|
| Precedente :: Successivo |
| Autore |
Messaggio |
betta
Mortale devoto
Registrato: 14/06/07 12:46
Messaggi: 7
|
 Inviato: 25 Giu 2007 18:20 Oggetto: analisi dei logfile |
 |
|
ho fatto anch'io l'analisi con Hijack e ho ottenuto questi rusultati posso avere qualche consiglio? Vi avviso però che alcuni file.exe che erano in avvio li ho disabilitati. grazie
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 13.36.41, on 25/06/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\YmV0dGE\command.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Network Monitor\netmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\BITWARE\NT\bwprnmon.exe
C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\nfomon\nfomon.exe
C:\Programmi\File comuni\{E80D5C31-0707-1040-0905-020520020027}\Update.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Bocca Rossa\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Programmi\Deskbar\deskbar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Programmi\Deskbar\deskbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [bwprnmon.exe] C:\BITWARE\NT\bwprnmon.exe
O4 - HKLM\..\Run: [MMTray] C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [wmp5df5f] RUNDLL32.EXE w010678d.dll,n 0035df5c0000000a010678d
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Nfo] C:\WINDOWS\System32\nfomon\nfomon.exe
O4 - HKLM\..\Run: [{E80D5C31-0707-1040-0905-020520020027}] "C:\Programmi\File comuni\{E80D5C31-0707-1040-0905-020520020027}\Update.exe" mc-110-12-0000427
O4 - HKLM\..\Run: [{E80D5C31-0708-1040-0905-020520020027}] "C:\Programmi\File comuni\{E80D5C31-0708-1040-0905-020520020027}\Update.exe" mc-110-12-0000427
O4 - HKLM\..\Run: [WinTouch] C:\Programmi\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Policies\Explorer\Run: [{E80D5C31-0707-1040-0905-020520020027}] "C:\Programmi\File comuni\{E80D5C31-0707-1040-0905-020520020027}\Update.exe" mc-110-12-0000427
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\l44q0eh5eh4.dll (file missing)
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\n0l80a3ued.dll (file missing)
O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\q6nulg5916.dll (file missing)
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\YmV0dGE\command.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\System32\svchosts.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Programmi\Network Monitor\netmon.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Map Manager - Unknown owner - C:\WINDOWS\system32\lssc.exe (file missing)
O23 - Service: Remote Plugin Service - Unknown owner - C:\WINDOWS\system32\lsyss.exe (file missing)
--
End of file - 6572 bytes |
|
| Top |
|
 |
Orange
Dio maturo
Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
|
| Inviato: 25 Giu 2007 19:10 Oggetto: Re: analisi dei logfile |
|
|
| betta ha scritto: | | ho fatto anch'io l'analisi con Hijack e ho ottenuto questi rusultati posso avere qualche consiglio? |
ciao, betta.
devo dire che hai il PC parecchio incasinato.... 
usi qualcosa per la protezione, a parte AVG??
scarica questi:
LSPFix
VirIT
A-Squared
CCleaner
Eusing Free Registry Cleaner
e fai la scansione con tutti quanti, nell'ordine in cui li ho messi.
nella tua risposta successiva metti: il log di LSPFix di VirIT e uno nuovo di HiJack |
|
| Top |
|
|
betta
Mortale devoto
Registrato: 14/06/07 12:46
Messaggi: 7
|
| Inviato: 26 Giu 2007 14:52 Oggetto: |
|
|
 è vero ho un pc incasinato ma forse un pò lo sistemo vero? Come antivirus ho solo Avg
Ecco i log richiesti LSPFix non mi ha dato log solo la scritta no virus found di seguito ti posto i log di VirIT e Hijack:
VirIT eXplorer Lite Log
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
26/06/2007 - 13:38:18
[SCANSIONE DEL REGISTRO]
{44BE0690-5429-47f0-85BB-3FFD8020233E} Infetto da AdWare.UCMore.A
* * * RIMOSSO * * *
{CBCC61FA-0221-4ccc-B409-CEE865CACA3A} Infetto da BHO.Toolbar888.A
* * * RIMOSSO * * *
{A8B28872-3324-4CD2-8AA3-7D555C872D96} Infetto da BHO.Softomate.E
* * * RIMOSSO * * *
[A:]
BOOT SECTOR: OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
C:\Bocca Rossa\backups\backup-20070625-111755-412.dll Infetto da BHO.WebHancer.C
* * * RIMOSSO * * *
C:\Bocca Rossa\backups\backup-20070625-111755-720.dll Infetto da BHO.Delfin.A
* * * RIMOSSO * * *
C:\deskbar3.exe Infetto da Trojan.Win32.Agent.AEG
* * * RIMOSSO * * *
C:\deskbar4.exe Infetto da Trojan.Win32.Agent.AEG
* * * RIMOSSO * * *
C:\deskbar8.exe Infetto da Trojan.Win32.Agent.AEG
* * * RIMOSSO * * *
C:\Documents and Settings\betta\Impostazioni locali\Temp\b136.exe Infetto da Trojan.Win32.Agent.AXN
* * * RIMOSSO * * *
C:\Documents and Settings\betta\Impostazioni locali\Temp\qxieoa.exe Infetto da Trojan.Win32.Dialer.IH
* * * RIMOSSO * * *
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\3YBI7BX4\deskbar[1].exe Infetto da Trojan.Win32.Agent.AEG
* * * RIMOSSO * * *
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\3YBI7BX4\kybrdff_11[1].exe Infetto da Trojan.Win32.VB.BD
* * * RIMOSSO * * *
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\XY1VZ0W9\deskbar[1].exe Infetto da Trojan.Win32.Agent.AEG
* * * RIMOSSO * * *
C:\Programmi\Deskbar\deskbar.dll Infetto da BHO.Softomate.E
Il file sarà spostato nella cartella di quarantena.
C:\Programmi\File comuni\{E80D5C31-0707-1040-0905-020520020027}\Update.exe Infetto da Trojan.Win32.Agent.AMA
Il file sarà spostato nella cartella di quarantena.
C:\Programmi\File comuni\{E80D5C31-0708-1040-0905-020520020027}\Update.exe Infetto da Trojan.Win32.Agent.AMA
* * * RIMOSSO * * *
C:\Programmi\Network Monitor\netmon.exe Infetto da Trojan.Win32.Agent.XN
Il file sarà spostato nella cartella di quarantena.
C:\Programmi\TheSearchAccelerator\UCMTSAIE.dll Infetto da Adware.UCMore.B
* * * RIMOSSO * * *
C:\Programmi\ToolBar888\MyToolBar.dll Infetto da BHO.Toolbar888.A
* * * RIMOSSO * * *
C:\Programmi\webHancer\Programs\whiehlpr.dll Infetto da BHO.WebHancer.C
* * * RIMOSSO * * *
C:\System Volume Information\_restore{CD14D0A5-C7EF-4376-880F-49BB7D26B2E0}\RP7\A0001414.dll Infetto da BHO.Delfin.A
* * * RIMOSSO * * *
C:\System Volume Information\_restore{CD14D0A5-C7EF-4376-880F-49BB7D26B2E0}\RP7\A0001450.dll Infetto da BHO.WebHancer.C
* * * RIMOSSO * * *
C:\System Volume Information\_restore{CD14D0A5-C7EF-4376-880F-49BB7D26B2E0}\RP7\A0001451.dll Infetto da BHO.Delfin.A
* * * RIMOSSO * * *
C:\System Volume Information\_restore{CD14D0A5-C7EF-4376-880F-49BB7D26B2E0}\RP7\A0001452.exe Infetto da Trojan.Win32.Agent.AEG
* * * RIMOSSO * * *
C:\System Volume Information\_restore{CD14D0A5-C7EF-4376-880F-49BB7D26B2E0}\RP7\A0001453.exe Infetto da Trojan.Win32.Agent.AEG
* * * RIMOSSO * * *
C:\System Volume Information\_restore{CD14D0A5-C7EF-4376-880F-49BB7D26B2E0}\RP7\A0001454.exe Infetto da Trojan.Win32.Agent.AEG
* * * RIMOSSO * * *
C:\System Volume Information\_restore{CD14D0A5-C7EF-4376-880F-49BB7D26B2E0}\RP7\A0001455.exe Infetto da Trojan.Win32.Agent.AMA
* * * RIMOSSO * * *
C:\System Volume Information\_restore{CD14D0A5-C7EF-4376-880F-49BB7D26B2E0}\RP7\A0001456.dll Infetto da Adware.UCMore.B
* * * RIMOSSO * * *
C:\System Volume Information\_restore{CD14D0A5-C7EF-4376-880F-49BB7D26B2E0}\RP7\A0001457.dll Infetto da BHO.Toolbar888.A
* * * RIMOSSO * * *
C:\System Volume Information\_restore{CD14D0A5-C7EF-4376-880F-49BB7D26B2E0}\RP7\A0001458.dll Infetto da BHO.WebHancer.C
* * * RIMOSSO * * *
C:\WINDOWS\system32\kkdhu1.dll Infetto da Trojan.Win32.Agent.QM
* * * RIMOSSO * * *
C:\WINDOWS\system32\mrvideo.dll Infetto da Trojan.Win32.Agent.QM
* * * RIMOSSO * * *
C:\WINDOWS\system32\nfomon\nfomon.exe Infetto da AdWare.Delfin.G
Il file sarà spostato nella cartella di quarantena.
C:\WINDOWS\system32\vidmon\vidmon.exe Infetto da Adware.Delfin.O
* * * RIMOSSO * * *
C:\WINDOWS\YmV0dGE\command.exe Infetto da Adware.Command.A
Il file sarà spostato nella cartella di quarantena.
[D:]
[E:]
[F:]
BOOT SECTOR: OK
[G:]
Chiavi Registro infette: 3.
Files Infetti: 32.
Files Sospetti: 0.
Files Analizzati: 34317.
Files Totali: 34317.
Chiavi Registro rimosse: 3.
Virus Rimossi: 27.
Adesso puoi RIAVVIARE il computer per spostare il file nella cartella di quarantena.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14.43.58, on 26/06/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\windows\system32\svchost.exe
C:\Programmi\a-squared Free\a2service.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Bocca Rossa\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [wmp5df5f] RUNDLL32.EXE w010678d.dll,n 0035df5c0000000a010678d
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [{E80D5C31-0707-1040-0905-020520020027}] "C:\Programmi\File comuni\{E80D5C31-0707-1040-0905-020520020027}\Update.exe" mc-110-12-0000427
O4 - HKLM\..\Run: [{E80D5C31-0708-1040-0905-020520020027}] "C:\Programmi\File comuni\{E80D5C31-0708-1040-0905-020520020027}\Update.exe" mc-110-12-0000427
O4 - HKLM\..\Run: [WinTouch] C:\Programmi\WinTouch\WinTouch.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Policies\Explorer\Run: [{E80D5C31-0707-1040-0905-020520020027}] "C:\Programmi\File comuni\{E80D5C31-0707-1040-0905-020520020027}\Update.exe" mc-110-12-0000427
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\l44q0eh5eh4.dll (file missing)
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\n0l80a3ued.dll (file missing)
O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\q6nulg5916.dll (file missing)
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\System32\svchosts.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Map Manager - Unknown owner - C:\WINDOWS\system32\lssc.exe (file missing)
O23 - Service: Remote Plugin Service - Unknown owner - C:\WINDOWS\system32\lsyss.exe (file missing)
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
--
End of file - 5802 bytes
grazie  |
|
| Top |
|
|
betta
Mortale devoto
Registrato: 14/06/07 12:46
Messaggi: 7
|
| Inviato: 26 Giu 2007 14:52 Oggetto: |
|
|
è vero ho un pc incasinato ma forse un pò lo sistemo vero? Come antivirus ho solo Avg
Ecco i log richiesti LSPFix non mi ha dato log solo la scritta no virus found di seguito ti posto i log di VirIT e Hijack:
VirIT eXplorer Lite Log
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
26/06/2007 - 13:38:18
[SCANSIONE DEL REGISTRO]
{44BE0690-5429-47f0-85BB-3FFD8020233E} Infetto da AdWare.UCMore.A
* * * RIMOSSO * * *
{CBCC61FA-0221-4ccc-B409-CEE865CACA3A} Infetto da BHO.Toolbar888.A
* * * RIMOSSO * * *
{A8B28872-3324-4CD2-8AA3-7D555C872D96} Infetto da BHO.Softomate.E
* * * RIMOSSO * * *
[A:]
BOOT SECTOR: OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
C:\Bocca Rossa\backups\backup-20070625-111755-412.dll Infetto da BHO.WebHancer.C
* * * RIMOSSO * * *
C:\Bocca Rossa\backups\backup-20070625-111755-720.dll Infetto da BHO.Delfin.A
* * * RIMOSSO * * *
C:\deskbar3.exe Infetto da Trojan.Win32.Agent.AEG
* * * RIMOSSO * * *
C:\deskbar4.exe Infetto da Trojan.Win32.Agent.AEG
* * * RIMOSSO * * *
C:\deskbar8.exe Infetto da Trojan.Win32.Agent.AEG
* * * RIMOSSO * * *
C:\Documents and Settings\betta\Impostazioni locali\Temp\b136.exe Infetto da Trojan.Win32.Agent.AXN
* * * RIMOSSO * * *
C:\Documents and Settings\betta\Impostazioni locali\Temp\qxieoa.exe Infetto da Trojan.Win32.Dialer.IH
* * * RIMOSSO * * *
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\3YBI7BX4\deskbar[1].exe Infetto da Trojan.Win32.Agent.AEG
* * * RIMOSSO * * *
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\3YBI7BX4\kybrdff_11[1].exe Infetto da Trojan.Win32.VB.BD
* * * RIMOSSO * * *
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\XY1VZ0W9\deskbar[1].exe Infetto da Trojan.Win32.Agent.AEG
* * * RIMOSSO * * *
C:\Programmi\Deskbar\deskbar.dll Infetto da BHO.Softomate.E
Il file sarà spostato nella cartella di quarantena.
C:\Programmi\File comuni\{E80D5C31-0707-1040-0905-020520020027}\Update.exe Infetto da Trojan.Win32.Agent.AMA
Il file sarà spostato nella cartella di quarantena.
C:\Programmi\File comuni\{E80D5C31-0708-1040-0905-020520020027}\Update.exe Infetto da Trojan.Win32.Agent.AMA
* * * RIMOSSO * * *
C:\Programmi\Network Monitor\netmon.exe Infetto da Trojan.Win32.Agent.XN
Il file sarà spostato nella cartella di quarantena.
C:\Programmi\TheSearchAccelerator\UCMTSAIE.dll Infetto da Adware.UCMore.B
* * * RIMOSSO * * *
C:\Programmi\ToolBar888\MyToolBar.dll Infetto da BHO.Toolbar888.A
* * * RIMOSSO * * *
C:\Programmi\webHancer\Programs\whiehlpr.dll Infetto da BHO.WebHancer.C
* * * RIMOSSO * * *
C:\System Volume Information\_restore{CD14D0A5-C7EF-4376-880F-49BB7D26B2E0}\RP7\A0001414.dll Infetto da BHO.Delfin.A
* * * RIMOSSO * * *
C:\System Volume Information\_restore{CD14D0A5-C7EF-4376-880F-49BB7D26B2E0}\RP7\A0001450.dll Infetto da BHO.WebHancer.C
* * * RIMOSSO * * *
C:\System Volume Information\_restore{CD14D0A5-C7EF-4376-880F-49BB7D26B2E0}\RP7\A0001451.dll Infetto da BHO.Delfin.A
* * * RIMOSSO * * *
C:\System Volume Information\_restore{CD14D0A5-C7EF-4376-880F-49BB7D26B2E0}\RP7\A0001452.exe Infetto da Trojan.Win32.Agent.AEG
* * * RIMOSSO * * *
C:\System Volume Information\_restore{CD14D0A5-C7EF-4376-880F-49BB7D26B2E0}\RP7\A0001453.exe Infetto da Trojan.Win32.Agent.AEG
* * * RIMOSSO * * *
C:\System Volume Information\_restore{CD14D0A5-C7EF-4376-880F-49BB7D26B2E0}\RP7\A0001454.exe Infetto da Trojan.Win32.Agent.AEG
* * * RIMOSSO * * *
C:\System Volume Information\_restore{CD14D0A5-C7EF-4376-880F-49BB7D26B2E0}\RP7\A0001455.exe Infetto da Trojan.Win32.Agent.AMA
* * * RIMOSSO * * *
C:\System Volume Information\_restore{CD14D0A5-C7EF-4376-880F-49BB7D26B2E0}\RP7\A0001456.dll Infetto da Adware.UCMore.B
* * * RIMOSSO * * *
C:\System Volume Information\_restore{CD14D0A5-C7EF-4376-880F-49BB7D26B2E0}\RP7\A0001457.dll Infetto da BHO.Toolbar888.A
* * * RIMOSSO * * *
C:\System Volume Information\_restore{CD14D0A5-C7EF-4376-880F-49BB7D26B2E0}\RP7\A0001458.dll Infetto da BHO.WebHancer.C
* * * RIMOSSO * * *
C:\WINDOWS\system32\kkdhu1.dll Infetto da Trojan.Win32.Agent.QM
* * * RIMOSSO * * *
C:\WINDOWS\system32\mrvideo.dll Infetto da Trojan.Win32.Agent.QM
* * * RIMOSSO * * *
C:\WINDOWS\system32\nfomon\nfomon.exe Infetto da AdWare.Delfin.G
Il file sarà spostato nella cartella di quarantena.
C:\WINDOWS\system32\vidmon\vidmon.exe Infetto da Adware.Delfin.O
* * * RIMOSSO * * *
C:\WINDOWS\YmV0dGE\command.exe Infetto da Adware.Command.A
Il file sarà spostato nella cartella di quarantena.
[D:]
[E:]
[F:]
BOOT SECTOR: OK
[G:]
Chiavi Registro infette: 3.
Files Infetti: 32.
Files Sospetti: 0.
Files Analizzati: 34317.
Files Totali: 34317.
Chiavi Registro rimosse: 3.
Virus Rimossi: 27.
Adesso puoi RIAVVIARE il computer per spostare il file nella cartella di quarantena.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14.43.58, on 26/06/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\windows\system32\svchost.exe
C:\Programmi\a-squared Free\a2service.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Bocca Rossa\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [wmp5df5f] RUNDLL32.EXE w010678d.dll,n 0035df5c0000000a010678d
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [{E80D5C31-0707-1040-0905-020520020027}] "C:\Programmi\File comuni\{E80D5C31-0707-1040-0905-020520020027}\Update.exe" mc-110-12-0000427
O4 - HKLM\..\Run: [{E80D5C31-0708-1040-0905-020520020027}] "C:\Programmi\File comuni\{E80D5C31-0708-1040-0905-020520020027}\Update.exe" mc-110-12-0000427
O4 - HKLM\..\Run: [WinTouch] C:\Programmi\WinTouch\WinTouch.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Policies\Explorer\Run: [{E80D5C31-0707-1040-0905-020520020027}] "C:\Programmi\File comuni\{E80D5C31-0707-1040-0905-020520020027}\Update.exe" mc-110-12-0000427
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\l44q0eh5eh4.dll (file missing)
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\n0l80a3ued.dll (file missing)
O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\q6nulg5916.dll (file missing)
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\System32\svchosts.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Map Manager - Unknown owner - C:\WINDOWS\system32\lssc.exe (file missing)
O23 - Service: Remote Plugin Service - Unknown owner - C:\WINDOWS\system32\lsyss.exe (file missing)
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
--
End of file - 5802 bytes
grazie |
|
| Top |
|
|
Orange
Dio maturo
Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
|
| Inviato: 26 Giu 2007 15:18 Oggetto: |
|
|
tranquilla, già vai molto meglio 
adesso disattiva il ripristino di configurazione
avvia in modalità provvisoria
avvia HiJack, seleziona "Do a system scan only", metti la spunta alle voci segnalate e premi "Fix checked":
| Citazione: | O4 - HKLM\..\Run: [wmp5df5f] RUNDLL32.EXE w010678d.dll,n 0035df5c0000000a010678d
O4 - HKLM\..\Run: [WinTouch] C:\Programmi\WinTouch\WinTouch.exe
O4 - HKCU\..\Policies\Explorer\Run: [{E80D5C31-0707-1040-0905-020520020027}] "C:\Programmi\File comuni\{E80D5C31-0707-1040-0905-020520020027}\Update.exe" mc-110-12-0000427
O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\l44q0eh5eh4.dll (file missing)
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\n0l80a3ued.dll (file missing)
O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\q6nulg5916.dll (file missing)
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\System32\svchosts.exe (file missing)
O23 - Service: Remote Map Manager - Unknown owner - C:\WINDOWS\system32\lssc.exe (file missing)
O23 - Service: Remote Plugin Service - Unknown owner - C:\WINDOWS\system32\lsyss.exe (file missing) |
per sicurezza ti faccio fare anche quest'altro controllo:
Scarica Gmer e scompattalo in una sua cartella non temporanea.
Avvialo
clicca su > > >
Clicca su Autostart
metti il segno di spunta a Show All
clicca su Scan
al termine della scansione, clicca su Copy
Apri il blocco note e premi CTRL+V (oppure clicca su Modifica e poi su Incolla).
Salva il file e caricalo su http://www.freefilehosting.net/
Posta qui il link che ti viene assegnato.
Sempre nel programma appena scaricato (gmer),
clicca su Rootkit
clicca su Scan
al termine della scansione, clicca su Copy
Apri il blocco note e premi CTRL+V (oppure clicca su Modifica e poi su Incolla).
Salva il file e caricalo su http://www.freefilehosting.net/
Posta qui il link che ti viene assegnato.
metti qui anche il log aggiornato di HiJack |
|
| Top |
|
|
betta
Mortale devoto
Registrato: 14/06/07 12:46
Messaggi: 7
|
| Inviato: 02 Lug 2007 11:15 Oggetto: infezion i varie |
|
|
scusa il ritardo con cui ti rispondo ma il pc infetto è quello dell'ufficio e solo oggi ho potuto fare le operazioni che mi hai richiesto purtroppo non so perchè ma il programma Gmer non sopno riuscita a scaricarlo al momento la situazione è questa:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10.43.56, on 02/07/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\windows\system32\winlogon.exe
C:\Programmi\a-squared Free\a2service.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Bocca Rossa\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [{E80D5C31-0707-1040-0905-020520020027}] "C:\Programmi\File comuni\{E80D5C31-0707-1040-0905-020520020027}\Update.exe" mc-110-12-0000427
O4 - HKLM\..\Run: [{E80D5C31-0708-1040-0905-020520020027}] "C:\Programmi\File comuni\{E80D5C31-0708-1040-0905-020520020027}\Update.exe" mc-110-12-0000427
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [rgzhca.exe] C:\WINDOWS\TEMP\rgzhca.exe
O4 - HKLM\..\Run: [updmxgvj] "c:\windows\system32\updmxgvj.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
grazie ancora per la tua disponibilità  |
|
| Top |
|
|
Orange
Dio maturo
Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
|
| Inviato: 02 Lug 2007 14:01 Oggetto: |
|
|
ciao.
Con HiJack fissa questi:
O4 - HKLM\..\Run: [rgzhca.exe] C:\WINDOWS\TEMP\rgzhca.exe
O4 - HKLM\..\Run: [updmxgvj] "c:\windows\system32\updmxgvj.exe"
comunque Gmer riprova a scaricarlo. da qui.
betta, ti consiglierei di aggiornare Windows con i ServicePack2 e mettere un firewall al piu presto. |
|
| Top |
|
|
betta
Mortale devoto
Registrato: 14/06/07 12:46
Messaggi: 7
|
| Inviato: 03 Lug 2007 11:20 Oggetto: |
|
|
ecco il nuovo log
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11.05.33, on 03/07/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\windows\system32\winlogon.exe
C:\Programmi\a-squared Free\a2service.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Bocca Rossa\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [{E80D5C31-0707-1040-0905-020520020027}] "C:\Programmi\File comuni\{E80D5C31-0707-1040-0905-020520020027}\Update.exe" mc-110-12-0000427
O4 - HKLM\..\Run: [{E80D5C31-0708-1040-0905-020520020027}] "C:\Programmi\File comuni\{E80D5C31-0708-1040-0905-020520020027}\Update.exe" mc-110-12-0000427
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [wivufa.exe] C:\WINDOWS\TEMP\wivufa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
spero che ora vada tutto bene cmq mi sto organizzando per seguire i tuoi ottimi consigli
ti ringrazio per la pazienza e la disponibilità |
|
| Top |
|
|
Orange
Dio maturo
Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
|
| Inviato: 03 Lug 2007 15:41 Oggetto: |
 |
|
mmm, ancora non ci siamo:
O4 - HKLM\..\Run: [wivufa.exe] C:\WINDOWS\TEMP\wivufa.exe
come procede con Gmer? |
|
| Top |
|
|
|
|
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
