious_F.gen)
Deleted file

C:\Documents and Settings\serena\Impostazioni locali\Temp\csimtnco.dll (Infected with W32/Virtumonde.GIT)
Deleted file

C:\Documents and Settings\serena\Impostazioni locali\Temp\dl98468.exe (Infected with W32/Ircbot.VTD)
Deleted file

C:\Documents and Settings\serena\Impostazioni locali\Temp\pgytbkrf.dll (Infected with W32/Virtumonde.GJC)
Deleted file

C:\Documents and Settings\serena\Impostazioni locali\Temp\qeijjowr.dll (Infected with W32/Virtumonde.GIT)
Deleted file

C:\Documents and Settings\serena\Impostazioni locali\Temp\wxeputff.dll (Infected with W32/Virtumonde.GIT)
Deleted file

C:\WINDOWS\inst_adperform.exe (Infected with BargainBuddy.CJ)
Deleted file

C:\WINDOWS\system\msnrav.exe (Infected with SDBot.gen8)
Deleted file

C:\WINDOWS\system32\a.exe (Infected with W32/Ircbot.YAM)
Deleted file

C:\WINDOWS\system32\download.dat (Infected with Text/BotFTP.gen)
Deleted file

C:\WINDOWS\system32\eraseme_33052.exe (Infected with W32/SDBot.UYR)
Deleted file

C:\WINDOWS\system32\i (Infected with Text/BotFTP.gen)
Deleted file

C:\WINDOWS\system32\net.ini (Infected with Text/BotFTP.gen)
Deleted file

C:\WINDOWS\system32\netload.tff (Infected with Text/BotFTP.gen)
Deleted file

C:\WINDOWS\system32\nwchqaie.dll (Infected with W32/BHO.PX)
Deleted file

C:\WINDOWS\system32\o (Infected with Text/BotFTP.gen)
Deleted file

C:\WINDOWS\system32\scontrol.inf (Infected with Text/BotFTP.gen)
Deleted file

C:\WINDOWS\system32\TFTP1324 (Infected with W32/Spybot.UAV)
Deleted file

C:\WINDOWS\system32\TFTP3232 (Infected with W32/Spybot.AUJT)
Deleted file

C:\WINDOWS\system32\wimimi.exe (Infected with W32/WinFixer.TH)
Deleted file

C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\01QZ0TQZ\hp[1].exe (Infected with W32/Startpage.dam)
Deleted file

C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\01QZ0TQZ\iea[1].exe (Infected with W32/BHO.SF)
Deleted file

C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\01QZ0TQZ\lam[1].exe (Infected with W32/Spybot.BOKK)
Deleted file

C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\0XUJO1AR\aaa[1].exe (Infected with W32/Malware.QSH)
Deleted file

C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\0XUJO1AR\db[1].exe (Infected with W32/Ircbot.XZF)
Deleted file

C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\0XUJO1AR\dcv[1].jpg (Infected with W32/Agent.DYCF)
Deleted file

C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\0XUJO1AR\edcv[1].jpg (Infected with W32/Ircbot.VTD)
Deleted file

C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\0XUJO1AR\lam[1].exe (Infected with W32/SDBot.dam)
Deleted file

C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\0XUJO1AR\lam[4].exe (Infected with W32/Ircbot.WMZ)
Deleted file

C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\0XUJO1AR\rz[1].exe (Infected with W32/Malware.JQJ)
Deleted file

C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\85EB05AB\info[1].exe (Infected with W32/Ircbot.WMZ)
Deleted file

C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\STMBCXYJ\info[2].exe (Infected with W32/Startpage.EVN)
Deleted file

C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\STMBCXYJ\rz[1].exe (Infected with W32/Malware.JQJ)
Deleted file

C:\WINDOWS\Temp\flx15517.exe (Infected with W32/Startpage.dam)
Deleted file

Scanning: c:\System Volume Information\*.*

Running post-scan cleanup routine:

Number of files found: 79231
Number of archives unpacked: 680
Number of files scanned: 79207
Number of files not scanned: 24
Number of files skipped due to exclude list: 0
Number of infected files found: 46
Number of infected files repaired/deleted: 46
Number of infections removed: 46
Total scanning time: 25m 16s

------------------------------------------------------------------------------------

ComboFix 08-01-23.1C - serena 2008-01-27 10.11.17.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1040.18.323 [GMT 1:00]
Eseguito da: C:\Documents and Settings\serena\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\msn.exe
C:\Programmi\File comuni\inetget
C:\Programmi\inetget2
C:\Programmi\windows
C:\Programmi\windows\WinUpdate.fld
C:\WINDOWS\drsmartload2.dat
C:\WINDOWS\gimmygames.dat
C:\WINDOWS\gimmygames1.dat
C:\WINDOWS\keyboard1.dat
C:\WINDOWS\keyboard21.dat
C:\WINDOWS\newname.dat
C:\WINDOWS\system32\drivers\symavc32.sys
C:\WINDOWS\system32\f.exe
C:\WINDOWS\system32\ftpupd.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\sys_dll.dll
C:\WINDOWS\teller2.chk
C:\WINDOWS\winsysupd111.dat
C:\WINDOWS\winsysupd121.dat
C:\WINDOWS\winsysupd41.dat
C:\WINDOWS\winsysupd51.dat
C:\WINDOWS\winsysupd61.dat
C:\WINDOWS\winsysupd71.dat
C:\WINDOWS\winsysupd81.dat
C:\WINDOWS\winsysupd91.dat

.
((((((((((((((((((((((((( Files Creati Da 2007-12-27 al 2008-01-27 )))))))))))))))))))))))))))))))))))
.

2008-01-27 10:10 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-27 09:08 . 2008-01-27 09:24 <DIR> d-------- C:\VundoFix Backups
2008-01-26 21:45 . 2004-10-05 17:41 52,864 --a------ C:\WINDOWS\system32\drivers\CnxTrUsb.sys
2008-01-26 21:45 . 2004-10-05 17:41 25,984 --a------ C:\WINDOWS\system32\drivers\CnxTrLan.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-27 08:04 --------- d-----w C:\Programmi\Trojan Guarder Gold Version
2008-01-26 20:45 --------- d-----w C:\Programmi\Pirelli
2008-01-26 20:44 --------- d-----w C:\Programmi\Alice ti aiuta
2008-01-26 20:43 --------- d--h--w C:\Programmi\InstallShield Installation Information
2007-12-17 13:54 --------- d-----w C:\Programmi\RecordNow!
2007-12-17 13:51 --------- d-----w C:\Programmi\HPQ
2007-12-17 13:48 --------- d-----w C:\Programmi\iTunes
2007-03-18 22:22 101 ----a-w C:\Programmi\FxSasser.log
2007-03-18 22:11 151,696 ----a-w C:\Programmi\FxSasser.exe
2007-03-18 16:40 120,568 ----a-w C:\Programmi\BootSafe.exe
2006-01-16 11:43 88,671 --sha-w C:\WINDOWS\system32\hjkkj.bak1
2006-02-19 21:41 232,895 --sha-w C:\WINDOWS\system32\hjkkj.bak2
2006-03-14 18:45 88,741 --sha-w C:\WINDOWS\system32\hjkkj.ini2
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8B0BDED-64A5-495b-97DA-42C0301E229B}]
C:\PROGRA~1\TOOLBA~1\TOOLBA~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B08D32DE-64B2-4137-8345-87293E70D40B}]
C:\WINDOWS\System32\iea.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2003-04-08 20:00 13312]
"RecordNow!"="" []
"Acrobat Read"="C:\WINDOWS\System32\acroup32.exe" [ ]
"Offices Monitorse"="C:\WINDOWS\System32\algose32.exe" [ ]
"MSN MESSENGER 9.0"="messengerr.exe" []
"Office Monitor Word Exel R"="C:\WINDOWS\System32\u.exe" [ ]
"Office Monitors"="C:\WINDOWS\System32\GoogleUpdater.exe" [ ]
"updateMgr"="C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]
"Service Update"="C:\WINDOWS\System32\alggg.exe" [ ]
"Windows Security Center Notification Appls"="C:\WINDOWS\System32\sxe.exe" [ ]
"Windows Service Update"="C:\WINDOWS\System32\mswsgs.exe" [ ]
"Nex"="C:\WINDOWS\System32\nex.exe" [ ]
"Windows Security Centers"="C:\WINDOWS\System32\wimnini.exe" [ ]
"ICQ Agent"="C:\WINDOWS\System32\icq6.exe" [ ]
"Network Security"="C:\WINDOWS\System32\NSecurity.exe" [ ]
"Office Monitor"="C:\WINDOWS\System32\alg32.exe" [ ]
"Intec Service Drivers"="C:\WINDOWS\System32\wing32.exe" [ ]
"Microsoft Office"="C:\WINDOWS\System32\mdm.exe" [ ]
"Microsoft Windows Updata"="yfyvp.exe" []
"Windows Service Agccnt"="wupbuim.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"SynTPLpr"="C:\Programmi\Synaptics\SynTP\SynTPLpr.exe" [2004-02-05 20:08 110592]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2004-02-05 20:08 618496]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-02-05 20:08 4730880]
"nwiz"="nwiz.exe" [2004-02-05 20:08 323584 C:\WINDOWS\system32\nwiz.exe]
"Cpqset"="C:\Programmi\HPQ\Default Settings\cpqset.exe" [2003-09-25 15:50 196670]
"eabconfg.cpl"="C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe" [2003-10-28 11:03 237568]
"RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"LogitechVideoRepair"="C:\Programmi\Logitech\Video\ISStart.exe" [2004-02-12 15:57 188416]
"LogitechVideoTray"="C:\Programmi\Logitech\Video\LogiTray.exe" [2004-02-12 15:59 77824]
"LogitechGalleryRepair"="C:\Programmi\Logitech\Video\ISStart.exe" [2004-02-12 15:57 188416]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2006-02-23 15:45 278528]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-07-03 22:48 282624]
"PE2CKFNT SE"="C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 11:51 25088]
"WinFaxAppPortStarter"="wfxsnt40.exe" [2000-02-17 14:11 43008 C:\WINDOWS\system32\WFXSNT40.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Service"="svchost32.exe" []
"MSN MESSENGER 9.0"="messengerr.exe" []
"ActiveScript32"="C:\WINDOWS\System32\nod.exe" [ ]
"Microsoft Windows Updata"="yfyvp.exe" []
"Windows Service Agccnt"="wupbuim.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2003-04-08 20:00 13312]
"Service"="svchost32.exe" []
"Acrobat Read"="C:\WINDOWS\System32\acroup32.exe" [ ]
"Offices Monitorse"="C:\WINDOWS\System32\algose32.exe" [ ]
"MSN MESSENGER 9.0"="messengerr.exe" []
"Office Monitor Word Exel R"="C:\WINDOWS\System32\u.exe" [ ]
"Office Monitors"="C:\WINDOWS\System32\GoogleUpdater.exe" [ ]
"Service Update"="C:\WINDOWS\System32\alggg.exe" [ ]
"Windows Security Center Notification Appls"="C:\WINDOWS\System32\sxe.exe" [ ]
"Windows Service Update"="C:\WINDOWS\System32\mswsgs.exe" [ ]
"Network Security"="C:\WINDOWS\System32\NSecurity.exe" [ ]
"Nex"="C:\WINDOWS\System32\nex.exe" [ ]
"Windows Security Centers"="C:\WINDOWS\System32\wimnini.exe" [ ]
"ICQ Agent"="C:\WINDOWS\System32\icq6.exe" [ ]
"Microsoft Update"="C:\WINDOWS\System32\mdm.exe" [ ]
"Office Monitor"="C:\WINDOWS\System32\alg32.exe" [ ]
"Microsoft Office"="C:\WINDOWS\System32\mdm.exe" [ ]
"Microsoft Windows Updata"="yfyvp.exe" []
"Windows Service Agccnt"="wupbuim.exe" []

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2007-04-13 14:12:16 212992]
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
Photo Express Calendar Checker SE.lnk - C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe [2007-06-29 20:56:47 55296]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= C:\Programmi\Symantec\WinFax\WfxSeh32.Dll [1998-07-27 03:54 38400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkjh]
C:\WINDOWS\System32\jkkjh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnl]
pmnnl.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
ActiveScript32 REG_SZ C:\WINDOWS\System32\nod.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Automatic Update]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PnP Manager]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcMon]
@="Service"

R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-07-01 22:26]
R2 ScFBPNT2;CanoScan FBP2 Port Driver;C:\WINDOWS\System32\drivers\ScFBPNT2.SYS [1999-05-21 00:00]
R2 wfxsvc;WinFax PRO;C:\WINDOWS\System32\WFXSVC.EXE [2000-02-25 09:06]
R3 EMCR;EMCR;C:\WINDOWS\System32\DRIVERS\EMCR7SK.sys [2004-02-05 20:06]
S2 MMRServ;Microsoft Malware Remover;"C:\WINDOWS\system32\mmrserv.exe" []
S2 PnP Manager;Universal Plug and Play Manager;C:\WINDOWS\System32\pnpmgr.exe []
S2 ServiceHost;Service Hosts;"C:\WINDOWS\shost.exe" []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-27 10:14:53
Windows 5.1.2600 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Programmi\HPQ\Default Settings\cpqset.exe????????????)?*w?????????? ???B???????????????B????????

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-01-27 10:16:32 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-27 09:16:30

--------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10.17.25, on 27/01/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\Programmi\Symantec\WinFax\WFXMOD32.EXE
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Logitech\Video\LogiTray.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\System32\wfxsnt40.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Documents and Settings\serena\Desktop\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dbsarticles.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: XBTB04715 - {A8B0BDED-64A5-495b-97DA-42C0301E229B} - C:\PROGRA~1\TOOLBA~1\TOOLBA~1.DLL (file missing)
O2 - BHO: IE Assistant - {B08D32DE-64B2-4137-8345-87293E70D40B} - C:\WINDOWS\System32\iea.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmi\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmi\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programmi\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\RunServices: [Service] svchost32.exe
O4 - HKLM\..\RunServices: [MSN MESSENGER 9.0] messengerr.exe
O4 - HKLM\..\RunServices: [ActiveScript32] C:\WINDOWS\System32\nod.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Updata] yfyvp.exe
O4 - HKLM\..\RunServices: [Windows Service Agccnt] wupbuim.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Acrobat Read] C:\WINDOWS\System32\acroup32.exe
O4 - HKCU\..\Run: [Offices Monitorse] C:\WINDOWS\System32\algose32.exe
O4 - HKCU\..\Run: [MSN MESSENGER 9.0] messengerr.exe
O4 - HKCU\..\Run: [Office Monitor Word Exel R] C:\WINDOWS\System32\u.exe
O4 - HKCU\..\Run: [Office Monitors] C:\WINDOWS\System32\GoogleUpdater.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Service Update] C:\WINDOWS\System32\alggg.exe
O4 - HKCU\..\Run: [Windows Security Center Notification Appls] C:\WINDOWS\System32\sxe.exe
O4 - HKCU\..\Run: [Windows Service Update] C:\WINDOWS\System32\mswsgs.exe
O4 - HKCU\..\Run: [Nex] C:\WINDOWS\System32\nex.exe
O4 - HKCU\..\Run: [Windows Security Centers] C:\WINDOWS\System32\wimnini.exe
O4 - HKCU\..\Run: [ICQ Agent] C:\WINDOWS\System32\icq6.exe
O4 - HKCU\..\Run: [Network Security] C:\WINDOWS\System32\NSecurity.exe
O4 - HKCU\..\Run: [Office Monitor] C:\WINDOWS\System32\alg32.exe
O4 - HKCU\..\Run: [Intec Service Drivers] C:\WINDOWS\System32\wing32.exe
O4 - HKCU\..\Run: [Microsoft Office] C:\WINDOWS\System32\mdm.exe
O4 - HKCU\..\Run: [Microsoft Windows Updata] yfyvp.exe
O4 - HKCU\..\Run: [Windows Service Agccnt] wupbuim.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: jkkjh - C:\WINDOWS\System32\jkkjh.dll (file missing)
O20 - Winlogon Notify: pmnnl - pmnnl.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Microsoft Malware Remover (MMRServ) - Unknown owner - C:\WINDOWS\system32\mmrserv.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Universal Plug and Play Manager (PnP Manager) - Unknown owner - C:\WINDOWS\System32\pnpmgr.exe (file missing)
O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINDOWS\shost.exe (file missing)
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE

bdoriano

Scarica avenger e scompattalo in una sua cartella non temporanea e non sul desktop

Apri il notepad, e copia/incolla questo codice

poiu · Eroe in grazia degli dei Registrato: 07/02/07 12:57 Messaggi: 81

ho fatto tutto ciò che hai detto ecco i log di avenger e hijackthis:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\jifaakqs

*******************

Script file located at: \??\C:\pjyintvg.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\hjkkj.bak1 deleted successfully.
File C:\WINDOWS\system32\hjkkj.bak2 deleted successfully.
File C:\WINDOWS\system32\hjkkj.ini2 deleted successfully.

File C:\WINDOWS\System32\iea.dll not found!
Deletion of file C:\WINDOWS\System32\iea.dll failed!

Could not process line:
C:\WINDOWS\System32\iea.dll
Status: 0xc0000034

File C:\WINDOWS\System32\acroup32.exe not found!
Deletion of file C:\WINDOWS\System32\acroup32.exe failed!

Could not process line:
C:\WINDOWS\System32\acroup32.exe
Status: 0xc0000034

File C:\WINDOWS\System32\wimnini.exe not found!
Deletion of file C:\WINDOWS\System32\wimnini.exe failed!

Could not process line:
C:\WINDOWS\System32\wimnini.exe
Status: 0xc0000034

File C:\WINDOWS\System32\icq6.exe not found!
Deletion of file C:\WINDOWS\System32\icq6.exe failed!

Could not process line:
C:\WINDOWS\System32\icq6.exe
Status: 0xc0000034

File C:\WINDOWS\System32\NSecurity.exe not found!
Deletion of file C:\WINDOWS\System32\NSecurity.exe failed!

Could not process line:
C:\WINDOWS\System32\NSecurity.exe
Status: 0xc0000034

File C:\WINDOWS\System32\alg32.exe not found!
Deletion of file C:\WINDOWS\System32\alg32.exe failed!

Could not process line:
C:\WINDOWS\System32\alg32.exe
Status: 0xc0000034

File C:\WINDOWS\System32\wing32.exe not found!
Deletion of file C:\WINDOWS\System32\wing32.exe failed!

Could not process line:
C:\WINDOWS\System32\wing32.exe
Status: 0xc0000034

File C:\WINDOWS\System32\mdm.exe not found!
Deletion of file C:\WINDOWS\System32\mdm.exe failed!

Could not process line:
C:\WINDOWS\System32\mdm.exe
Status: 0xc0000034

File C:\WINDOWS\System32\algose32.exe not found!
Deletion of file C:\WINDOWS\System32\algose32.exe failed!

Could not process line:
C:\WINDOWS\System32\algose32.exe
Status: 0xc0000034

File C:\WINDOWS\System32\u.exe not found!
Deletion of file C:\WINDOWS\System32\u.exe failed!

Could not process line:
C:\WINDOWS\System32\u.exe
Status: 0xc0000034

File C:\WINDOWS\System32\GoogleUpdater.exe not found!
Deletion of file C:\WINDOWS\System32\GoogleUpdater.exe failed!

Could not process line:
C:\WINDOWS\System32\GoogleUpdater.exe
Status: 0xc0000034

File C:\WINDOWS\System32\alggg.exe not found!
Deletion of file C:\WINDOWS\System32\alggg.exe failed!

Could not process line:
C:\WINDOWS\System32\alggg.exe
Status: 0xc0000034

File C:\WINDOWS\System32\sxe.exe not found!
Deletion of file C:\WINDOWS\System32\sxe.exe failed!

Could not process line:
C:\WINDOWS\System32\sxe.exe
Status: 0xc0000034

File C:\WINDOWS\System32\mswsgs.exe not found!
Deletion of file C:\WINDOWS\System32\mswsgs.exe failed!

Could not process line:
C:\WINDOWS\System32\mswsgs.exe
Status: 0xc0000034

File C:\WINDOWS\System32\nex.exe not found!
Deletion of file C:\WINDOWS\System32\nex.exe failed!

Could not process line:
C:\WINDOWS\System32\nex.exe
Status: 0xc0000034

File C:\WINDOWS\System32\nod.exe not found!
Deletion of file C:\WINDOWS\System32\nod.exe failed!

Could not process line:
C:\WINDOWS\System32\nod.exe
Status: 0xc0000034

File C:\WINDOWS\System32\u.exe not found!
Deletion of file C:\WINDOWS\System32\u.exe failed!

Could not process line:
C:\WINDOWS\System32\u.exe
Status: 0xc0000034

File C:\WINDOWS\System32\alggg.exe not found!
Deletion of file C:\WINDOWS\System32\alggg.exe failed!

Could not process line:
C:\WINDOWS\System32\alggg.exe
Status: 0xc0000034

File C:\WINDOWS\System32\icq6.exe not found!
Deletion of file C:\WINDOWS\System32\icq6.exe failed!

Could not process line:
C:\WINDOWS\System32\icq6.exe
Status: 0xc0000034

File C:\WINDOWS\system32\mmrserv.exe not found!
Deletion of file C:\WINDOWS\system32\mmrserv.exe failed!

Could not process line:
C:\WINDOWS\system32\mmrserv.exe
Status: 0xc0000034

File C:\WINDOWS\shost.exe not found!
Deletion of file C:\WINDOWS\shost.exe failed!

Could not process line:
C:\WINDOWS\shost.exe
Status: 0xc0000034

File C:\WINDOWS\System32\jkkjh.dll not found!
Deletion of file C:\WINDOWS\System32\jkkjh.dll failed!

Could not process line:
C:\WINDOWS\System32\jkkjh.dll
Status: 0xc0000034

File C:\WINDOWS\System32\pnpmgr.exe not found!
Deletion of file C:\WINDOWS\System32\pnpmgr.exe failed!

Could not process line:
C:\WINDOWS\System32\pnpmgr.exe
Status: 0xc0000034

File C:\WINDOWS\System32\messengerr.exe not found!
Deletion of file C:\WINDOWS\System32\messengerr.exe failed!

Could not process line:
C:\WINDOWS\System32\messengerr.exe
Status: 0xc0000034

File C:\WINDOWS\System32\yfyvp.exe not found!
Deletion of file C:\WINDOWS\System32\yfyvp.exe failed!

Could not process line:
C:\WINDOWS\System32\yfyvp.exe
Status: 0xc0000034

File C:\WINDOWS\System32\wupbuim.exe not found!
Deletion of file C:\WINDOWS\System32\wupbuim.exe failed!

Could not process line:
C:\WINDOWS\System32\wupbuim.exe
Status: 0xc0000034

File C:\WINDOWS\messengerr.exe not found!
Deletion of file C:\WINDOWS\messengerr.exe failed!

Could not process line:
C:\WINDOWS\messengerr.exe
Status: 0xc0000034

File C:\WINDOWS\yfyvp.exe not found!
Deletion of file C:\WINDOWS\yfyvp.exe failed!

Could not process line:
C:\WINDOWS\yfyvp.exe
Status: 0xc0000034

File C:\WINDOWS\wupbuim.exe not found!
Deletion of file C:\WINDOWS\wupbuim.exe failed!

Could not process line:
C:\WINDOWS\wupbuim.exe
Status: 0xc0000034

Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B08D32DE-64B2-4137-8345-87293E70D40B} deleted successfully.
Registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\notify\jkkjh deleted successfully.
Registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\notify\pmnnl deleted successfully.
Registry value HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run|Service deleted successfully.
Registry value HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run|Acrobat Read deleted successfully.
Registry value HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run|Offices Monitorse deleted successfully.
Registry value HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run|MSN MESSENGER 9.0 deleted successfully.
Registry value HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run|Office Monitor Word Exel R deleted successfully.
Registry value HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run|Office Monitors deleted successfully.
Registry value HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run|Service Update deleted successfully.
Registry value HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run|Windows Security Center Notification Appls deleted successfully.
Registry value HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run|Windows Service Update deleted successfully.
Registry value HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run|Network Security deleted successfully.
Registry value HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run|Nex deleted successfully.
Registry value HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run|Windows Security Centers deleted successfully.
Registry value HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run|ICQ Agent deleted successfully.
Registry value HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run|Microsoft Update deleted successfully.
Registry value HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run|Office Monitor deleted successfully.
Registry value HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run|Microsoft Office deleted successfully.
Registry value HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run|Microsoft Windows Updata deleted successfully.
Registry value HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run|Windows Service Agccnt deleted successfully.
Registry value HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|Service deleted successfully.
Registry value HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|MSN MESSENGER 9.0 deleted successfully.
Registry value HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|ActiveScript32 deleted successfully.
Registry value HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|Microsoft Windows Updata deleted successfully.
Registry value HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|Windows Service Agccnt deleted successfully.
Program C:\fix.reg successfully set up to run once on reboot.

Completed script processing.

*******************

Finished! Terminate.

-------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 13.21.40, on 27/01/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\Programmi\Symantec\WinFax\WFXMOD32.EXE
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Logitech\Video\LogiTray.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wfxsnt40.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Documents and Settings\serena\Desktop\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dbsarticles.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: XBTB04715 - {A8B0BDED-64A5-495b-97DA-42C0301E229B} - C:\PROGRA~1\TOOLBA~1\TOOLBA~1.DLL (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmi\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmi\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programmi\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Microsoft Malware Remover (MMRServ) - Unknown owner - C:\WINDOWS\system32\mmrserv.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Universal Plug and Play Manager (PnP Manager) - Unknown owner - C:\WINDOWS\System32\pnpmgr.exe (file missing)
O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINDOWS\shost.exe (file missing)
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE

poiu · Eroe in grazia degli dei Registrato: 07/02/07 12:57 Messaggi: 81

ps: grazie Wink

bdoriano

Avvia il pc in modalità provvisoria
esegui hijackthis
clicca su do a system scan only
metti il segno di spunta a queste voci:

poiu · Eroe in grazia degli dei Registrato: 07/02/07 12:57 Messaggi: 81

sto facendo scansione con Kaspersky..di questo passo per la prossima settimana riuscirò a postare il log Smile

(14 minuti e sono allo 0%...è normale?) il portatile sembra tanto tanto rallentato qualsiasi cosa provi a fare si blocca o è lentissimo

poiu · Eroe in grazia degli dei Registrato: 07/02/07 12:57 Messaggi: 81

questo era l'ultimo log:

Logfile of HijackThis v1.99.1
Scan saved at 14.08.25, on 27/01/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\Programmi\Symantec\WinFax\WFXMOD32.EXE
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Logitech\Video\LogiTray.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\System32\wfxsnt40.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Documents and Settings\serena\Desktop\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dbsarticles.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: XBTB04715 - {A8B0BDED-64A5-495b-97DA-42C0301E229B} - C:\PROGRA~1\TOOLBA~1\TOOLBA~1.DLL (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmi\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmi\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programmi\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Microsoft Malware Remover (MMRServ) - Unknown owner - C:\WINDOWS\system32\mmrserv.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Universal Plug and Play Manager (PnP Manager) - Unknown owner - C:\WINDOWS\System32\pnpmgr.exe (file missing)
O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINDOWS\shost.exe (file missing)
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE

poiu · Eroe in grazia degli dei Registrato: 07/02/07 12:57 Messaggi: 81

ho riavviato e ora la scansione sembra procedere in modo più "umano" : 8) (diciamolo piano va...)

poiu · Eroe in grazia degli dei Registrato: 07/02/07 12:57 Messaggi: 81

ecco il link: link

poiu · Eroe in grazia degli dei Registrato: 07/02/07 12:57 Messaggi: 81

dopo un po che sono connessa esce questa finestra link

e a volte fa anche un "conto alla rovescia" riferito a lsass.dat mi sembra se riesco a beccare la finestra ve la posto...

poiu · Eroe in grazia degli dei Registrato: 07/02/07 12:57 Messaggi: 81

non mi abbandonate please Glub

bdoriano

Scarica Norman Malware Cleaner.
Disabilita il ripristino di sistema e avvia il pc in modalità provvisoria.
Avvia Norman Malware Cleaner.
Viene generato un log sul desktop chiamandolo NFix_2008-01-gg_hh-mm-ss.log, alla fine della scansione postalo qui.

Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:

poiu · Eroe in grazia degli dei Registrato: 07/02/07 12:57 Messaggi: 81

guarda avevo gia fatto qualcosa del genere...
ora il mio stato attuale è questo:

Logfile of HijackThis v1.99.1
Scan saved at 14.55.51, on 29/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\a-squared Free\a2service.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\Programmi\Symantec\WinFax\WFXMOD32.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programmi\Logitech\Video\LogiTray.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\WINDOWS\system32\mdm.exe
C:\Programmi\PrevxCSI\prevxcsi.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Documents and Settings\serena\Desktop\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dbsarticles.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmi\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmi\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programmi\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [Windows Networking Monitoring] C:\WINDOWS\system32\mdm.exe
O4 - HKLM\..\Run: [PrevxCSI] "C:\Programmi\PrevxCSI\prevxcsi.exe" -boot
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Windows Networking Monitoring] C:\WINDOWS\system32\mdm.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201517540296
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201517525109
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE