Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
virus adware.virtumonde
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
f.denart
Mortale pio
Mortale pio


Registrato: 07/02/08 20:26
Messaggi: 19
MessaggioInviato: 07 Feb 2008 21:04    Oggetto: virus adware.virtumonde Rispondi citando
salve a tutti, ho un pc con sistema operativo Windows XP home edition. Un attimo fa si è aperta una finestra di allarme di NOD32 che dice che il seguente file C.\Windows\system32\itggynpg.dll è infetto da Win32/Adware.Virtumonde
Cerco di chiudere la finestra di allarme ed eliminare il file ma riappare continuamente, anche riavviando il pc.

Cosa devo fare?

GRAZIE
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 07 Feb 2008 21:11    Oggetto: Rispondi citando
Ciao f.denart, Ciao

  • Scarica VundoFix e VirtumundoBegone e salvali sul desktop.
  • Avvia VundoFix
    Seleziona Scan for Vundo e a scansione terminata scegli Remove Vundo.
    Clicca Yes e alla richiesta di riavviare il Pc rispondi Ok.
    Al riavvio dovrebbe comparire il blocco-note con dentro il log, copia e posta sul forum il contenuto.
  • Ora avvia in modalità provvisoria
    Avvia VirtumundoBeGone e segui le indicazioni a video.
    riavvia il Pc in modalità normale e posta il log.
  • Segui le istruzioni di questo topic per postare il log di combofix.
  • Fai anche un nuovo log di HijackThis e mettilo qui.

PS: se vuoi, puoi presentarti qui
Top
Profilo Invia messaggio privato
f.denart
Mortale pio
Mortale pio


Registrato: 07/02/08 20:26
Messaggi: 19
MessaggioInviato: 07 Feb 2008 21:30    Oggetto: Rispondi citando
ho avviato VundoFix ma al riavvio compare il blocco note VBG ma è vuoto.
Cmq adesso avvio l'altro

Grazie
Top
Profilo Invia messaggio privato
f.denart
Mortale pio
Mortale pio


Registrato: 07/02/08 20:26
Messaggi: 19
MessaggioInviato: 07 Feb 2008 21:36    Oggetto: Rispondi citando
[02/07/2008, 20:33:18] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\FEDERICO\Desktop\VirtumundoBeGone.exe" )
[02/07/2008, 20:33:26] - Detected System Information:
[02/07/2008, 20:33:26] - Windows Version: 5.1.2600, Service Pack 2
[02/07/2008, 20:33:26] - Current Username: FEDERICO (Admin)
[02/07/2008, 20:33:26] - Windows is in SAFE mode with Networking.
[02/07/2008, 20:33:26] - Searching for Browser Helper Objects:
[02/07/2008, 20:33:26] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Supporto di collegamento per Adobe PDF Reader)
[02/07/2008, 20:33:26] - BHO 2: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
[02/07/2008, 20:33:26] - BHO 3: {5E85C971-F9E7-4F4D-A059-14FA00220C7A} ()
[02/07/2008, 20:33:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/07/2008, 20:33:26] - Checking for HKLM\...\Winlogon\Notify\byxwtrs
[02/07/2008, 20:33:26] - Found: HKLM\...\Winlogon\Notify\byxwtrs - This is probably Virtumundo.
[02/07/2008, 20:33:26] - Assigning {5E85C971-F9E7-4F4D-A059-14FA00220C7A} MSEvents Object
[02/07/2008, 20:33:26] - BHO list has been changed! Starting over...
[02/07/2008, 20:33:26] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Supporto di collegamento per Adobe PDF Reader)
[02/07/2008, 20:33:26] - BHO 2: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
[02/07/2008, 20:33:26] - BHO 3: {5E85C971-F9E7-4F4D-A059-14FA00220C7A} (MSEvents Object)
[02/07/2008, 20:33:26] - ALERT: Found MSEvents Object!
[02/07/2008, 20:33:26] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/07/2008, 20:33:26] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[02/07/2008, 20:33:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/07/2008, 20:33:26] - No filename found. Continuing.
[02/07/2008, 20:33:26] - BHO 6: {838B6A16-8E22-4EFA-82FA-9ED139C3F2C0} ()
[02/07/2008, 20:33:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/07/2008, 20:33:26] - Checking for HKLM\...\Winlogon\Notify\jkklk
[02/07/2008, 20:33:26] - Key not found: HKLM\...\Winlogon\Notify\jkklk, continuing.
[02/07/2008, 20:33:26] - BHO 7: {880c501f-3393-4ddd-b6c9-4667e55afb28} ()
[02/07/2008, 20:33:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/07/2008, 20:33:26] - Checking for HKLM\...\Winlogon\Notify\itggynpg
[02/07/2008, 20:33:26] - Key not found: HKLM\...\Winlogon\Notify\itggynpg, continuing.
[02/07/2008, 20:33:27] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[02/07/2008, 20:33:27] - BHO 9: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[02/07/2008, 20:33:27] - Finished Searching Browser Helper Objects
[02/07/2008, 20:33:27] - *** Detected MSEvents Object
[02/07/2008, 20:33:27] - Trying to remove MSEvents Object...
[02/07/2008, 20:33:28] - Terminating Process: IEXPLORE.EXE
[02/07/2008, 20:33:28] - Terminating Process: RUNDLL32.EXE
[02/07/2008, 20:33:28] - Disabling Automatic Shell Restart
[02/07/2008, 20:33:28] - Terminating Process: EXPLORER.EXE
[02/07/2008, 20:33:28] - Suspending the NT Session Manager System Service
[02/07/2008, 20:33:28] - Terminating Windows NT Logon/Logoff Manager
[02/07/2008, 20:33:28] - Re-enabling Automatic Shell Restart
[02/07/2008, 20:33:28] - File to disable: C:\WINDOWS\system32\byxwtrs.dll
[02/07/2008, 20:33:28] - Renaming C:\WINDOWS\system32\byxwtrs.dll -> C:\WINDOWS\system32\byxwtrs.dll.vir
[02/07/2008, 20:33:28] - File successfully renamed!
[02/07/2008, 20:33:28] - Removing HKLM\...\Browser Helper Objects\{5E85C971-F9E7-4F4D-A059-14FA00220C7A}
[02/07/2008, 20:33:28] - Removing HKCR\CLSID\{5E85C971-F9E7-4F4D-A059-14FA00220C7A}
[02/07/2008, 20:33:28] - Adding Kill Bit for ActiveX for GUID: {5E85C971-F9E7-4F4D-A059-14FA00220C7A}
[02/07/2008, 20:33:28] - Deleting ATLEvents/MSEvents Registry entries
[02/07/2008, 20:33:28] - Removing HKLM\...\Winlogon\Notify\byxwtrs
[02/07/2008, 20:33:28] - Searching for Browser Helper Objects:
[02/07/2008, 20:33:28] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Supporto di collegamento per Adobe PDF Reader)
[02/07/2008, 20:33:29] - BHO 2: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
[02/07/2008, 20:33:29] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/07/2008, 20:33:29] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[02/07/2008, 20:33:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/07/2008, 20:33:29] - No filename found. Continuing.
[02/07/2008, 20:33:29] - BHO 5: {838B6A16-8E22-4EFA-82FA-9ED139C3F2C0} ()
[02/07/2008, 20:33:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/07/2008, 20:33:29] - Checking for HKLM\...\Winlogon\Notify\jkklk
[02/07/2008, 20:33:29] - Key not found: HKLM\...\Winlogon\Notify\jkklk, continuing.
[02/07/2008, 20:33:29] - BHO 6: {880c501f-3393-4ddd-b6c9-4667e55afb28} ()
[02/07/2008, 20:33:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/07/2008, 20:33:29] - Checking for HKLM\...\Winlogon\Notify\itggynpg
[02/07/2008, 20:33:29] - Key not found: HKLM\...\Winlogon\Notify\itggynpg, continuing.
[02/07/2008, 20:33:29] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[02/07/2008, 20:33:29] - BHO 8: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[02/07/2008, 20:33:29] - Finished Searching Browser Helper Objects
[02/07/2008, 20:33:29] - Finishing up...
[02/07/2008, 20:33:29] - A restart is needed.
[02/07/2008, 20:33:48] - Attempting to Restart via STOP error (Blue Screen!)
Top
Profilo Invia messaggio privato
f.denart
Mortale pio
Mortale pio


Registrato: 07/02/08 20:26
Messaggi: 19
MessaggioInviato: 07 Feb 2008 21:49    Oggetto: log di combofix Rispondi citando
ComboFix 08-02.05.3 - FEDERICO 2008-02-07 20.41.06.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.642 [GMT 1:00]
Eseguito da: C:\Documents and Settings\FEDERICO\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\crscxxjv.ini
C:\WINDOWS\system32\fnjgvkpq.dll
C:\WINDOWS\system32\fqylvwqx.dll
C:\WINDOWS\system32\lkwdvemw.ini
C:\WINDOWS\system32\tqoctqdh.ini
D:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://www.download.windowsupdate.com
.
((((((((((((((((((((((((( Files Creati Da 2008-01-07 al 2008-02-07 )))))))))))))))))))))))))))))))))))
.

2008-02-07 20:43 . 2008-02-07 20:43 268 --ah----- C:\sqmdata11.sqm
2008-02-07 20:43 . 2008-02-07 20:43 244 --ah----- C:\sqmnoopt11.sqm
2008-02-07 20:31 . 2008-02-07 20:31 268 --ah----- C:\sqmdata10.sqm
2008-02-07 20:31 . 2008-02-07 20:31 244 --ah----- C:\sqmnoopt10.sqm
2008-02-07 20:22 . 2008-02-07 20:22 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-02-07 20:15 . 2008-02-07 20:15 <DIR> d-------- C:\VundoFix Backups
2008-02-07 19:55 . 2008-02-07 19:55 36,864 --a------ C:\WINDOWS\system32\byxwtrs.V00dll
2008-02-07 19:27 . 2008-02-07 19:27 268 --ah----- C:\sqmdata09.sqm
2008-02-07 19:27 . 2008-02-07 19:27 244 --ah----- C:\sqmnoopt09.sqm
2008-02-07 19:13 . 2008-02-07 19:13 36,864 --a------ C:\WINDOWS\system32\byxwtrs.Vdll
2008-02-07 19:13 . 2008-02-07 19:13 268 --ah----- C:\sqmdata08.sqm
2008-02-07 19:13 . 2008-02-07 19:13 244 --ah----- C:\sqmnoopt08.sqm
2008-02-07 01:31 . 2008-02-07 01:31 268 --ah----- C:\sqmdata07.sqm
2008-02-07 01:31 . 2008-02-07 01:31 244 --ah----- C:\sqmnoopt07.sqm
2008-02-06 23:25 . 2008-02-06 23:26 92,224 --a------ C:\WINDOWS\system32\itggynpg.dll
2008-02-06 18:23 . 2008-02-06 18:23 268 --ah----- C:\sqmdata06.sqm
2008-02-06 18:23 . 2008-02-06 18:23 244 --ah----- C:\sqmnoopt06.sqm
2008-02-06 00:16 . 2008-02-06 00:16 268 --ah----- C:\sqmdata05.sqm
2008-02-06 00:16 . 2008-02-06 00:16 244 --ah----- C:\sqmnoopt05.sqm
2008-02-06 00:00 . 2008-02-06 00:00 268 --ah----- C:\sqmdata04.sqm
2008-02-06 00:00 . 2008-02-06 00:00 244 --ah----- C:\sqmnoopt04.sqm
2008-02-05 01:05 . 2008-02-05 01:05 268 --ah----- C:\sqmdata03.sqm
2008-02-05 01:05 . 2008-02-05 01:05 244 --ah----- C:\sqmnoopt03.sqm
2008-02-03 23:32 . 2008-02-03 23:32 268 --ah----- C:\sqmdata02.sqm
2008-02-03 23:32 . 2008-02-03 23:32 244 --ah----- C:\sqmnoopt02.sqm
2008-02-03 16:10 . 2008-02-03 16:10 268 --ah----- C:\sqmdata01.sqm
2008-02-03 16:10 . 2008-02-03 16:10 244 --ah----- C:\sqmnoopt01.sqm
2008-02-03 04:28 . 2008-02-03 04:28 268 --ah----- C:\sqmdata00.sqm
2008-02-03 04:28 . 2008-02-03 04:28 244 --ah----- C:\sqmnoopt00.sqm
2008-02-03 00:16 . 2004-08-19 15:39 91,136 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-01-30 21:09 . 2008-01-30 21:09 <DIR> d-------- C:\Programmi\Nero
2008-01-30 21:09 . 2008-01-30 21:12 <DIR> d-------- C:\Programmi\File comuni\Nero
2008-01-30 21:07 . 2008-01-30 21:07 36,864 --a------ C:\WINDOWS\system32\efcdeef.dll
2008-01-30 21:07 . 2008-01-30 21:07 36,352 --a------ C:\WINDOWS\system32\cbxyxvu.dll
2008-01-30 21:04 . 2008-01-30 21:04 36,352 --a------ C:\WINDOWS\system32\xxyayxx.dll
2008-01-30 21:00 . 2008-01-30 21:01 36,864 --a------ C:\WINDOWS\system32\byxwtrs.dll.vir
2008-01-30 13:57 . 2008-01-30 14:38 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-01-29 21:52 . 2008-02-03 13:53 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-01-29 21:52 . 2008-02-02 09:44 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-01-29 21:52 . 2008-02-03 13:53 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-29 21:50 . 2008-01-29 21:50 <DIR> dr-h----- C:\Documents and Settings\FEDERICO\Dati applicazioni\SecuROM
2008-01-29 21:50 . 2008-01-29 21:50 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-01-29 21:25 . 2008-01-29 21:25 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-29 21:08 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-01-29 21:08 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-01-29 21:08 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2008-01-29 21:08 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-01-29 21:08 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2008-01-29 21:08 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-01-29 21:08 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2008-01-29 21:08 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-01-29 21:08 . 2007-06-20 20:45 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2008-01-29 21:07 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-01-29 21:07 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2008-01-29 21:07 . 2007-03-05 12:42 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2008-01-28 18:29 . 2008-01-28 18:29 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-01-25 20:34 . 2008-01-25 20:34 <DIR> d-------- C:\Programmi\Creative
2008-01-25 20:34 . 2002-06-06 14:38 139,264 --a------ C:\WINDOWS\system32\eax.dll
2008-01-25 20:23 . 2003-04-09 10:39 233,472 -ra------ C:\WINDOWS\system32\MafiaSetup.exe
2008-01-25 20:20 . 2008-01-25 20:21 <DIR> d-------- C:\Documents and Settings\FEDERICO\Dati applicazioni\DAEMON Tools Pro
2008-01-25 20:16 . 2008-01-25 20:21 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\DAEMON Tools Pro
2008-01-25 14:11 . 2008-01-25 14:11 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-01-21 11:30 . 2008-01-21 11:30 <DIR> d-------- C:\WINDOWS\Cache
2008-01-21 11:30 . 2008-01-21 11:30 7,319 --a------ C:\WINDOWS\SETUP.LST
2008-01-21 11:30 . 2008-01-21 11:30 327 --a------ C:\WINDOWS\ST6UNST.002
2008-01-21 11:30 . 2008-01-21 11:30 327 --a------ C:\WINDOWS\ST6UNST.001
2008-01-21 11:30 . 2008-01-21 11:30 327 --a------ C:\WINDOWS\ST6UNST.000
2008-01-19 15:36 . 2008-01-19 15:36 <DIR> d-------- C:\Programmi\Microsoft SQL Server Compact Edition
2008-01-19 15:36 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-01-19 15:28 . 2008-01-19 15:28 <DIR> d-------- C:\Documents and Settings\FEDERICO\Contacts
2008-01-19 15:05 . 2008-01-19 15:27 <DIR> d--hsc--- C:\Programmi\File comuni\WindowsLiveInstaller
2008-01-19 15:04 . 2008-02-02 11:04 <DIR> d-------- C:\Programmi\Windows Live
2008-01-19 15:04 . 2008-01-19 15:04 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-01-15 18:44 . 2008-01-15 18:44 196 --a------ C:\WINDOWS\Spaix2PC.INI
2008-01-15 18:44 . 2008-01-15 18:44 174 --a------ C:\WINDOWS\Wilo30.INI
2008-01-15 18:43 . 2004-11-18 16:02 3,392,512 --a------ C:\WINDOWS\system32\vsImport.exe
2008-01-15 18:43 . 2000-02-03 06:01 2,023,424 --a------ C:\WINDOWS\system32\vcl50.bpl
2008-01-15 18:43 . 2003-03-12 16:18 452,608 --a------ C:\WINDOWS\system32\WiloRemoteSrv.exe
2008-01-15 18:43 . 2003-09-01 15:19 383,488 --a------ C:\WINDOWS\system32\SpaixLocalSrv.dll
2008-01-15 18:43 . 2000-02-03 06:01 265,216 --a------ C:\WINDOWS\system32\midas.dll
2008-01-15 18:43 . 2001-11-09 11:52 157,696 --a------ C:\WINDOWS\system32\vsRt32v3.dll
2008-01-15 18:43 . 2000-02-03 06:01 36,864 --a------ C:\WINDOWS\system32\VCL50.DE
2008-01-15 18:43 . 2000-02-03 06:01 20,480 --a------ C:\WINDOWS\system32\STDVCL40.DE
2008-01-15 18:43 . 1998-07-10 06:00 3,324 --a------ C:\WINDOWS\system32\stdvcl40.tlb
2008-01-15 18:38 . 2008-01-15 18:38 <DIR> d-------- C:\WINDOWS\_ISTMP1.DIR
2008-01-15 18:38 . 2008-01-15 18:38 <DIR> d-------- C:\Programmi\File comuni\VSX
2008-01-15 18:38 . 2008-01-15 18:44 782,289 --a------ C:\WINDOWS\UninstWilo3.isu
2008-01-15 18:38 . 2008-01-15 18:44 125 --a------ C:\WINDOWS\VsProg.INI
2008-01-15 18:38 . 2008-01-15 18:44 44 --a------ C:\WINDOWS\VsxSetup.INI
2008-01-15 17:10 . 2008-01-15 18:44 <DIR> d-------- C:\Documents and Settings\FEDERICO\Dati applicazioni\VSX
2008-01-15 17:10 . 2005-02-17 14:12 6,656,000 --a------ C:\WINDOWS\system32\ddVue.ocx
2008-01-15 17:10 . 2004-04-30 14:29 4,632,064 --a------ C:\WINDOWS\system32\vsPCv1.dll
2008-01-15 17:10 . 2003-07-18 19:37 621,568 --a------ C:\WINDOWS\system32\vsDataset.dll
2008-01-15 17:10 . 2000-02-03 06:01 453,632 --a------ C:\WINDOWS\system32\stdvcl40.dll
2008-01-15 17:10 . 2004-03-12 19:18 273,408 --a------ C:\WINDOWS\system32\vsRt32v4.dll
2008-01-15 17:10 . 2006-05-15 15:25 268,048 --a------ C:\WINDOWS\system32\dxtmeta2.dll
2008-01-15 17:10 . 2005-01-21 12:49 232,960 --a------ C:\WINDOWS\system32\WiloLocalSrv.dll
2008-01-12 16:30 . 2008-02-01 15:03 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Polysun4Demo
2008-01-10 18:21 . 2008-02-07 19:14 <DIR> d-------- C:\Documents and Settings\FEDERICO\Dati applicazioni\BitTorrent
2008-01-09 17:57 . 2008-01-09 17:57 1,142 --a------ C:\WINDOWS\mozver.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 14:55 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\DesignBuilder
2008-02-07 18:04 --------- d-----w C:\Documents and Settings\FEDERICO\Dati applicazioni\Skype
2008-02-02 23:16 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-01-14 20:23 --------- d-----w C:\Documents and Settings\FEDERICO\Dati applicazioni\Winamp
2008-01-11 10:30 --------- d-----w C:\Documents and Settings\FEDERICO\Dati applicazioni\BSplayer PRO
2008-01-09 11:25 --------- d-----w C:\Programmi\File comuni\Sonic Shared
2008-01-09 11:25 --------- d-----w C:\Programmi\File comuni\InstallShield
2008-01-09 11:24 --------- d-----w C:\Programmi\Sonic
2008-01-09 10:35 --------- d-----w C:\Programmi\Microsoft Works
2008-01-07 19:47 --------- d-----w C:\Programmi\Google
2008-01-07 08:57 --------- d-----w C:\Programmi\File comuni\Symantec Shared
2008-01-07 08:57 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Symantec
2008-01-04 21:05 --------- d-----w C:\Programmi\Skype
2008-01-04 21:05 --------- d-----w C:\Programmi\File comuni\Skype
2008-01-04 21:05 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Skype
2008-01-04 20:15 --------- d-----w C:\Programmi\Synaptics
2008-01-04 20:14 --------- d-----w C:\Programmi\Servizi in linea
2008-01-04 20:13 --------- d-----w C:\Programmi\microsoft frontpage
2008-01-04 20:13 --------- d-----w C:\Programmi\Java
2008-01-04 20:13 --------- d-----w C:\Programmi\Intel
2008-01-04 20:13 --------- d-----w C:\Programmi\HP
2008-01-04 20:12 --------- d-----w C:\Programmi\Hewlett-Packard
2008-01-04 20:11 --------- d-----w C:\Programmi\File comuni\SpeechEngines
2008-01-04 20:11 --------- d-----w C:\Programmi\File comuni\ODBC
2008-01-04 20:11 --------- d-----w C:\Programmi\File comuni\MSSoap
2008-01-04 20:11 --------- d-----w C:\Programmi\File comuni\LightScribe
2008-01-04 20:11 --------- d-----w C:\Programmi\File comuni\Java
2008-01-04 20:11 --------- d-----w C:\Programmi\File comuni\HP
2008-01-04 20:11 --------- d-----w C:\Programmi\CONEXANT
2008-01-04 20:08 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Sonic
2008-01-04 20:08 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\SBSI
2008-01-04 20:08 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\InstallShield
2008-01-04 20:08 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\HP
2008-01-04 20:08 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\CyberLink
2008-01-04 12:12 1,749 ----a-w C:\WINDOWS\system32\drivers\103C_HP_NTBK_HP Pavilion dv5000 (EW789EA#ABZ)_YN_0Pavi_QCND621013Z_E398803063_46_I30A7_SHP_V56.25_BF.0A_T060413_WXH2_L410_M1023_J100_7Intel_8T2400_91.83_#080104_N80861092_(EW789EA#ABZ)_XMOBILE_CN10_Z_2F.0A.MRK
2008-01-04 11:46 --------- d-----w C:\Programmi\HPQ
2007-12-13 18:09 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-12-04 08:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2005-09-23 22:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{838B6A16-8E22-4EFA-82FA-9ED139C3F2C0}]
C:\WINDOWS\system32\jkklk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{880c501f-3393-4ddd-b6c9-4667e55afb28}]
2008-02-06 23:26 92224 --a------ C:\WINDOWS\system32\itggynpg.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-15 21:24 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 09:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-12-13 19:10 103720]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"AlcoholAutomount"="C:\Programmi 2\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 08:23 221568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-15 12:42 7331840]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-15 12:42 86016]
"nwiz"="nwiz.exe" [2005-12-15 12:42 1519616 C:\WINDOWS\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-02-16 14:16 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03 36975]
"HP Software Update"="C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-11-11 09:04 761945]
"hpWirelessAssistant"="C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 15:45 507904]
"QPService"="C:\Programmi\HP\QuickPlay\QPService.exe" [2005-12-12 10:39 94208]
"eabconfg.cpl"="C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 07:57 405504]
"Cpqset"="C:\Programmi\HPQ\Default Settings\cpqset.exe" [2005-06-29 12:48 233534]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 09:23 1187840]
"NBKeyScan"="C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2008-01-09 16:22 949376]
"WinampAgent"="C:\Programmi 2\Winamp\winampa.exe" [2007-10-10 06:28 36352]
"Adobe Reader Speed Launcher"="C:\Programmi 2\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"NeroFilterCheck"="C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"c877808c"="C:\WINDOWS\system32\vjxxcsrc.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 09:00 15360]

S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-07 20:45:05
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Programmi\HPQ\Default Settings\cpqset.exe???????????????????|?????? ???B?????????????hLC????????

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Programmi\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
.
**************************************************************************
.
Ora fine scansione: 2008-02-07 20:46:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-07 19:46:38
Top
Profilo Invia messaggio privato
f.denart
Mortale pio
Mortale pio


Registrato: 07/02/08 20:26
Messaggi: 19
MessaggioInviato: 07 Feb 2008 21:52    Oggetto: log di HijackThis Rispondi citando
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20.51.22, on 07/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmi\HP\QuickPlay\QPService.exe
C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi 2\Winamp\winampa.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Documents and Settings\FEDERICO\Desktop\virus\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://msg.edit.yahoo.com/config/reset_cookies?&.y=Y%3dv%3d1%26n%3daislrs2k0862k%26l%3di8ced0_3h02ki7eh/o%26p%3df2lvvro1133o0500%26jb%3d24%7c69%7c%26iz%3d700120%26r%3dc7%26lg%3den-US%26intl%3dus%26np%3d1%3b%20path%3d/%3b%20domain%3d.yahoo.com&.t=T%3dz%3dTCfgHBTI0gHB9.UWZ6iLtKoMjYxBjU2MDUwNjY2TzY-%26a%3dQAE%26sk%3dDAAIKo3Wlup1rx%26ks%3dEAAb5uA0iYPX_1wZfCCOtBSwg--~A%26d%3dc2wBTlRFMkFUSXhOekkzTVRFeE9ERS0BYQFRQUUBenoBVENmZ0hCZ1dBAXRpcAFYQ2pQMkI-%3b%20path%3d/%3b%20domain%3d.yahoo.com&.ver=2&.done=http://it.rd.yahoo.com/messenger/client/%3fhttp://it.mail.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {838B6A16-8E22-4EFA-82FA-9ED139C3F2C0} - C:\WINDOWS\system32\jkklk.dll (file missing)
O2 - BHO: {82bfa55e-7664-9c6b-ddd4-3933f105c088} - {880c501f-3393-4ddd-b6c9-4667e55afb28} - C:\WINDOWS\system32\itggynpg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QPService] "C:\Programmi\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WinampAgent] "C:\Programmi 2\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi 2\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [c877808c] rundll32.exe "C:\WINDOWS\system32\vjxxcsrc.dll",b
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmi 2\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio rapido HP Photosmart Premier.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C779E52-035E-4D2C-8841-8436B3336C75}: NameServer = 192.168.0.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 9101 bytes
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 07 Feb 2008 21:58    Oggetto: Rispondi citando
Scarica avenger e scompattalo in una sua cartella non temporanea e non sul desktop

Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:
Citazione:
files to delete:
C:\WINDOWS\system32\byxwtrs.V00dll
C:\WINDOWS\system32\byxwtrs.Vdll
C:\WINDOWS\system32\itggynpg.dll
C:\WINDOWS\system32\efcdeef.dll
C:\WINDOWS\system32\cbxyxvu.dll
C:\WINDOWS\system32\xxyayxx.dll
C:\WINDOWS\system32\byxwtrs.dll.vir
C:\WINDOWS\system32\jkklk.dll
C:\WINDOWS\system32\vjxxcsrc.dll

registry values to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | c877808c

registry keys to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{838B6A16-8E22-4EFA-82FA-9ED139C3F2C0}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{880c501f-3393-4ddd-b6c9-4667e55afb28}

Clicca su Done
Clicca sul semaforo
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato di Avenger con un log aggiornato di hijackthis.

Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato.
Top
Profilo Invia messaggio privato
f.denart
Mortale pio
Mortale pio


Registrato: 07/02/08 20:26
Messaggi: 19
MessaggioInviato: 08 Feb 2008 10:54    Oggetto: Rispondi citando
Buongiorno bdoriano.
Ho lanciato Avenger e dopo aver riavviato il pc compare un file di blocco note Avenger completamente bianco.
C'è un'altra cosa: ad ogni avvio del pc compare sempre il seguente messaggio di errore RUNDLL "Errore durante il caricamento di C:\WINDOWS\system32\vjxxcsrc.dll
Top
Profilo Invia messaggio privato
f.denart
Mortale pio
Mortale pio


Registrato: 07/02/08 20:26
Messaggi: 19
MessaggioInviato: 08 Feb 2008 10:55    Oggetto: Rispondi citando
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9.54.48, on 08/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmi\HP\QuickPlay\QPService.exe
C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi 2\Winamp\winampa.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\FEDERICO\Desktop\virus\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://msg.edit.yahoo.com/config/reset_cookies?&.y=Y%3dv%3d1%26n%3daislrs2k0862k%26l%3di8ced0_3h02ki7eh/o%26p%3df2lvvro1133o0500%26jb%3d24%7c69%7c%26iz%3d700120%26r%3dc7%26lg%3den-US%26intl%3dus%26np%3d1%3b%20path%3d/%3b%20domain%3d.yahoo.com&.t=T%3dz%3dTCfgHBTI0gHB9.UWZ6iLtKoMjYxBjU2MDUwNjY2TzY-%26a%3dQAE%26sk%3dDAAIKo3Wlup1rx%26ks%3dEAAb5uA0iYPX_1wZfCCOtBSwg--~A%26d%3dc2wBTlRFMkFUSXhOekkzTVRFeE9ERS0BYQFRQUUBenoBVENmZ0hCZ1dBAXRpcAFYQ2pQMkI-%3b%20path%3d/%3b%20domain%3d.yahoo.com&.ver=2&.done=http://it.rd.yahoo.com/messenger/client/%3fhttp://it.mail.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {838B6A16-8E22-4EFA-82FA-9ED139C3F2C0} - C:\WINDOWS\system32\jkklk.dll (file missing)
O2 - BHO: {82bfa55e-7664-9c6b-ddd4-3933f105c088} - {880c501f-3393-4ddd-b6c9-4667e55afb28} - C:\WINDOWS\system32\itggynpg.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QPService] "C:\Programmi\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WinampAgent] "C:\Programmi 2\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi 2\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [c877808c] rundll32.exe "C:\WINDOWS\system32\vjxxcsrc.dll",b
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmi 2\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio rapido HP Photosmart Premier.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C779E52-035E-4D2C-8841-8436B3336C75}: NameServer = 192.168.0.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 9190 bytes
Top
Profilo Invia messaggio privato
f.denart
Mortale pio
Mortale pio


Registrato: 07/02/08 20:26
Messaggi: 19
MessaggioInviato: 08 Feb 2008 14:23    Oggetto: Rispondi citando
freefilehosting mi assegna il seguente link

http://www.freefilehosting.net/download/3bjd5

grazie
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 08 Feb 2008 20:47    Oggetto: Rispondi citando
C'è ancora qualche rimasuglio... Think

Disabilita il ripristino di sistema

Poi, fai queste scansioni con GMER (sono 2: autostart e rootkit) e posta i logs su FreeFileHosting come indicato qui.
Top
Profilo Invia messaggio privato
f.denart
Mortale pio
Mortale pio


Registrato: 07/02/08 20:26
Messaggi: 19
MessaggioInviato: 11 Feb 2008 11:36    Oggetto: errore caricamento file dll Rispondi citando
Buonguiorno a tutti,
da quando ho rimosso alcuni files infetti dal mio pc(windows XP HOME, SP2), ad ogni avvio compare sempre il seguente messaggio di errore RUNDLL "Errore durante il caricamento di C:\WINDOWS\system32\vjxxcsrc.dll

E' un errore grave o posso ignorarlo?

Aiutatemi

Grazie
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 11 Feb 2008 13:51    Oggetto: Rispondi citando
Forse ti era sfuggito il mio ultimo messaggio:
bdoriano ha scritto:
C'è ancora qualche rimasuglio... Think

Disabilita il ripristino di sistema

Poi, fai queste scansioni con GMER (sono 2: autostart e rootkit) e posta i logs su FreeFileHosting come indicato qui.


Per cortesia, non aprire nuovi thread, continuiamo con questo, ok? Wink
Top
Profilo Invia messaggio privato
f.denart
Mortale pio
Mortale pio


Registrato: 07/02/08 20:26
Messaggi: 19
MessaggioInviato: 11 Feb 2008 14:43    Oggetto: Rispondi citando
salve bdoriano,
mi scuso ma nn mi ero accorto della risposta.

Dunque riporto quanto ottenuto da freefile hosting:

Dalla scansione con GMER autostart:

http://www.freefilehosting.net/download/3bmim
Top
Profilo Invia messaggio privato
f.denart
Mortale pio
Mortale pio


Registrato: 07/02/08 20:26
Messaggi: 19
MessaggioInviato: 11 Feb 2008 14:44    Oggetto: Rispondi citando
adesso arriva anche il secondo
Top
Profilo Invia messaggio privato
f.denart
Mortale pio
Mortale pio


Registrato: 07/02/08 20:26
Messaggi: 19
MessaggioInviato: 11 Feb 2008 14:48    Oggetto: Rispondi citando
ed ecco lo scan con GMER rootkit:

http://www.freefilehosting.net/download/3bmjc
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 11 Feb 2008 14:57    Oggetto: Rispondi citando
Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:
Citazione:
Files to delete:
C:\WINDOWS\system32\vjxxcsrc.dll

registry keys to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{838B6A16-8E22-4EFA-82FA-9ED139C3F2C0}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{880c501f-3393-4ddd-b6c9-4667e55afb28}

registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | c877808c

Clicca su Done
Clicca sul semaforo
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato di Avenger con un log aggiornato di hijackthis.
Top
Profilo Invia messaggio privato
f.denart
Mortale pio
Mortale pio


Registrato: 07/02/08 20:26
Messaggi: 19
MessaggioInviato: 11 Feb 2008 15:10    Oggetto: Rispondi citando
una volta terminata la scansione con Avenger ottengo un errore e nessun altro risultato.

Hijackthis riporta:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14.08.25, on 11/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmi\HP\QuickPlay\QPService.exe
C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi 2\Winamp\winampa.exe
C:\Programmi 2\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\FEDERICO\Desktop\virus\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://msg.edit.yahoo.com/config/reset_cookies?&.y=Y%3dv%3d1%26n%3daislrs2k0862k%26l%3di8ced0_3h02ki7eh/o%26p%3df2lvvro1133o0500%26jb%3d24%7c69%7c%26iz%3d700120%26r%3dc7%26lg%3den-US%26intl%3dus%26np%3d1%3b%20path%3d/%3b%20domain%3d.yahoo.com&.t=T%3dz%3dTCfgHBTI0gHB9.UWZ6iLtKoMjYxBjU2MDUwNjY2TzY-%26a%3dQAE%26sk%3dDAAIKo3Wlup1rx%26ks%3dEAAb5uA0iYPX_1wZfCCOtBSwg--~A%26d%3dc2wBTlRFMkFUSXhOekkzTVRFeE9ERS0BYQFRQUUBenoBVENmZ0hCZ1dBAXRpcAFYQ2pQMkI-%3b%20path%3d/%3b%20domain%3d.yahoo.com&.ver=2&.done=http://it.rd.yahoo.com/messenger/client/%3fhttp://it.mail.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {838B6A16-8E22-4EFA-82FA-9ED139C3F2C0} - C:\WINDOWS\system32\jkklk.dll (file missing)
O2 - BHO: {82bfa55e-7664-9c6b-ddd4-3933f105c088} - {880c501f-3393-4ddd-b6c9-4667e55afb28} - C:\WINDOWS\system32\itggynpg.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QPService] "C:\Programmi\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WinampAgent] "C:\Programmi 2\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi 2\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [c877808c] rundll32.exe "C:\WINDOWS\system32\vjxxcsrc.dll",b
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmi 2\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio rapido HP Photosmart Premier.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C779E52-035E-4D2C-8841-8436B3336C75}: NameServer = 192.168.0.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 9349 bytes
Top
Profilo Invia messaggio privato
f.denart
Mortale pio
Mortale pio


Registrato: 07/02/08 20:26
Messaggi: 19
MessaggioInviato: 11 Feb 2008 15:17    Oggetto: Rispondi citando
adesso è andato a buon fine


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ksbdcrwd

*******************

Script file located at: \??\C:\mymchkdo.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\vjxxcsrc.dll not found!
Deletion of file C:\WINDOWS\system32\vjxxcsrc.dll failed!

Could not process line:
C:\WINDOWS\system32\vjxxcsrc.dll
Status: 0xc0000034

Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{838B6A16-8E22-4EFA-82FA-9ED139C3F2C0} deleted successfully.
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{880c501f-3393-4ddd-b6c9-4667e55afb28} deleted successfully.
Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|c877808c deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
Top
Profilo Invia messaggio privato
f.denart
Mortale pio
Mortale pio


Registrato: 07/02/08 20:26
Messaggi: 19
MessaggioInviato: 11 Feb 2008 15:19    Oggetto: Rispondi
e questo è quanto mi ritorna HiJackThis

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14.18.09, on 11/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmi\HP\QuickPlay\QPService.exe
C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi 2\Winamp\winampa.exe
C:\Programmi 2\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\FEDERICO\Desktop\virus\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://msg.edit.yahoo.com/config/reset_cookies?&.y=Y%3dv%3d1%26n%3daislrs2k0862k%26l%3di8ced0_3h02ki7eh/o%26p%3df2lvvro1133o0500%26jb%3d24%7c69%7c%26iz%3d700120%26r%3dc7%26lg%3den-US%26intl%3dus%26np%3d1%3b%20path%3d/%3b%20domain%3d.yahoo.com&.t=T%3dz%3dTCfgHBTI0gHB9.UWZ6iLtKoMjYxBjU2MDUwNjY2TzY-%26a%3dQAE%26sk%3dDAAIKo3Wlup1rx%26ks%3dEAAb5uA0iYPX_1wZfCCOtBSwg--~A%26d%3dc2wBTlRFMkFUSXhOekkzTVRFeE9ERS0BYQFRQUUBenoBVENmZ0hCZ1dBAXRpcAFYQ2pQMkI-%3b%20path%3d/%3b%20domain%3d.yahoo.com&.ver=2&.done=http://it.rd.yahoo.com/messenger/client/%3fhttp://it.mail.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QPService] "C:\Programmi\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WinampAgent] "C:\Programmi 2\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi 2\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmi 2\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio rapido HP Photosmart Premier.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C779E52-035E-4D2C-8841-8436B3336C75}: NameServer = 192.168.0.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 9052 bytes
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Vai a 1, 2  Successivo
Pagina 1 di 2

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi