Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
mi aiutate se vi metto hijack?non mi si apre internet
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
lui80
Mortale pio
Mortale pio


Registrato: 23/08/06 23:29
Messaggi: 25

MessaggioInviato: 08 Dic 2007 11:37    Oggetto: mi aiutate se vi metto hijack?non mi si apre internet Rispondi citando

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10.00.00, on 08/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\MSN Messenger\livecall.exe
C:\Programmi\SiteAdvisor\6172\SiteAdv.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\SiteAdvisor\6172\SiteAdv.exe
C:\Programmi\SiteAdvisor\6172\SiteAdv.exe
C:\Programmi\SiteAdvisor\6172\SiteAdv.exe
C:\Programmi\SiteAdvisor\6172\SiteAdv.exe
C:\Programmi\SiteAdvisor\6172\SiteAdv.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\SiteAdvisor\6172\SiteAdv.exe
C:\Programmi\SiteAdvisor\6172\SiteAdv.exe
C:\Programmi\SiteAdvisor\6172\SiteAdv.exe
C:\Programmi\SiteAdvisor\6172\SiteAdv.exe
C:\Programmi\SiteAdvisor\6172\SiteAdv.exe
C:\Programmi\SiteAdvisor\6172\SiteAdv.exe
C:\Programmi\SiteAdvisor\6172\SiteAdv.exe
C:\Programmi\SiteAdvisor\6172\SiteAdv.exe
C:\Programmi\SiteAdvisor\6172\SiteAdv.exe
C:\Programmi\SiteAdvisor\6172\SiteAdv.exe
C:\Programmi\SiteAdvisor\6172\SiteAdv.exe
C:\Programmi\SiteAdvisor\6172\SiteAdv.exe
C:\Programmi\SiteAdvisor\6172\SiteAdv.exe
C:\Programmi\SiteAdvisor\6172\SiteAdv.exe
C:\Programmi\SiteAdvisor\6172\SiteAdv.exe
C:\Programmi\SiteAdvisor\6172\SiteAdv.exe
C:\Programmi\SiteAdvisor\6172\SiteAdv.exe
C:\Programmi\SiteAdvisor\6172\SiteAdv.exe
C:\Programmi\SiteAdvisor\6172\SiteAdv.exe
C:\Programmi\SiteAdvisor\6172\SiteAdv.exe
C:\Programmi\SiteAdvisor\6172\SiteAdv.exe
C:\Programmi\SiteAdvisor\6172\SiteAdv.exe
C:\Programmi\SiteAdvisor\6172\SiteAdv.exe
C:\Programmi\SiteAdvisor\6172\SiteAdv.exe
C:\Programmi\SiteAdvisor\6172\SiteAdv.exe
C:\Programmi\SiteAdvisor\6172\SiteAdv.exe
C:\Programmi\SiteAdvisor\6172\SiteAdv.exe
C:\Programmi\SiteAdvisor\6172\SiteAdv.exe
C:\Programmi\SiteAdvisor\6172\SiteAdv.exe
C:\Programmi\SiteAdvisor\6172\SiteAdv.exe
C:\Programmi\SiteAdvisor\6172\SiteAdv.exe
C:\Programmi\SiteAdvisor\6172\SiteAdv.exe
C:\Programmi\SiteAdvisor\6172\SiteAdv.exe
C:\Programmi\SiteAdvisor\6172\SiteAdv.exe
C:\Programmi\SiteAdvisor\6172\SiteAdv.exe
C:\Documents and Settings\utente\Desktop\antivirus\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programmi\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programmi\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programmi\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programmi\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O5 "LPT1:" /M "Stylus CX3600"
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copia 1)" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [Norman ZANDA] C:\VIRUSfighter\Bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [SiteAdvisor] C:\Programmi\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [EPSON Stylus CX3600 Series (Copia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copia 1)" /M "Stylus CX3600" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: *.doginhispen.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098952079015
O17 - HKLM\System\CCS\Services\Tcpip\..\{E198AAF2-3B7E-4423-82CD-AABA11D499F3}: NameServer = 193.12.150.2 212.247.152.2
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Servizio SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Programmi\SiteAdvisor\6172\SAService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/utente/IMPOST~1/Temp/msoclip1/01/clip_image002.jpg

--
End of file - 10673 bytes





Find AWF report by noahdfear ©2006
Version 1.40



bak folders found
~~~~~~~~~~~

Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 5CCC-F0A7

Directory di C:\VEXPLITE\BAK

01/11/2007 11.08 245.760 MONLITE.EXE
1 File 245.760 byte
2 Directory 46.075.863.040 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 5CCC-F0A7

Directory di C:\PROGRA~1\ITUNES\BAK

01/06/2007 15.51 257.088 iTunesHelper.exe
1 File 257.088 byte
2 Directory 46.075.863.040 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 5CCC-F0A7

Directory di C:\PROGRA~1\QUICKT~1\BAK

27/04/2007 08.41 282.624 qttask.exe
1 File 282.624 byte
2 Directory 46.075.858.944 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 5CCC-F0A7

Directory di C:\VIRUSF~1\BIN\BAK

25/05/2005 13.11 135.168 ZLH.EXE
1 File 135.168 byte
2 Directory 46.075.858.944 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 5CCC-F0A7

Directory di C:\WINDOWS\SYSTEM32\BAK

0 File 0 byte
2 Directory 46.075.858.944 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 5CCC-F0A7

Directory di C:\PROGRA~1\AHEAD\INCD\BAK

06/04/2004 18.36 1.298.542 InCD.exe
1 File 1.298.542 byte
2 Directory 46.075.858.944 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 5CCC-F0A7

Directory di C:\PROGRA~1\ALWILS~1\AVAST4\BAK

0 File 0 byte
2 Directory 46.075.858.944 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 5CCC-F0A7

Directory di C:\PROGRA~1\ATITEC~1\ATICON~1\BAK

25/08/2004 11.52 339.968 atiptaxx.exe
1 File 339.968 byte
2 Directory 46.075.858.944 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 5CCC-F0A7

Directory di C:\PROGRA~1\CYBERL~1\POWERDVD\BAK

08/12/2003 17.35 32.768 PDVDServ.exe
1 File 32.768 byte
2 Directory 46.075.858.944 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 5CCC-F0A7

Directory di C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK

27/07/2007 21.02 68.856 GoogleToolbarNotifier.exe
1 File 68.856 byte
2 Directory 46.075.858.944 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 5CCC-F0A7

Directory di C:\PROGRA~1\GRISOFT\AVGFRE~1\BAK

16/02/2007 09.58 411.648 avgcc.exe
1 File 411.648 byte
2 Directory 46.075.858.944 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 5CCC-F0A7

Directory di C:\PROGRA~1\NOKIA\NOKIAP~1\BAK

23/03/2004 12.20 147.968 TRAYAP~1.EXE
1 File 147.968 byte
2 Directory 46.075.854.848 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 5CCC-F0A7

Directory di C:\PROGRA~1\SITEAD~1\6172\BAK

03/02/2007 19.25 36.904 SiteAdv.exe
1 File 36.904 byte
2 Directory 46.075.854.848 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 5CCC-F0A7

Directory di C:\PROGRA~1\FILECO~1\PCSUITE\DATALA~1\BAK

06/05/2004 15.47 1.159.168 DATALA~1.EXE
1 File 1.159.168 byte
2 Directory 46.075.854.848 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 5CCC-F0A7

Directory di C:\PROGRA~1\FILECO~1\REAL\UPDATE~1\BAK

05/02/2006 12.30 180.269 realsched.exe
1 File 180.269 byte
2 Directory 46.075.854.848 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 5CCC-F0A7

Directory di C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

04/03/2004 04.00 98.304 E_FATI9BE.EXE
1 File 98.304 byte
2 Directory 46.075.854.848 byte disponibili


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

26636 30 Nov 2007 "C:\VEXPLITE\MONLITE.EXE"
245760 1 Nov 2007 "C:\VEXPLITE\bak\MONLITE.EXE"
26636 30 Nov 2007 "C:\Programmi\iTunes\iTunesHelper.exe"
257088 1 Jun 2007 "C:\Programmi\iTunes\bak\iTunesHelper.exe"
102400 24 Jun 2007 "C:\WINDOWS\Installer\{553E56C3-7AA1-45FE-A2FC-2C43DC27F765}\iTunesIco.exe"
116288 1 Jun 2007 "C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 7.2.0.35\iTunesSetupAdmin.exe"
26636 30 Nov 2007 "C:\Programmi\QuickTime\qttask.exe"
282624 27 Apr 2007 "C:\Programmi\QuickTime\bak\qttask.exe"
26636 30 Nov 2007 "C:\VIRUSfighter\Bin\ZLH.EXE"
135168 25 May 2005 "C:\VIRUSfighter\Bin\bak\ZLH.EXE"
26636 30 Nov 2007 "C:\Programmi\Ahead\InCD\InCD.exe"
1298542 6 Apr 2004 "C:\Programmi\Ahead\InCD\bak\InCD.exe"
26636 30 Nov 2007 "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"
339968 25 Aug 2004 "C:\Programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
26636 30 Nov 2007 "C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
32768 8 Dec 2003 "C:\Programmi\CyberLink DVD Solution\PowerDVD\bak\PDVDServ.exe"
52272 16 Feb 2007 "C:\Programmi\Google\googletoolbar2user.exe"
26636 30 Nov 2007 "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
69632 29 Mar 2007 "C:\Programmi\Google\Google Earth\googleearth.exe"
892496 14 Feb 2007 "C:\Documents and Settings\utente\Desktop\Marco\GoogleToolbarInstaller.exe"
608936 5 Feb 2006 "C:\Programmi\File comuni\Real\GToolbar\GoogleToolbarInstaller.exe"
138168 16 Feb 2007 "C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe"
68856 27 Jul 2007 "C:\Programmi\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
26636 30 Nov 2007 "C:\Programmi\Grisoft\AVG Free\avgcc.exe"
416256 6 Sep 2007 "C:\Documents and Settings\Guest\Desktop\AVG7\avgcc.exe"
411648 16 Feb 2007 "C:\Programmi\Grisoft\AVG Free\bak\avgcc.exe"
26636 30 Nov 2007 "C:\Programmi\Nokia\Nokia PC Suite 6\TrayApplication.exe"
147968 23 Mar 2004 "C:\Programmi\Nokia\Nokia PC Suite 6\bak\TRAYAP~1.EXE"
26636 30 Nov 2007 "C:\Programmi\SiteAdvisor\6172\SiteAdv.exe"
36904 3 Feb 2007 "C:\Programmi\SiteAdvisor\6172\bak\SiteAdv.exe"
26636 30 Nov 2007 "C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe"
1159168 6 May 2004 "C:\Programmi\File comuni\PCSuite\DataLayer\bak\DATALA~1.EXE"
26636 30 Nov 2007 "C:\Programmi\File comuni\Real\Update_OB\realsched.exe"
180269 5 Feb 2006 "C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe"
26636 30 Nov 2007 "C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9BE.EXE"
98304 4 Mar 2004 "C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx360043de\E_FATI9BE.EXE"
98304 4 Mar 2004 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\E_FATI9BE.EXE"


end of report
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...

MessaggioInviato: 08 Dic 2007 12:37    Oggetto: Rispondi citando

Sembrerebbe una nuova variante di Instant Access. Think

Scarica avenger e scompattalo in una sua cartella non temporanea e non sul desktop

Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:
Citazione:
Files to delete:
C:\VEXPLITE\MONLITE.EXE
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\VIRUSfighter\Bin\ZLH.EXE
C:\Programmi\Ahead\InCD\InCD.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Grisoft\AVG Free\avgcc.exe
C:\Programmi\Nokia\Nokia PC Suite 6\TrayApplication.exe
C:\Programmi\SiteAdvisor\6172\SiteAdv.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9BE.EXE

Files to move:
C:\VEXPLITE\bak\MONLITE.EXE | C:\VEXPLITE\MONLITE.EXE
C:\Programmi\iTunes\bak\iTunesHelper.exe | C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\bak\qttask.exe | C:\Programmi\QuickTime\qttask.exe
C:\VIRUSfighter\Bin\bak\ZLH.EXE | C:\VIRUSfighter\Bin\ZLH.EXE
C:\Programmi\Ahead\InCD\bak\InCD.exe | C:\Programmi\Ahead\InCD\InCD.exe
C:\Programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe | C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe | C:\Programmi\CyberLink DVD Solution\PowerDVD\bak\PDVDServ.exe
C:\Programmi\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe | C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Grisoft\AVG Free\bak\avgcc.exe | C:\Programmi\Grisoft\AVG Free\avgcc.exe
C:\Programmi\Nokia\Nokia PC Suite 6\bak\TRAYAP~1.EXE | C:\Programmi\Nokia\Nokia PC Suite 6\TrayApplication.exe
C:\Programmi\SiteAdvisor\6172\bak\SiteAdv.exe | C:\Programmi\SiteAdvisor\6172\SiteAdv.exe
C:\Programmi\File comuni\PCSuite\DataLayer\bak\DATALA~1.EXE | C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe | C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\E_FATI9BE.EXE | C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9BE.EXE

Clicca su Done
Clicca sul semaforo
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato con un log aggiornato di hijackthis.
Top
Profilo Invia messaggio privato
lui80
Mortale pio
Mortale pio


Registrato: 23/08/06 23:29
Messaggi: 25

MessaggioInviato: 08 Dic 2007 15:38    Oggetto: Rispondi citando

ora internet va..ma l'icona avg non appare

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\avfkpppy

*******************

Script file located at: \??\C:\Documents and Settings\dhlwrsgp.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\VEXPLITE\MONLITE.EXE deleted successfully.
File C:\Programmi\iTunes\iTunesHelper.exe deleted successfully.
File C:\Programmi\QuickTime\qttask.exe deleted successfully.
File C:\VIRUSfighter\Bin\ZLH.EXE deleted successfully.
File C:\Programmi\Ahead\InCD\InCD.exe deleted successfully.
File C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe deleted successfully.
File C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe deleted successfully.
File C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe deleted successfully.
File C:\Programmi\Grisoft\AVG Free\avgcc.exe deleted successfully.
File C:\Programmi\Nokia\Nokia PC Suite 6\TrayApplication.exe deleted successfully.
File C:\Programmi\SiteAdvisor\6172\SiteAdv.exe deleted successfully.
File C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe deleted successfully.
File C:\Programmi\File comuni\Real\Update_OB\realsched.exe deleted successfully.
File C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9BE.EXE deleted successfully.
File move operation C:\VEXPLITE\bak\MONLITE.EXE|C:\VEXPLITE\MONLITE.EXE completed successfully.
File move operation C:\Programmi\iTunes\bak\iTunesHelper.exe|C:\Programmi\iTunes\iTunesHelper.exe completed successfully.
File move operation C:\Programmi\QuickTime\bak\qttask.exe|C:\Programmi\QuickTime\qttask.exe completed successfully.
File move operation C:\VIRUSfighter\Bin\bak\ZLH.EXE|C:\VIRUSfighter\Bin\ZLH.EXE completed successfully.
File move operation C:\Programmi\Ahead\InCD\bak\InCD.exe|C:\Programmi\Ahead\InCD\InCD.exe completed successfully.
File move operation C:\Programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe|C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe completed successfully.


File C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe not found!
File move operation C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe|C:\Programmi\CyberLink DVD Solution\PowerDVD\bak\PDVDServ.exe failed!

Could not process line:
C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe|C:\Programmi\CyberLink DVD Solution\PowerDVD\bak\PDVDServ.exe
Status: 0xc0000034

File move operation C:\Programmi\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe|C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe completed successfully.
File move operation C:\Programmi\Grisoft\AVG Free\bak\avgcc.exe|C:\Programmi\Grisoft\AVG Free\avgcc.exe completed successfully.
File move operation C:\Programmi\Nokia\Nokia PC Suite 6\bak\TRAYAP~1.EXE|C:\Programmi\Nokia\Nokia PC Suite 6\TrayApplication.exe completed successfully.
File move operation C:\Programmi\SiteAdvisor\6172\bak\SiteAdv.exe|C:\Programmi\SiteAdvisor\6172\SiteAdv.exe completed successfully.
File move operation C:\Programmi\File comuni\PCSuite\DataLayer\bak\DATALA~1.EXE|C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe completed successfully.
File move operation C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe|C:\Programmi\File comuni\Real\Update_OB\realsched.exe completed successfully.
File move operation C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\E_FATI9BE.EXE|C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9BE.EXE completed successfully.

Completed script processing.

*******************

Finished! Terminate.



Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14.38.28, on 08/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\VIRUSfighter\Bin\ZLH.EXE
C:\Programmi\SiteAdvisor\6172\SiteAdv.exe
C:\Programmi\SiteAdvisor\6172\SAService.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\VEXPLITE\MONLITE.EXE
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\utente\Desktop\antivirus\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programmi\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programmi\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programmi\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programmi\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O5 "LPT1:" /M "Stylus CX3600"
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copia 1)" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [Norman ZANDA] C:\VIRUSfighter\Bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [SiteAdvisor] C:\Programmi\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [EPSON Stylus CX3600 Series (Copia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copia 1)" /M "Stylus CX3600" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: *.doginhispen.com
O15 - Trusted Zone: *.skitodayplease.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098952079015
O17 - HKLM\System\CCS\Services\Tcpip\..\{E198AAF2-3B7E-4423-82CD-AABA11D499F3}: NameServer = 193.12.150.2 212.247.152.2
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Servizio SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Programmi\SiteAdvisor\6172\SAService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/utente/IMPOST~1/Temp/msoclip1/01/clip_image002.jpg

--
End of file - 9309 bytes
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...

MessaggioInviato: 08 Dic 2007 16:20    Oggetto: Rispondi citando

Dunque, a parte un mio errore nello script, dovremmo essere riusciti a eliminare Instant Access.

Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:
Citazione:
Files to move:
C:\Programmi\CyberLink DVD Solution\PowerDVD\bak\PDVDServ.exe | C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

Clicca su Done
Clicca sul semaforo
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato.

Poi, fai questi passaggi:
  1. Disabilita il ripristino di sistema
  2. Scarica ATF-Cleaner.
    Avvia ATF-Cleaner (serve a eliminare i files temporanei)
    Metti il segno di spunta a Select All
    (se vuoi conservare i files del cestino, togli il segno di spunta a Recycle bin)
    Clicca su Empty selected
  3. Ho visto che hai VirIT installato. Fai una scansione completa con VirIT e posta qui il log
  4. Scarica drWeb CureIt e fagli fare una scansione completa dalla modalità provvisoria.
  5. Riavvia il pc in modalità normale
  6. fai queste Scansioni con GMER e posta i logs su FreeFileHosting come indicato qui.
Top
Profilo Invia messaggio privato
lui80
Mortale pio
Mortale pio


Registrato: 23/08/06 23:29
Messaggi: 25

MessaggioInviato: 08 Dic 2007 17:27    Oggetto: Rispondi citando

avenger al riavvio:


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\dpieuysi

*******************

Script file located at: vtxggcyi

Could not open script file! Error

Could not open script file! Status: 0xc000003b Abort!



VIRIT A METà SI BLOCCA MA NON AVEVA TROVATO NULLA FINO AD ALLORA. POI ATF MI HA CANCELLATO 50 MB MA ANCORA AVG QUANDO AVVIO HA LE ICONE NON UTILIZZABILI (BIANCHE E BLU)


ORA FACCIO DRWEB E GMER (DRWEB MI STA SEGNALANDO UN WIN WORM IN HJIACJTHIS E UN TOOL PROCKILL IN VIRIT)
Top
Profilo Invia messaggio privato
lui80
Mortale pio
Mortale pio


Registrato: 23/08/06 23:29
Messaggi: 25

MessaggioInviato: 08 Dic 2007 18:05    Oggetto: Rispondi citando

GMER 1.0.12.12027 - http://www.gmer.net
Rootkit scan 2007-12-08 17:01:36
Windows 5.1.2600 Service Pack 2


edit by bdoriano:
log eliminato perché incompleto.
I logs vanno caricati su freefilehosting.
Grazie per la collaborazione.
Top
Profilo Invia messaggio privato
lui80
Mortale pio
Mortale pio


Registrato: 23/08/06 23:29
Messaggi: 25

MessaggioInviato: 22 Dic 2007 11:46    Oggetto: per piacere Rispondi citando

qualcuno mi aiuta prechè non mi si apre avg all'avvio????

grazie
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...

MessaggioInviato: 22 Dic 2007 13:27    Oggetto: Rispondi citando

Per poterti aiutare abbiamo bisogno di maggiori informazioni, perciò mi ripeto:
bdoriano ha scritto:
Fai queste Scansioni con GMER e posta i logs su FreeFileHosting come indicato qui.
Top
Profilo Invia messaggio privato
lui80
Mortale pio
Mortale pio


Registrato: 23/08/06 23:29
Messaggi: 25

MessaggioInviato: 23 Dic 2007 17:48    Oggetto: ecco fatto Rispondi citando

http://www.freefilehosting.net/download/39dcc

e grazie!!!!!!!!!
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...

MessaggioInviato: 23 Dic 2007 18:25    Oggetto: Rispondi citando

La versione di Gmer che hai utilizzato è "vecchiotta".

Utilizziamo i mezzi pesanti: fai questa scansione con SystemScan e posta il log su FreeFileHosting come indicato qui.
Top
Profilo Invia messaggio privato
lui80
Mortale pio
Mortale pio


Registrato: 23/08/06 23:29
Messaggi: 25

MessaggioInviato: 24 Dic 2007 13:47    Oggetto: fatto Rispondi citando

http://www.freefilehosting.net/download/39e6k
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...

MessaggioInviato: 27 Dic 2007 15:36    Oggetto: Rispondi citando

Scarica avenger e scompattalo in una sua cartella non temporanea e non sul desktop

Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:
Citazione:
files to delete:
C:\WINDOWS\Tasks\zxh.job
C:\WINDOWS\Tasks\ywizsawh.job
C:\WINDOWS\Tasks\zzblygz.job
C:\WINDOWS\Tasks\yvv.job
C:\WINDOWS\Tasks\zahtjte.job
C:\WINDOWS\Tasks\zudazg.job
C:\WINDOWS\Tasks\zldr.job
C:\WINDOWS\Tasks\zkn.job
C:\WINDOWS\Tasks\zbljwh.job
C:\WINDOWS\Tasks\zirj.job
C:\WINDOWS\Tasks\wpkkty.job
C:\WINDOWS\Tasks\wraattu.job
C:\WINDOWS\Tasks\vvgscdc.job
C:\WINDOWS\Tasks\vtp.job
C:\WINDOWS\Tasks\wjxwp.job
C:\WINDOWS\Tasks\wgzw.job
C:\WINDOWS\Tasks\wvkof.job
C:\WINDOWS\Tasks\ylul.job
C:\WINDOWS\Tasks\ymouzmdh.job
C:\WINDOWS\Tasks\yru.job
C:\WINDOWS\Tasks\wvwq.job
C:\WINDOWS\Tasks\xim.job
C:\WINDOWS\Tasks\xseju.job
C:\WINDOWS\Tasks\tyc.job
C:\WINDOWS\Tasks\twzcq.job
C:\WINDOWS\Tasks\twftavra.job
C:\WINDOWS\Tasks\vnizm.job
C:\WINDOWS\Tasks\vkw.job
C:\WINDOWS\Tasks\uahvtdm.job
C:\WINDOWS\Tasks\tajpnlc.job
C:\WINDOWS\Tasks\tbj.job
C:\WINDOWS\Tasks\rjce.job
C:\WINDOWS\Tasks\rvazkoz.job
C:\WINDOWS\Tasks\ttjhmro.job
C:\WINDOWS\Tasks\tvfosvgq.job
C:\WINDOWS\Tasks\tsubqqy.job
C:\WINDOWS\Tasks\tszntnj.job
C:\WINDOWS\Tasks\ptukklt.job
C:\WINDOWS\Tasks\okqj.job
C:\WINDOWS\Tasks\nzmpcxy.job
C:\WINDOWS\Tasks\pxct.job
C:\WINDOWS\Tasks\rclgwomq.job
C:\WINDOWS\Tasks\qucpg.job
C:\WINDOWS\Tasks\qsblwukk.job
C:\WINDOWS\Tasks\nsmr.job
C:\WINDOWS\Tasks\kiqxf.job
C:\WINDOWS\Tasks\kopnx.job
C:\WINDOWS\Tasks\kthrw.job
C:\WINDOWS\Tasks\jtfgoa.job
C:\WINDOWS\Tasks\ivlrxxps.job
C:\WINDOWS\Tasks\jlgmklt.job
C:\WINDOWS\Tasks\jms.job
C:\WINDOWS\Tasks\ngkagrlo.job
C:\WINDOWS\Tasks\mizwdi.job
C:\WINDOWS\Tasks\nmalzj.job
C:\WINDOWS\Tasks\nkh.job
C:\WINDOWS\Tasks\lbdfblep.job
C:\WINDOWS\Tasks\kvz.job
C:\WINDOWS\Tasks\lrovxsf.job
C:\WINDOWS\Tasks\gkjam.job
C:\WINDOWS\Tasks\ftx.job
C:\WINDOWS\Tasks\gxker.job
C:\WINDOWS\Tasks\hsaeuxrh.job
C:\WINDOWS\Tasks\hlwzdt.job
C:\WINDOWS\Tasks\dpand.job
C:\WINDOWS\Tasks\dnvvuz.job
C:\WINDOWS\Tasks\dqsvjut.job
C:\WINDOWS\Tasks\fjka.job
C:\WINDOWS\Tasks\ennr.job
C:\WINDOWS\Tasks\ioles.job
C:\WINDOWS\Tasks\ins.job
C:\WINDOWS\Tasks\irgchwr.job
C:\WINDOWS\Tasks\iqekyysu.job
C:\WINDOWS\Tasks\iimh.job
C:\WINDOWS\Tasks\hzbtfdvx.job
C:\WINDOWS\Tasks\hvlq.job
C:\WINDOWS\Tasks\iibr.job
C:\WINDOWS\Tasks\iemeaky.job
C:\WINDOWS\Tasks\dmgfjes.job
C:\WINDOWS\Tasks\dkxw.job
C:\WINDOWS\Tasks\deds.job
C:\WINDOWS\Tasks\dmnxm.job
C:\WINDOWS\Tasks\bqinsb.job
C:\WINDOWS\Tasks\byoowl.job
C:\WINDOWS\Tasks\akzq.job
C:\WINDOWS\Tasks\azjl.job
C:\WINDOWS\Tasks\caewecv.job
C:\WINDOWS\Tasks\chcgduxz.job
C:\WINDOWS\Tasks\cebuzh.job
C:\WINDOWS\Tasks\agny.job

Clicca su Done
Clicca sul semaforo
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato con un log aggiornato di hijackthis.

Scarica SmitFraudFix! e salvalo sul desktop.
Avvialo
Premi 1 e poi Invio
Posta qui il log (c:\rapport.txt)

Dopo, collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato.
Top
Profilo Invia messaggio privato
lui80
Mortale pio
Mortale pio


Registrato: 23/08/06 23:29
Messaggi: 25

MessaggioInviato: 27 Dic 2007 21:25    Oggetto: ecco Rispondi citando

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\hksnvxtv

*******************

Script file located at: \??\C:\WINDOWS\whjxtdjl.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\Tasks\zxh.job deleted successfully.
File C:\WINDOWS\Tasks\ywizsawh.job deleted successfully.
File C:\WINDOWS\Tasks\zzblygz.job deleted successfully.
File C:\WINDOWS\Tasks\yvv.job deleted successfully.
File C:\WINDOWS\Tasks\zahtjte.job deleted successfully.
File C:\WINDOWS\Tasks\zudazg.job deleted successfully.
File C:\WINDOWS\Tasks\zldr.job deleted successfully.
File C:\WINDOWS\Tasks\zkn.job deleted successfully.
File C:\WINDOWS\Tasks\zbljwh.job deleted successfully.
File C:\WINDOWS\Tasks\zirj.job deleted successfully.
File C:\WINDOWS\Tasks\wpkkty.job deleted successfully.
File C:\WINDOWS\Tasks\wraattu.job deleted successfully.
File C:\WINDOWS\Tasks\vvgscdc.job deleted successfully.
File C:\WINDOWS\Tasks\vtp.job deleted successfully.
File C:\WINDOWS\Tasks\wjxwp.job deleted successfully.
File C:\WINDOWS\Tasks\wgzw.job deleted successfully.
File C:\WINDOWS\Tasks\wvkof.job deleted successfully.
File C:\WINDOWS\Tasks\ylul.job deleted successfully.
File C:\WINDOWS\Tasks\ymouzmdh.job deleted successfully.
File C:\WINDOWS\Tasks\yru.job deleted successfully.
File C:\WINDOWS\Tasks\wvwq.job deleted successfully.
File C:\WINDOWS\Tasks\xim.job deleted successfully.
File C:\WINDOWS\Tasks\xseju.job deleted successfully.
File C:\WINDOWS\Tasks\tyc.job deleted successfully.
File C:\WINDOWS\Tasks\twzcq.job deleted successfully.
File C:\WINDOWS\Tasks\twftavra.job deleted successfully.
File C:\WINDOWS\Tasks\vnizm.job deleted successfully.
File C:\WINDOWS\Tasks\vkw.job deleted successfully.
File C:\WINDOWS\Tasks\uahvtdm.job deleted successfully.
File C:\WINDOWS\Tasks\tajpnlc.job deleted successfully.
File C:\WINDOWS\Tasks\tbj.job deleted successfully.
File C:\WINDOWS\Tasks\rjce.job deleted successfully.
File C:\WINDOWS\Tasks\rvazkoz.job deleted successfully.
File C:\WINDOWS\Tasks\ttjhmro.job deleted successfully.
File C:\WINDOWS\Tasks\tvfosvgq.job deleted successfully.
File C:\WINDOWS\Tasks\tsubqqy.job deleted successfully.
File C:\WINDOWS\Tasks\tszntnj.job deleted successfully.
File C:\WINDOWS\Tasks\ptukklt.job deleted successfully.
File C:\WINDOWS\Tasks\okqj.job deleted successfully.
File C:\WINDOWS\Tasks\nzmpcxy.job deleted successfully.
File C:\WINDOWS\Tasks\pxct.job deleted successfully.
File C:\WINDOWS\Tasks\rclgwomq.job deleted successfully.
File C:\WINDOWS\Tasks\qucpg.job deleted successfully.
File C:\WINDOWS\Tasks\qsblwukk.job deleted successfully.
File C:\WINDOWS\Tasks\nsmr.job deleted successfully.
File C:\WINDOWS\Tasks\kiqxf.job deleted successfully.
File C:\WINDOWS\Tasks\kopnx.job deleted successfully.
File C:\WINDOWS\Tasks\kthrw.job deleted successfully.
File C:\WINDOWS\Tasks\jtfgoa.job deleted successfully.
File C:\WINDOWS\Tasks\ivlrxxps.job deleted successfully.
File C:\WINDOWS\Tasks\jlgmklt.job deleted successfully.
File C:\WINDOWS\Tasks\jms.job deleted successfully.
File C:\WINDOWS\Tasks\ngkagrlo.job deleted successfully.
File C:\WINDOWS\Tasks\mizwdi.job deleted successfully.
File C:\WINDOWS\Tasks\nmalzj.job deleted successfully.
File C:\WINDOWS\Tasks\nkh.job deleted successfully.
File C:\WINDOWS\Tasks\lbdfblep.job deleted successfully.
File C:\WINDOWS\Tasks\kvz.job deleted successfully.
File C:\WINDOWS\Tasks\lrovxsf.job deleted successfully.
File C:\WINDOWS\Tasks\gkjam.job deleted successfully.
File C:\WINDOWS\Tasks\ftx.job deleted successfully.
File C:\WINDOWS\Tasks\gxker.job deleted successfully.
File C:\WINDOWS\Tasks\hsaeuxrh.job deleted successfully.
File C:\WINDOWS\Tasks\hlwzdt.job deleted successfully.
File C:\WINDOWS\Tasks\dpand.job deleted successfully.
File C:\WINDOWS\Tasks\dnvvuz.job deleted successfully.
File C:\WINDOWS\Tasks\dqsvjut.job deleted successfully.
File C:\WINDOWS\Tasks\fjka.job deleted successfully.
File C:\WINDOWS\Tasks\ennr.job deleted successfully.
File C:\WINDOWS\Tasks\ioles.job deleted successfully.
File C:\WINDOWS\Tasks\ins.job deleted successfully.
File C:\WINDOWS\Tasks\irgchwr.job deleted successfully.
File C:\WINDOWS\Tasks\iqekyysu.job deleted successfully.
File C:\WINDOWS\Tasks\iimh.job deleted successfully.
File C:\WINDOWS\Tasks\hzbtfdvx.job deleted successfully.
File C:\WINDOWS\Tasks\hvlq.job deleted successfully.
File C:\WINDOWS\Tasks\iibr.job deleted successfully.
File C:\WINDOWS\Tasks\iemeaky.job deleted successfully.
File C:\WINDOWS\Tasks\dmgfjes.job deleted successfully.
File C:\WINDOWS\Tasks\dkxw.job deleted successfully.
File C:\WINDOWS\Tasks\deds.job deleted successfully.
File C:\WINDOWS\Tasks\dmnxm.job deleted successfully.
File C:\WINDOWS\Tasks\bqinsb.job deleted successfully.
File C:\WINDOWS\Tasks\byoowl.job deleted successfully.
File C:\WINDOWS\Tasks\akzq.job deleted successfully.
File C:\WINDOWS\Tasks\azjl.job deleted successfully.
File C:\WINDOWS\Tasks\caewecv.job deleted successfully.
File C:\WINDOWS\Tasks\chcgduxz.job deleted successfully.
File C:\WINDOWS\Tasks\cebuzh.job deleted successfully.
File C:\WINDOWS\Tasks\agny.job deleted successfully.

Completed script processing.

*******************

Finished! Terminate.



Logfile of HijackThis v1.99.1
Scan saved at 20.18.47, on 27/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\VIRUSfighter\Bin\ZLH.EXE
C:\Programmi\SiteAdvisor\6253\SiteAdv.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Creative\Shared Files\CamTray.exe
C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\utente\Desktop\antivirus\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programmi\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programmi\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programmi\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programmi\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O5 "LPT1:" /M "Stylus CX3600"
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copia 1)" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [Norman ZANDA] C:\VIRUSfighter\Bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [SiteAdvisor] C:\Programmi\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: *.doginhispen.com
O15 - Trusted Zone: *.skitodayplease.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098952079015
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E198AAF2-3B7E-4423-82CD-AABA11D499F3}: NameServer = 193.12.150.2 212.247.152.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Programmi\SiteAdvisor\6253\SiteAdv.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Servizio SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Programmi\SiteAdvisor\6253\SAService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
Top
Profilo Invia messaggio privato
lui80
Mortale pio
Mortale pio


Registrato: 23/08/06 23:29
Messaggi: 25

MessaggioInviato: 27 Dic 2007 21:26    Oggetto: ecco ancora Rispondi citando

SmitFraudFix v2.274

Scan done at 20.25.01,54, 27/12/2007
Run from C:\Documents and Settings\utente\Desktop\antivirus\SmitfraudFix
OS: Microsoft Windows XP [Versione 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Programmi\SiteAdvisor\6253\SiteAdv.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Creative\Shared Files\CamTray.exe
C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\utente


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\utente\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\utente\PREFER~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Programmi


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:/DOCUME~1/utente/IMPOST~1/Temp/msoclip1/01/clip_image002.jpg"
"SubscribedURL"="file:///C:/DOCUME~1/utente/IMPOST~1/Temp/msoclip1/01/clip_image002.jpg"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Pagina iniziale corrente"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 193.12.150.2
DNS Server Search Order: 212.247.152.2

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E198AAF2-3B7E-4423-82CD-AABA11D499F3}: NameServer=193.12.150.2 212.247.152.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FABBC955-A858-4F44-B7B3-2F1931880BCA}: NameServer=212.216.112.112,212.216.172.62
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E198AAF2-3B7E-4423-82CD-AABA11D499F3}: NameServer=193.12.150.2 212.247.152.2


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...

MessaggioInviato: 28 Dic 2007 00:19    Oggetto: Rispondi citando

Disabilita il ripristino di sistema e avvia il pc in modalità provvisoria
esegui hijackthis
clicca su do a system scan only
metti il segno di spunta a queste voci:
Citazione:
O15 - Trusted Zone: *.doginhispen.com
O15 - Trusted Zone: *.skitodayplease.com

clicca fix checked
Riavvia il pc in modalità normale, rifai il log di hijackthis e postalo.

Per sicurezza, scarica DelDomains sul desktop (clic con destro sul link e scegli Salva con nome), poi clic con destro sul file e seleziona Installa.
Top
Profilo Invia messaggio privato
lui80
Mortale pio
Mortale pio


Registrato: 23/08/06 23:29
Messaggi: 25

MessaggioInviato: 28 Dic 2007 11:45    Oggetto: Rispondi citando

Grazie, sei molto disponibile!

Però hijack non mi trova queste voci, quindi non posso eliminarle: O15 - Trusted Zone: *.doginhispen.com
O15 - Trusted Zone: *.skitodayplease.com

Che faccio?

Ho installato DEl Domains intanto
Top
Profilo Invia messaggio privato
lui80
Mortale pio
Mortale pio


Registrato: 23/08/06 23:29
Messaggi: 25

MessaggioInviato: 29 Dic 2007 19:39    Oggetto: Rispondi citando

che faccio?
Top
Profilo Invia messaggio privato
lui80
Mortale pio
Mortale pio


Registrato: 23/08/06 23:29
Messaggi: 25

MessaggioInviato: 30 Dic 2007 20:25    Oggetto: Rispondi citando

qualcuno può aiutarmi??
Top
Profilo Invia messaggio privato
Orange
Dio maturo
Dio maturo


Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma

MessaggioInviato: 31 Dic 2007 00:02    Oggetto: Rispondi citando

lui80 ha scritto:
Ho installato DEl Domains intanto

ora che hai installato DelDomains, quelle voci dovrebbero essere state eliminate. Poi postare il log aggiornato di HJT?
Top
Profilo Invia messaggio privato
lui80
Mortale pio
Mortale pio


Registrato: 23/08/06 23:29
Messaggi: 25

MessaggioInviato: 31 Dic 2007 14:54    Oggetto: Rispondi

infatti quelle voci non ci sono +, non le trovo in hjack..ma il rpoblema è che ancora quando avvio mi dice che avg non può essere caricato..

c'è qualcosa che mi blocca questo avg ma non trovo, uff
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Vai a 1, 2  Successivo
Pagina 1 di 2

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi