Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
dialer/virus numero.exe
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
luzzo80
Mortale devoto
Mortale devoto


Registrato: 09/07/07 19:10
Messaggi: 6
MessaggioInviato: 09 Lug 2007 19:20    Oggetto: dialer/virus numero.exe Rispondi citando
ciao a tutti,
da un paio di giorni ho il seguente problema.
il computer mi si blocca e devo resettarlo per farlo ripartire.
Nella directory C:/windows si crea un file con un numero.exe (il numero cambia sempre).
ho guardato sui forum ed ho utilizzato hijackthis, allego il risultato per chi ne capisse più di me Smile))

Logfile of HijackThis v1.99.1
Scan saved at 18.47.12, on 09/07/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\LUCA\IMPOST~1\TEMP\_VWUPSRV.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\spoolw.exe
C:\WINDOWS\System32\igfxsvc.exe
C:\WINDOWS\Mixer.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\inf\OTHER\nets.exe
C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Creative\MediaSource5\MtdAcqu.exe
C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe
C:\WINDOWS\System32\spoolw.exe
C:\WINDOWS\System32\igfxsvc.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.vivanco.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,oarqlrv.exe
O1 - Hosts: 127.
O2 - BHO: CATLEvents Object - {13589181-4F0D-4553-B9F8-B4B72172C139} - C:\DOCUME~1\LUCA\IMPOST~1\Temp\sten.dat
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [Omnipage] C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Microsoft Inet Xp..] teekids.exe
O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe
O4 - HKLM\..\Run: [avserve2.exe] C:\WINDOWS\avserve2.exe
O4 - HKLM\..\Run: [*imgkb] C:\WINDOWS\Config\imgkb.exe
O4 - HKLM\..\Run: [*expweb] C:\WINDOWS\expweb.exe
O4 - HKLM\..\Run: [pop06ap] C:\WINDOWS\pop06ap2.exe
O4 - HKLM\..\Run: [w0211c41.dll] RUNDLL32.EXE w0211c41.dll,I2 000e540400211c41
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TQ566808] "E:\setup.exe"
O4 - HKLM\..\Run: [*nets] C:\WINDOWS\inf\OTHER\nets.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\RunOnce: [*nets] C:\WINDOWS\inf\OTHER\nets.exe rerun
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MtdAcqu] "C:\Programmi\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [spoolw] C:\WINDOWS\System32\spoolw.exe
O4 - HKCU\..\Run: [igfxsvc] C:\WINDOWS\System32\igfxsvc.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.vivanco.com
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.skymasters.biz
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1148584080964
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {ADC3EA10-8A28-41A9-96B4-534ADFC3CA0A} (Configuratore Auto Control) - http://www.buy@fiat.com/components/ocx/autopricer/configuratoreauto.cab
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} - http://download.redswoosh.com/Installer/rsinstaller.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5806301-35FE-4329-AC65-D6E0770A42CE}: NameServer = 85.37.17.56 85.38.28.98
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\mmxml2.dll (file missing)
O20 - Winlogon Notify: apps - C:\DOCUME~1\LUCA\IMPOST~1\Temp\sppa.dat (file missing)
O20 - Winlogon Notify: catjpeg - C:\DOCUME~1\LUCA\IMPOST~1\Temp\gepjtac.dat (file missing)
O20 - Winlogon Notify: catwin - C:\DOCUME~1\LUCA\IMPOST~1\Temp\niwtac.dat (file missing)
O20 - Winlogon Notify: cmdabr - C:\DOCUME~1\LUCA\IMPOST~1\Temp\rbadmc.dat (file missing)
O20 - Winlogon Notify: creula - C:\DOCUME~1\LUCA\IMPOST~1\Temp\aluerc.dat (file missing)
O20 - Winlogon Notify: crreg - C:\DOCUME~1\LUCA\IMPOST~1\Temp\gerrc.dat (file missing)
O20 - Winlogon Notify: dburl - C:\DOCUME~1\LUCA\IMPOST~1\Temp\lrubd.dat (file missing)
O20 - Winlogon Notify: dlllog - C:\DOCUME~1\LUCA\IMPOST~1\Temp\gollld.dat (file missing)
O20 - Winlogon Notify: dvd - C:\DOCUME~1\LUCA\IMPOST~1\Temp\dvd.dat (file missing)
O20 - Winlogon Notify: dvdinet - C:\DOCUME~1\LUCA\IMPOST~1\Temp\tenidvd.dat (file missing)
O20 - Winlogon Notify: eulanut - C:\DOCUME~1\LUCA\IMPOST~1\Temp\tunalue.dat (file missing)
O20 - Winlogon Notify: eulasrv - C:\DOCUME~1\LUCA\IMPOST~1\Temp\vrsalue.dat (file missing)
O20 - Winlogon Notify: hardanti - C:\DOCUME~1\LUCA\IMPOST~1\Temp\itnadrah.dat (file missing)
O20 - Winlogon Notify: iiscat - C:\DOCUME~1\LUCA\IMPOST~1\Temp\tacsii.dat (file missing)
O20 - Winlogon Notify: iisms - C:\DOCUME~1\LUCA\IMPOST~1\Temp\smsii.dat (file missing)
O20 - Winlogon Notify: infowms - C:\DOCUME~1\LUCA\IMPOST~1\Temp\smwofni.dat (file missing)
O20 - Winlogon Notify: ipdoc - C:\DOCUME~1\LUCA\IMPOST~1\Temp\codpi.dat (file missing)
O20 - Winlogon Notify: ipvss - C:\DOCUME~1\LUCA\IMPOST~1\Temp\ssvpi.dat (file missing)
O20 - Winlogon Notify: jpegabr - C:\DOCUME~1\LUCA\IMPOST~1\Temp\rbagepj.dat (file missing)
O20 - Winlogon Notify: libutil - C:\DOCUME~1\LUCA\IMPOST~1\Temp\litubil.dat (file missing)
O20 - Winlogon Notify: logcom - C:\DOCUME~1\LUCA\IMPOST~1\Temp\mocgol.dat (file missing)
O20 - Winlogon Notify: logwave - C:\DOCUME~1\LUCA\IMPOST~1\Temp\evawgol.dat (file missing)
O20 - Winlogon Notify: maindos - C:\DOCUME~1\LUCA\IMPOST~1\Temp\sodniam.dat (file missing)
O20 - Winlogon Notify: mfcplay - C:\DOCUME~1\LUCA\IMPOST~1\Temp\yalpcfm.dat (file missing)
O20 - Winlogon Notify: mp3eula - C:\DOCUME~1\LUCA\IMPOST~1\Temp\alue3pm.dat (file missing)
O20 - Winlogon Notify: mp3inet - C:\DOCUME~1\LUCA\IMPOST~1\Temp\teni3pm.dat (file missing)
O20 - Winlogon Notify: mp3ras - C:\DOCUME~1\LUCA\IMPOST~1\Temp\sar3pm.dat (file missing)
O20 - Winlogon Notify: netdisk - C:\DOCUME~1\LUCA\IMPOST~1\Temp\ksidten.dat (file missing)
O20 - Winlogon Notify: nets - C:\DOCUME~1\Kristina\IMPOST~1\Temp\sten.dat
O20 - Winlogon Notify: nutkb - C:\DOCUME~1\LUCA\IMPOST~1\Temp\bktun.dat (file missing)
O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\wav8dmod.dll (file missing)
O20 - Winlogon Notify: wavejpeg - C:\DOCUME~1\LUCA\IMPOST~1\Temp\gepjevaw.dat (file missing)
O20 - Winlogon Notify: websys - C:\DOCUME~1\LUCA\IMPOST~1\Temp\sysbew.dat (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: Network Monitor - Unknown owner - C:\Programmi\Network Monitor\netmon.exe (file missing)
O23 - Service: ASUS Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: AntiVir Update Temp (TmpUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\DOCUME~1\LUCA\IMPOST~1\TEMP\_VWUPSRV.EXE

ringrazio già tutti per la disponibilità.
spero che qualcuno mi aiiuti a risolvere il mio problema.
grazie
Top
Profilo Invia messaggio privato
Orange
Dio maturo
Dio maturo


Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
MessaggioInviato: 09 Lug 2007 20:42    Oggetto: Rispondi citando
ciao, benvenuto Ciao

hai il PC bello incasinato.... Rolling Eyes c'è qualcosa che ti impedisce di aggiornarlo con SP2?

facciamo così: ti rimando a questa discussione. segui i consigli uno per uno.... dai una ripulita al PC.
dopo dai un'occhiata anche qui (segui solo l'ultima parte, quella di VirIT, per capirci)
nel tuo prossimo post metti il log di VirIT e uno aggiornato di HiJack (non dimenticare di mettere l'SP2 e anche un firewall)

per ogni tua eventuale domanda, siamo sempre qui.. Wink
Top
Profilo Invia messaggio privato
luzzo80
Mortale devoto
Mortale devoto


Registrato: 09/07/07 19:10
Messaggi: 6
MessaggioInviato: 11 Lug 2007 00:31    Oggetto: nuovo post Rispondi citando
ciao Orange,
per prima cosa devo ringraziarti per il tuo interessamento, ho seguito passo passo le tue istruzioni e come mi avevi scritto ti posto i log di virit e HiJack. mi manca solo il SP2.

VirIT eXplorer Lite Log

[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
10/07/2007 - 23:53:43

[SCANSIONE DEL REGISTRO]
OK

[A:]
BOOT SECTOR: OK


[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

C:\WINDOWS\iexplore_32.exe Infetto da Trojan.Win32.Small.LQ
* * * RIMOSSO * * *
C:\WINDOWS\system32\drvkkmpe.exe Infetto da Trojan.Win32.Agent.ATF
* * * RIMOSSO * * *
C:\WINDOWS\system32\f4l0le3m1h.dll Infetto da Trojan.Win32.Agent.QM
* * * RIMOSSO * * *
C:\WINDOWS\system32\igfxsvc.exe Infetto da Trojan.Win32.Small.LQ
Il file sarà spostato nella cartella di quarantena.
C:\WINDOWS\system32\ktl2l73o1.dll Infetto da Trojan.Win32.Agent.QM
* * * RIMOSSO * * *
C:\WINDOWS\system32\spoolw.exe Infetto da Trojan.Win32.Small.LQ
* * * RIMOSSO * * *
C:\WINDOWS\w32dbg.exe Infetto da Trojan.Win32.Small.LQ
* * * RIMOSSO * * *

[D:]


[E:]


[F:]


Chiavi Registro infette: 0.
Files Infetti: 7.
Files Sospetti: 0.
Files Analizzati: 37611.
Files Totali: 37611.
Chiavi Registro rimosse: 0.
Virus Rimossi: 6.

Adesso puoi RIAVVIARE il computer per spostare il file nella cartella di quarantena.
[SCANSIONE DELLA MEMORIA]
OK


Logfile of HijackThis v1.99.1
Scan saved at 0.29.51, on 11/07/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\a-squared Anti-Malware\a2service.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\Mixer.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\WINDOWS\inf\OTHER\nets.exe
C:\Programmi\Comodo\Firewall\CPF.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Creative\MediaSource5\MtdAcqu.exe
C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe
C:\VEXPLITE\viritexp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\LUCA\Impostazioni locali\Temp\Directory temporanea 1 per hijackthis_199.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.vivanco.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,oarqlrv.exe
O1 - Hosts: 127.
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: CATLEvents Object - {13589181-4F0D-4553-B9F8-B4B72172C139} - C:\DOCUME~1\LUCA\IMPOST~1\Temp\sten.dat
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [Microsoft Inet Xp..] teekids.exe
O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe
O4 - HKLM\..\Run: [w0211c41.dll] RUNDLL32.EXE w0211c41.dll,I2 000e540400211c41
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TQ566808] "E:\setup.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [a-squared] "C:\Programmi\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [*nets] C:\WINDOWS\inf\OTHER\nets.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programmi\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\RunOnce: [*nets] C:\WINDOWS\inf\OTHER\nets.exe rerun
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MtdAcqu] "C:\Programmi\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [spoolw] C:\WINDOWS\System32\spoolw.exe
O4 - HKCU\..\Run: [igfxsvc] C:\WINDOWS\System32\igfxsvc.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.vivanco.com
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1148584080964
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {ADC3EA10-8A28-41A9-96B4-534ADFC3CA0A} (Configuratore Auto Control) - http://www.buy@fiat.com/components/ocx/autopricer/configuratoreauto.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5806301-35FE-4329-AC65-D6E0770A42CE}: NameServer = 85.37.17.56 85.38.28.98
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
O20 - Winlogon Notify: App Management - C:\WINDOWS\
O20 - Winlogon Notify: apps - C:\WINDOWS\
O20 - Winlogon Notify: catjpeg - C:\WINDOWS\
O20 - Winlogon Notify: catwin - C:\WINDOWS\
O20 - Winlogon Notify: creula - C:\WINDOWS\
O20 - Winlogon Notify: crreg - C:\WINDOWS\
O20 - Winlogon Notify: dburl - C:\WINDOWS\
O20 - Winlogon Notify: dlllog - C:\WINDOWS\
O20 - Winlogon Notify: dvd - C:\WINDOWS\
O20 - Winlogon Notify: dvdinet - C:\WINDOWS\
O20 - Winlogon Notify: eulanut - C:\WINDOWS\
O20 - Winlogon Notify: eulasrv - C:\WINDOWS\
O20 - Winlogon Notify: hardanti - C:\WINDOWS\
O20 - Winlogon Notify: iiscat - C:\WINDOWS\
O20 - Winlogon Notify: iisms - C:\WINDOWS\
O20 - Winlogon Notify: infowms - C:\WINDOWS\
O20 - Winlogon Notify: ipdoc - C:\WINDOWS\
O20 - Winlogon Notify: ipvss - C:\WINDOWS\
O20 - Winlogon Notify: jpegabr - C:\WINDOWS\
O20 - Winlogon Notify: libutil - C:\WINDOWS\
O20 - Winlogon Notify: logcom - C:\WINDOWS\
O20 - Winlogon Notify: logwave - C:\WINDOWS\
O20 - Winlogon Notify: maindos - C:\WINDOWS\
O20 - Winlogon Notify: mfcplay - C:\WINDOWS\
O20 - Winlogon Notify: mp3eula - C:\WINDOWS\
O20 - Winlogon Notify: mp3inet - C:\WINDOWS\
O20 - Winlogon Notify: mp3ras - C:\WINDOWS\
O20 - Winlogon Notify: netdisk - C:\WINDOWS\
O20 - Winlogon Notify: nets - C:\DOCUME~1\LUCA\IMPOST~1\Temp\sten.dat
O20 - Winlogon Notify: nutkb - C:\WINDOWS\
O20 - Winlogon Notify: Uninstall - C:\WINDOWS\
O20 - Winlogon Notify: wavejpeg - C:\WINDOWS\
O20 - Winlogon Notify: websys - C:\WINDOWS\
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Malware\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Programmi\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: ASUS Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe


spero sia migliorata la situazione.
domani controllo se il computer mi si blocca ancora, adesso sono cotto e domani purtroppo si lavora Sad
grazie mille
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 11 Lug 2007 08:00    Oggetto: Rispondi citando
Ciao luzzo80, Ciao
Avvia il pc in modalità provvisoria
esegui hijackthis
clicca su do a system scan only
metti il segno di spunta a queste voci:
Citazione:
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,oarqlrv.exe
O1 - Hosts: 127.
O2 - BHO: CATLEvents Object - {13589181-4F0D-4553-B9F8-B4B72172C139} - C:\DOCUME~1\LUCA\IMPOST~1\Temp\sten.dat
O4 - HKLM\..\Run: [Microsoft Inet Xp..] teekids.exe
O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe
O4 - HKLM\..\Run: [w0211c41.dll] RUNDLL32.EXE w0211c41.dll,I2 000e540400211c41
O4 - HKLM\..\Run: [TQ566808] "E:\setup.exe"
O4 - HKLM\..\Run: [*nets] C:\WINDOWS\inf\OTHER\nets.exe
O4 - HKLM\..\RunOnce: [*nets] C:\WINDOWS\inf\OTHER\nets.exe rerun
O4 - HKCU\..\Run: [spoolw] C:\WINDOWS\System32\spoolw.exe
O4 - HKCU\..\Run: [igfxsvc] C:\WINDOWS\System32\igfxsvc.exe
O20 - Winlogon Notify: App Management - C:\WINDOWS\
O20 - Winlogon Notify: apps - C:\WINDOWS\
O20 - Winlogon Notify: catjpeg - C:\WINDOWS\
O20 - Winlogon Notify: catwin - C:\WINDOWS\
O20 - Winlogon Notify: creula - C:\WINDOWS\
O20 - Winlogon Notify: crreg - C:\WINDOWS\
O20 - Winlogon Notify: dburl - C:\WINDOWS\
O20 - Winlogon Notify: dlllog - C:\WINDOWS\
O20 - Winlogon Notify: dvd - C:\WINDOWS\
O20 - Winlogon Notify: dvdinet - C:\WINDOWS\
O20 - Winlogon Notify: eulanut - C:\WINDOWS\
O20 - Winlogon Notify: eulasrv - C:\WINDOWS\
O20 - Winlogon Notify: hardanti - C:\WINDOWS\
O20 - Winlogon Notify: iiscat - C:\WINDOWS\
O20 - Winlogon Notify: iisms - C:\WINDOWS\
O20 - Winlogon Notify: infowms - C:\WINDOWS\
O20 - Winlogon Notify: ipdoc - C:\WINDOWS\
O20 - Winlogon Notify: ipvss - C:\WINDOWS\
O20 - Winlogon Notify: jpegabr - C:\WINDOWS\
O20 - Winlogon Notify: libutil - C:\WINDOWS\
O20 - Winlogon Notify: logcom - C:\WINDOWS\
O20 - Winlogon Notify: logwave - C:\WINDOWS\
O20 - Winlogon Notify: maindos - C:\WINDOWS\
O20 - Winlogon Notify: mfcplay - C:\WINDOWS\
O20 - Winlogon Notify: mp3eula - C:\WINDOWS\
O20 - Winlogon Notify: mp3inet - C:\WINDOWS\
O20 - Winlogon Notify: mp3ras - C:\WINDOWS\
O20 - Winlogon Notify: netdisk - C:\WINDOWS\
O20 - Winlogon Notify: nets - C:\DOCUME~1\LUCA\IMPOST~1\Temp\sten.dat
O20 - Winlogon Notify: nutkb - C:\WINDOWS\
O20 - Winlogon Notify: Uninstall - C:\WINDOWS\
O20 - Winlogon Notify: wavejpeg - C:\WINDOWS\
O20 - Winlogon Notify: websys - C:\WINDOWS\

clicca fix checked
Riavvia il pc, rifai il log di hijackthis e postalo

Comincia a scaricare questo e scompattalo in una sua cartella non temporanea e non sul desktop.
Lo useremo in un secondo momento. Wink
Top
Profilo Invia messaggio privato
luzzo80
Mortale devoto
Mortale devoto


Registrato: 09/07/07 19:10
Messaggi: 6
MessaggioInviato: 11 Lug 2007 19:33    Oggetto: Rispondi citando
ciao Bdoriano,
ringrazio in anticipo anche te per l'aiuto.
ho riavviato il modalità provvisoria e "fixato" la lista che mi avevi segnalato.
ti allego la nuova scansione con HiJack


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 19.28.37, on 11/07/2007
Platform: Windows XP (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\a-squared Anti-Malware\a2service.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\Mixer.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\Programmi\Comodo\Firewall\CPF.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\inf\OTHER\nets.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Creative\MediaSource5\MtdAcqu.exe
C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\LUCA\Desktop\HiJackThis_v2\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.vivanco.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: CATLEvents Object - {13589181-4F0D-4553-B9F8-B4B72172C139} - C:\DOCUME~1\LUCA\IMPOST~1\Temp\sten.dat
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [a-squared] "C:\Programmi\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programmi\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [*nets] C:\WINDOWS\inf\OTHER\nets.exe
O4 - HKLM\..\RunOnce: [*nets] C:\WINDOWS\inf\OTHER\nets.exe rerun
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MtdAcqu] "C:\Programmi\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.vivanco.com
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1148584080964
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {ADC3EA10-8A28-41A9-96B4-534ADFC3CA0A} (Configuratore Auto Control) - http://www.buy@fiat.com/components/ocx/autopricer/configuratoreauto.cab
O20 - Winlogon Notify: nets - C:\DOCUME~1\LUCA\IMPOST~1\Temp\sten.dat
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Malware\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Programmi\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: ASUS Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
O24 - Desktop Component 0: (no name) - http://www.batistuta.com/desktop/c_web.jpg

--
End of file - 7933 bytes


Grazie mille.
ciao
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 11 Lug 2007 22:07    Oggetto: Rispondi citando
Miseriaccia! Non mi ero accorto che era un'infezione di Vundo! Brick wall

Scarica VundoFix.exe sul desktop

- Esegui VundoFix.exe
- Clicca Scan for Vundo.
- al termine della scansione, clicca Remove Vundo.
- ti chiede se vuoi eliminare i files infetti, clicca YES
- il tuo video diventerà nero durante la rimozione di Vundo.
- al termine ti chiederà di riavviare il pc, clicca OK.
- Copia qui il contenuto del log C:\vundofix.txt e un nuovo log di hijackthis.

Nota: VundoFix potrebbe non riuscire ad eliminare qualche file. In questo caso, partirà automaticamente al riavvio del pc, ripeti le operazioni indicate sopra partendo da "Clicca Scan for Vundo" quando VundoFix apparirà al riavvio.

Per sicurezza, fai una passata anche con questo

Al termine rifai il log con hijackthis.
Top
Profilo Invia messaggio privato
luzzo80
Mortale devoto
Mortale devoto


Registrato: 09/07/07 19:10
Messaggi: 6
MessaggioInviato: 12 Lug 2007 19:17    Oggetto: Rispondi citando
ciao Bdoriano,
ti allego i nuovi "risultati"

VundoFix V6.5.4

Checking Java version...

Sun Java not detected
Scan started at 18.33.36 12/07/2007

Listing files found while scanning....

C:\DOCUME~1\LUCA\IMPOST~1\Temp\sten.dat

Beginning removal...

Attempting to delete C:\DOCUME~1\LUCA\IMPOST~1\Temp\sten.dat
C:\DOCUME~1\LUCA\IMPOST~1\Temp\sten.dat Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\DOCUME~1\LUCA\IMPOST~1\Temp\sten.dat
C:\DOCUME~1\LUCA\IMPOST~1\Temp\sten.dat Has been deleted!

Performing Repairs to the registry.
Done!



Logfile of HijackThis v1.99.1
Scan saved at 19.14.08, on 12/07/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\a-squared Anti-Malware\a2service.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\Mixer.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\Programmi\Comodo\Firewall\CPF.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\inf\OTHER\nets.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Creative\MediaSource5\MtdAcqu.exe
C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Programmi\Microsoft Office\Office10\WINWORD.EXE
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.vivanco.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: CATLEvents Object - {13589181-4F0D-4553-B9F8-B4B72172C139} - C:\DOCUME~1\LUCA\IMPOST~1\Temp\sten.dat
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [a-squared] "C:\Programmi\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programmi\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [*nets] C:\WINDOWS\inf\OTHER\nets.exe
O4 - HKLM\..\RunOnce: [*nets] C:\WINDOWS\inf\OTHER\nets.exe rerun
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MtdAcqu] "C:\Programmi\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.vivanco.com
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1148584080964
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {ADC3EA10-8A28-41A9-96B4-534ADFC3CA0A} (Configuratore Auto Control) - http://www.buy@fiat.com/components/ocx/autopricer/configuratoreauto.cab
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
O20 - Winlogon Notify: nets - C:\DOCUME~1\LUCA\IMPOST~1\Temp\sten.dat
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Malware\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Programmi\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: ASUS Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe


grazie per l'aiuto.
ciao
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 12 Lug 2007 20:07    Oggetto: Rispondi citando
Non se ne vuole andare! Evil or Very Mad

Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:
Citazione:
Files to delete:
C:\WINDOWS\inf\OTHER\nets.exe
C:\Documents and settings\LUCA\Impostazioni locali\Temp\sten.dat

Clicca su Done
Clicca sul semaforo
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato.

Ti consiglio anche una scansione on-line con Kaspersky, come indicato qui.
Top
Profilo Invia messaggio privato
luzzo80
Mortale devoto
Mortale devoto


Registrato: 09/07/07 19:10
Messaggi: 6
MessaggioInviato: 12 Lug 2007 21:54    Oggetto: Rispondi citando
Ciao Bdoriano,
ecco i nuovi risultati

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\rwgbgtqd

*******************

Script file located at: \??\C:\WINDOWS\System32\kvbmvbyr.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\inf\OTHER\nets.exe deleted successfully.
File C:\Documents and settings\LUCA\Impostazioni locali\Temp\sten.dat deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 13 Lug 2007 08:00    Oggetto: Rispondi citando
Appena hai finito la scansione con Kaspersky, scarica e installa il service pack 2 prima possibile, mi raccomando!!! Old
E posta anche il log aggiornato di hijackthis.
Top
Profilo Invia messaggio privato
luzzo80
Mortale devoto
Mortale devoto


Registrato: 09/07/07 19:10
Messaggi: 6
MessaggioInviato: 16 Lug 2007 08:07    Oggetto: Rispondi
ho un pò di problemi con il SP2.
stasera riprovo
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Pagina 1 di 1

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi