Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
problemi con temp 2
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
m4rc0h
Mortale adepto
Mortale adepto


Registrato: 27/09/07 09:20
Messaggi: 37
Residenza: Molfetta (Ba)
MessaggioInviato: 09 Gen 2008 22:36    Oggetto: problemi con temp 2 Rispondi citando
all avvio del pc compare un errore riguardante temp.2 ecco l'HJT
vi ringrazio aspetto una risposta.(ps attualmente non posseggo piu internet sul mio pc ) marco



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.45.55, on 03/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Hercules\Audio\Gamesurround Fortissimo III\ForceUpdate.exe
C:\Program Files\webHancer\Programs\whAgent.exe
C:\Program Files\webHancer\Programs\whSurvey.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\temp1.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Creative\SBAudigy\Taskbar\CTLTask.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Programmi\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Programmi\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\WINDOWS\twain_32\S6U12BX\WATCH.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Documents and Settings\Proprietario\Desktop\M4Rc0\X RIPARARE PC\HiJackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe
O2 - BHO: CvgraphObj Object - {12355F3E-90C3-41AA-8705-15969AF7F210} - C:\WINDOWS\vgraph.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programmi\NewDotNet\newdotnet7_22.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Programmi\Need2Find\bar\1.bin\ND2FNBAR.DLL
O2 - BHO: SafeGuard Protect PCShield - {564FFB73-9EEF-4969-92FA-5FC4A92E2C2A} - C:\WINDOWS\system32\sfg.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Programmi\RXToolBar\sfcont.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Gtwatch] C:\WINDOWS\gtwatch.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HFUpdate] C:\Programmi\Hercules\Audio\Gamesurround Fortissimo III\ForceUpdate.exe -v4089 -pC:\Programmi\Hercules\Audio\Gamesurround Fortissimo III\wdmaherc.inf
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [StartFoxie] C:\Programmi\Foxie Suite\StartFoxie.exe
O4 - HKLM\..\Run: [KazaaBooster] C:\Programmi\Kazaa FasterDownload\KazaaFasterDownload.exe
O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\system32\sfg.dll"
O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\Proprietario\Dati applicazioni\sgrunt\IE4321.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Taskbar] C:\Programmi\Creative\SBAudigy\Taskbar\CTLTask.exe
O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\system32\sfg.dll"
O4 - HKCU\..\Run: [Kazaa All-In-One] C:\Programmi\Kazaa-All-in-One\Kazaa-All-in-One.exe
O4 - HKCU\..\Run: [tbon] C:\Programmi\TBONBin\tbon.exe /r
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RTCTest.lnk = C:\Programmi\msi\Doctor Y2K\RTCTest.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: LG SyncManager.lnk = C:\Programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Ulead Photo Express SE Calendar Checker.lnk = C:\Programmi\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\S6U12BX\WATCH.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by WebHancer
O15 - Trusted Zone: *.3
O15 - Trusted Zone: www.linkautomatici.com
O15 - Trusted Zone: www.sgrunt.biz
O16 - DPF: {1F831FA9-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Programmi\AutoCAD 2002 Ita\InstFred.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Controllo AcDc oggi) - file://C:\Programmi\AutoCAD 2002 Ita\AcDcToday.ocx
O16 - DPF: {AE563729-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programmi\AutoCAD 2002 Ita\InstBanr.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/download/2006/cabs/ErrorSafeFreeInstall_it.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Controllo AcPreview) - file://C:\Programmi\AutoCAD 2002 Ita\AcPreview.ocx
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Programmi\RXToolBar\sfcont.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 10141 bytes
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 10 Gen 2008 00:04    Oggetto: Rispondi citando
Ciao m4rc0h, Ciao

Di infezioni ne hai davvero parecchie. Shocked


PS: se vuoi, puoi presentarti qui
Top
Profilo Invia messaggio privato
m4rc0h
Mortale adepto
Mortale adepto


Registrato: 27/09/07 09:20
Messaggi: 37
Residenza: Molfetta (Ba)
MessaggioInviato: 12 Gen 2008 13:01    Oggetto: Rispondi citando
ciao bdoriano,

* ecco il rapport.txt
SmitFraudFix v2.274

Scan done at 20.11.43,90, 11/01/2008
Run from C:\Documents and Settings\Proprietario\Desktop\MARCO\SmitfraudFix
OS: Microsoft Windows XP [Versione 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End



** ecco l HJT dopo il Smitfraudix

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.25.16, on 11/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Hercules\Audio\Gamesurround Fortissimo III\ForceUpdate.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Program Files\webHancer\Programs\whAgent.exe
C:\Program Files\webHancer\Programs\whSurvey.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Creative\SBAudigy\Taskbar\CTLTask.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe
C:\Programmi\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Programmi\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Programmi\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\WINDOWS\twain_32\S6U12BX\WATCH.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Proprietario\Desktop\M4Rc0\X RIPARARE PC\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: CvgraphObj Object - {12355F3E-90C3-41AA-8705-15969AF7F210} - C:\WINDOWS\vgraph.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programmi\NewDotNet\newdotnet7_22.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Programmi\Need2Find\bar\1.bin\ND2FNBAR.DLL
O2 - BHO: SafeGuard Protect PCShield - {564FFB73-9EEF-4969-92FA-5FC4A92E2C2A} - C:\WINDOWS\system32\sfg.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Programmi\RXToolBar\sfcont.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Gtwatch] C:\WINDOWS\gtwatch.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HFUpdate] C:\Programmi\Hercules\Audio\Gamesurround Fortissimo III\ForceUpdate.exe -v4089 -pC:\Programmi\Hercules\Audio\Gamesurround Fortissimo III\wdmaherc.inf
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [StartFoxie] C:\Programmi\Foxie Suite\StartFoxie.exe
O4 - HKLM\..\Run: [KazaaBooster] C:\Programmi\Kazaa FasterDownload\KazaaFasterDownload.exe
O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\system32\sfg.dll"
O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\Proprietario\Dati applicazioni\sgrunt\IE4321.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Taskbar] C:\Programmi\Creative\SBAudigy\Taskbar\CTLTask.exe
O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\system32\sfg.dll"
O4 - HKCU\..\Run: [Kazaa All-In-One] C:\Programmi\Kazaa-All-in-One\Kazaa-All-in-One.exe
O4 - HKCU\..\Run: [tbon] C:\Programmi\TBONBin\tbon.exe /r
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RTCTest.lnk = C:\Programmi\msi\Doctor Y2K\RTCTest.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: LG SyncManager.lnk = C:\Programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Ulead Photo Express SE Calendar Checker.lnk = C:\Programmi\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\S6U12BX\WATCH.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by WebHancer
O15 - Trusted Zone: *.3
O15 - Trusted Zone: www.linkautomatici.com
O15 - Trusted Zone: www.sgrunt.biz
O16 - DPF: {1F831FA9-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Programmi\AutoCAD 2002 Ita\InstFred.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Controllo AcDc oggi) - file://C:\Programmi\AutoCAD 2002 Ita\AcDcToday.ocx
O16 - DPF: {AE563729-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programmi\AutoCAD 2002 Ita\InstBanr.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/download/2006/cabs/ErrorSafeFreeInstall_it.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Controllo AcPreview) - file://C:\Programmi\AutoCAD 2002 Ita\AcPreview.ocx
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Programmi\RXToolBar\sfcont.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 10195 bytes


*** ecco ora NFix_2007-12-gg_hh-mm-ss.log
Norman Malware Cleaner
Copyright © 1990 - 2007, Norman ASA. Built 2008/01/07 17:03:01

Norman Scanner Engine Version: 5.91.08
Nvcbin.def Version: 5.90.00, Date: 2008/01/07 17:03:01, Variants: 1123929

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Home 5.1.2600(Safe mode) Service Pack 2
Logged on user: HOMSI-0976443C2\Proprietario

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000

Scan started: 11/01/2008 20:32:54


Scanning running processes and process memory...

C:\WINDOWS\system32\svchost.exe(492) (C:\Program Files\webHancer\Programs\webhdll.dll!0x10000000) (Infected with W32/WebHancer.M)
Removed Layered Service Provider component: C:\Program Files\webHancer\Programs\webhdll.dll
Removed Layered Service Provider component: C:\Program Files\webHancer\Programs\webhdll.dll
Removed Layered Service Provider component: C:\Program Files\webHancer\Programs\webhdll.dll
Removed Layered Service Provider component: C:\Program Files\webHancer\Programs\webhdll.dll
File marked for defered cleaning (reboot required)

C:\WINDOWS\system32\svchost.exe(492) (C:\Programmi\NewDotNet\newdotnet7_22.dll!0x00760000) (Infected with W32/NewDotNet.S)
Removed registry value: HKLM\Software\Microsoft\Windows\CurrentVersion\Run -> New.net Startup = "rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s"
Removed Layered Service Provider component: C:\Programmi\NewDotNet\newdotnet7_22.dll
Removed Layered Service Provider component: C:\Programmi\NewDotNet\newdotnet7_22.dll
File marked for defered cleaning (reboot required)

Number of processes/threads found: 539
Number of processes/threads scanned: 539
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 23s


Scanning file system...

Scanning: C:\*.*

C:\ismj.exe (Infected with Agent.AULU)
Deleted file

C:\Documents and Settings\Proprietario\Dati applicazioni\sgrunt\disinstalla.htm (Infected with HTML/Dialer.AYTO)
Deleted file

C:\Program Files\webHancer\Programs\webhdll.dll (Infected with W32/WebHancer.M)
File marked for defered cleaning (reboot required)

C:\Program Files\webHancer\Programs\whagent.exe (Infected with W32/WebHancer.N)
Removed registry value: HKLM\Software\Microsoft\Windows\CurrentVersion\Run -> webHancer Agent = ""C:\Program Files\webHancer\Programs\whAgent.exe""
Deleted file

C:\Program Files\webHancer\Programs\whiehlpr.dll (Infected with W32/Agent.IZO)
Deleted file

C:\Program Files\webHancer\Programs\whinstaller.exe (Infected with W32/Agent.IZN)
Deleted file

C:\Program Files\webHancer\Programs\whsurvey.exe (Infected with W32/WebHancer.O)
Removed registry value: HKLM\Software\Microsoft\Windows\CurrentVersion\Run -> webHancer Survey Companion = ""C:\Program Files\webHancer\Programs\whSurvey.exe""
Deleted file

C:\Programmi\INSTAFINK\instafink.dll (Infected with W32/404Search.M)
Deleted file

C:\Programmi\Need2Find\bar\1.bin\ND2FNBAR.DLL (Infected with W32/MySearch.E)
Deleted file

C:\Programmi\NewDotNet\newdotnet7_22.dll (Infected with W32/NewDotNet.S)
File marked for defered cleaning (reboot required)

C:\Programmi\NewDotNet\uninstall7_22.exe (Infected with W32/NewDotNet.AX)
Deleted file

C:\Programmi\TBONBin\TBONWnd.EXE (Infected with W32/BetterInternet.IF)
Deleted file

C:\WINDOWS\autorun.inf (Infected with Text/Perlovga.A)
Deleted file

C:\WINDOWS\NDNuninstall6_98.exe (Infected with NewDotNet.AK)
Deleted file

C:\WINDOWS\NDNuninstall7_14.exe (Infected with W32/NewDotNet.AJ)
Deleted file

C:\WINDOWS\NDNuninstall7_22.exe (Infected with W32/NewDotNet.AX)
Deleted file

C:\WINDOWS\vgraph.dll (Infected with W32/Webdir.C)
Deleted file

C:\WINDOWS\webhdll.dll (Infected with W32/WebHancer.A)
Deleted file

C:\WINDOWS\whInstaller.exe (Infected with W32/WebHancer.H)
Deleted file

C:\WINDOWS\system32\temp1.exe (Infected with W32/Perlovga.B)
Deleted file

C:\WINDOWS\Temp\Altnet\adm.exe (Infected with W32/Altnet.A)
Deleted file

C:\WINDOWS\Temp\Altnet\adm25.dll (Infected with W32/Altnet.A)
Deleted file

C:\WINDOWS\Temp\Altnet\adm4.dll (Infected with W32/Altnet.A)
Deleted file

C:\WINDOWS\Temp\Altnet\admdata.dll (Infected with W32/Altnet.B)
Deleted file

C:\WINDOWS\Temp\Altnet\admdloader.dll (Infected with W32/Altnet.B)
Deleted file

C:\WINDOWS\Temp\Altnet\admfdi.dll (Infected with W32/Altnet.B)
Deleted file

C:\WINDOWS\Temp\Altnet\admprog.dll (Infected with W32/Altnet.A)
Deleted file

C:\WINDOWS\Temp\Altnet\dmfiles.cab/unknown7 (Infected with W32/Altnet.G)

C:\WINDOWS\Temp\Altnet\dmfiles.cab/unknown8 (Infected with W32/Altnet.W)

C:\WINDOWS\Temp\Altnet\pmexe.cab/unknown0 (Infected with W32/Altnet.H)

C:\WINDOWS\Temp\Altnet\pmexe.cab (Empty archive after cleaning)
Deleted file

C:\WINDOWS\Temp\Altnet\pmfiles.cab/unknown3 (Infected with W32/BrilliantDigital.L)

C:\WINDOWS\Temp\Altnet\Setup.exe (Infected with W32/Altnet.P)
Deleted file

Scanning: c:\System Volume Information\*.*


Running post-scan cleanup routine:

Number of files found: 93785
Number of archives unpacked: 741
Number of files scanned: 93765
Number of files not scanned: 20
Number of files skipped due to exclude list: 0
Number of infected files found: 33
Number of infected files repaired/deleted: 27
Number of infections removed: 27
Total scanning time: 35m 58s



**** ecco ora il successivo HJT


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.26.10, on 11/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Hercules\Audio\Gamesurround Fortissimo III\ForceUpdate.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Creative\SBAudigy\Taskbar\CTLTask.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe
C:\Programmi\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Programmi\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Programmi\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\WINDOWS\twain_32\S6U12BX\WATCH.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Proprietario\Desktop\M4Rc0\X RIPARARE PC\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: CvgraphObj Object - {12355F3E-90C3-41AA-8705-15969AF7F210} - C:\WINDOWS\vgraph.dll (file missing)
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programmi\NewDotNet\newdotnet7_22.dll (file missing)
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Programmi\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)
O2 - BHO: SafeGuard Protect PCShield - {564FFB73-9EEF-4969-92FA-5FC4A92E2C2A} - C:\WINDOWS\system32\sfg.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Programmi\RXToolBar\sfcont.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Gtwatch] C:\WINDOWS\gtwatch.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HFUpdate] C:\Programmi\Hercules\Audio\Gamesurround Fortissimo III\ForceUpdate.exe -v4089 -pC:\Programmi\Hercules\Audio\Gamesurround Fortissimo III\wdmaherc.inf
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [StartFoxie] C:\Programmi\Foxie Suite\StartFoxie.exe
O4 - HKLM\..\Run: [KazaaBooster] C:\Programmi\Kazaa FasterDownload\KazaaFasterDownload.exe
O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\system32\sfg.dll"
O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\Proprietario\Dati applicazioni\sgrunt\IE4321.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Taskbar] C:\Programmi\Creative\SBAudigy\Taskbar\CTLTask.exe
O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\system32\sfg.dll"
O4 - HKCU\..\Run: [Kazaa All-In-One] C:\Programmi\Kazaa-All-in-One\Kazaa-All-in-One.exe
O4 - HKCU\..\Run: [tbon] C:\Programmi\TBONBin\tbon.exe /r
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RTCTest.lnk = C:\Programmi\msi\Doctor Y2K\RTCTest.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: LG SyncManager.lnk = C:\Programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Ulead Photo Express SE Calendar Checker.lnk = C:\Programmi\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\S6U12BX\WATCH.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\programmi\newdotnet\newdotnet7_22.dll' missing
O15 - Trusted Zone: *.3
O15 - Trusted Zone: www.linkautomatici.com
O15 - Trusted Zone: www.sgrunt.biz
O16 - DPF: {1F831FA9-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Programmi\AutoCAD 2002 Ita\InstFred.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Controllo AcDc oggi) - file://C:\Programmi\AutoCAD 2002 Ita\AcDcToday.ocx
O16 - DPF: {AE563729-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programmi\AutoCAD 2002 Ita\InstBanr.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/download/2006/cabs/ErrorSafeFreeInstall_it.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Controllo AcPreview) - file://C:\Programmi\AutoCAD 2002 Ita\AcPreview.ocx
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Programmi\RXToolBar\sfcont.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 9504 bytes

--------------------------------------------------




in attesa di risposta vi ingrazio anticipatamente
MARCO
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 12 Gen 2008 13:40    Oggetto: Rispondi citando
Bene, sono state eliminata parecchie schifezze.

Usa questo tool per eliminarne altre.
Poi, segui le istruzioni di questo topic per postare il log di combofix.
Alla fine, posta un log aggiornato di hijackthis.
Top
Profilo Invia messaggio privato
m4rc0h
Mortale adepto
Mortale adepto


Registrato: 27/09/07 09:20
Messaggi: 37
Residenza: Molfetta (Ba)
MessaggioInviato: 12 Gen 2008 22:11    Oggetto: Rispondi citando
NON RIESCO A SCARICARE Il file http://www.francydelorenzi.it/projects/killsgrunt.exe, infettato dal virus Trj/Downloader.MDW, è stato cancellato.
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 13 Gen 2008 11:12    Oggetto: Rispondi citando
Ho dimenticato di dirti che devi disabilitare il tuo antivirus per scaricare e far funzionare KillSgrunt. Razz
Una volta fatta la scansione con KillSgrunt, puoi riabilitare il tuo antivirus.
Top
Profilo Invia messaggio privato
m4rc0h
Mortale adepto
Mortale adepto


Registrato: 27/09/07 09:20
Messaggi: 37
Residenza: Molfetta (Ba)
MessaggioInviato: 14 Gen 2008 23:55    Oggetto: Rispondi citando
allora ecco qui il combofix.txt
ComboFix 08-01-09.2 - Proprietario 2008-01-14 17.52.12.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.231 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Proprietario\Desktop\ComboFixA.exe
.

((((((((((((((((((((((((( Files Creati Da 2007-12-14 al 2008-01-14 )))))))))))))))))))))))))))))))))))
.

2008-01-14 17:32 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-11 20:11 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-11 20:11 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-11 20:11 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-11 20:11 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-11 20:11 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-11 20:11 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-11 20:11 . 2008-01-11 20:11 4,552 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-28 10:49 . 2007-12-28 10:49 <DIR> d-------- C:\Programmi\MVM 2005 - Imperivm - Le Grandi Battaglie di Roma
2007-12-16 11:06 . 2008-01-11 19:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-16 11:06 . 2007-12-16 11:06 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-11 19:54 --------- d-----w C:\Programmi\TBONBin
2008-01-11 19:45 --------- d-----w C:\Programmi\INSTAFINK
2007-12-28 09:48 --------- d-----w C:\Programmi\FX Uninstall Information
2007-12-04 11:23 --------- d-----w C:\Documents and Settings\Proprietario\Dati applicazioni\dvdcss
2007-11-23 11:00 --------- d--h--w C:\Programmi\InstallShield Installation Information
2007-11-14 14:09 560 ----a-w C:\Documents and Settings\Proprietario\Dati applicazioni\ViewerApp.dat
2006-12-08 12:24 24,192 ----a-w C:\Documents and Settings\Proprietario\usbsermptxp.sys
2006-12-08 12:24 22,768 ----a-w C:\Documents and Settings\Proprietario\usbsermpt.sys
2004-07-22 09:51 3,432,656 ----a-w C:\Programmi\ManagedDX.CAB
2004-07-19 21:58 1,156,363 ----a-w C:\Programmi\BDANT.cab
2004-07-19 21:53 976,020 ----a-w C:\Programmi\BDAXP.cab
2004-07-09 13:17 13,265,040 ----a-w C:\Programmi\dxnt.cab
2004-07-09 08:13 703,080 ----a-w C:\Programmi\BDA.cab
2004-07-09 08:13 15,493,481 ----a-w C:\Programmi\DirectX.cab
2004-07-09 03:08 472,576 ----a-w C:\Programmi\dxsetup.exe
2004-07-09 03:08 2,242,560 ----a-w C:\Programmi\dsetup32.dll
2004-07-09 02:03 62,976 ----a-w C:\Programmi\DSETUP.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{12355F3E-90C3-41AA-8705-15969AF7F210}]
C:\WINDOWS\vgraph.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}]
C:\Programmi\NewDotNet\newdotnet7_22.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{564FFB73-9EEF-4969-92FA-5FC4A92E2C2A}]
2005-02-24 15:27 229376 --a------ C:\WINDOWS\system32\sfg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}]
C:\Programmi\RXToolBar\sfcont.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"Taskbar"="C:\Programmi\Creative\SBAudigy\Taskbar\CTLTask.exe" [2001-07-26 01:00 118784]
"PCShield"="regsvr32 /s C:\WINDOWS\system32\sfg.dll" [ ]
"Kazaa All-In-One"="C:\Programmi\Kazaa-All-in-One\Kazaa-All-in-One.exe" [2005-05-10 13:23 198144]
"tbon"="C:\Programmi\TBONBin\tbon.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 10:28 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe" [2005-11-23 18:54 32881]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 16:06 406016]
"Gtwatch"="C:\WINDOWS\gtwatch.exe" [ ]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2005-10-18 11:58 278528]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2005-12-05 23:43 155648]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2005-12-05 23:47 180269]
"HFUpdate"="C:\Programmi\Hercules\Audio\Gamesurround Fortissimo III\ForceUpdate.exe" [2002-09-16 15:53 28672]
"UpdReg"="C:\WINDOWS\Updreg.exe" [2000-05-11 01:00 90112]
"Jet Detection"="C:\Programmi\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-04-20 14:52 28672]
"StartFoxie"="C:\Programmi\Foxie Suite\StartFoxie.exe" [ ]
"KazaaBooster"="C:\Programmi\Kazaa FasterDownload\KazaaFasterDownload.exe" [ ]
"PCShield"="regsvr32 /s C:\WINDOWS\system32\sfg.dll" [ ]
"NeroFilterCheck"="C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"KAVPersonal50"="C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" [2005-08-30 13:51 139367]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 13:00 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
BTTray.lnk - C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2005-07-22 16:50:16]
LG SyncManager.lnk - C:\Programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe [2007-10-02 07:32:10]
Picture Package Menu.lnk - C:\Programmi\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2006-07-25 12:25:36]
Picture Package VCD Maker.lnk - C:\Programmi\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2006-07-25 12:25:32]
Ulead Photo Express SE Calendar Checker.lnk - C:\Programmi\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe [2005-11-24 16:50:28]
Watch.lnk - C:\WINDOWS\twain_32\S6U12BX\WATCH.exe [2005-11-24 16:37:44]
WinZip Quick Pick.lnk - C:\Programmi\WinZip\WZQKPICK.EXE [2006-02-15 23:16:17]

R1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys [2005-08-30 13:52]
R3 emu10kx;Creative EMU10K1/EMU10K2 Audio Driver (WDM);C:\WINDOWS\system32\drivers\e10kx2k.sys [2001-07-13 13:29]
S3 firewall;firewall;C:\Programmi\Foxie Suite\firewall.sys []
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 21:41]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-14 17:53:33
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.2180]
-> C:\Programmi\WinRAR\rarext.dll
.
Ora fine scansione: 2008-01-14 17.55.02
ComboFix-quarantined-files.txt 2008-01-14 16:54:06


ora ecco l'hjt

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.55.59, on 14/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Hercules\Audio\Gamesurround Fortissimo III\ForceUpdate.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Creative\SBAudigy\Taskbar\CTLTask.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Programmi\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Programmi\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\WINDOWS\twain_32\S6U12BX\WATCH.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Proprietario\Desktop\M4Rc0\X RIPARARE PC\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: CvgraphObj Object - {12355F3E-90C3-41AA-8705-15969AF7F210} - C:\WINDOWS\vgraph.dll (file missing)
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programmi\NewDotNet\newdotnet7_22.dll (file missing)
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Programmi\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)
O2 - BHO: SafeGuard Protect PCShield - {564FFB73-9EEF-4969-92FA-5FC4A92E2C2A} - C:\WINDOWS\system32\sfg.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Programmi\RXToolBar\sfcont.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Gtwatch] C:\WINDOWS\gtwatch.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HFUpdate] C:\Programmi\Hercules\Audio\Gamesurround Fortissimo III\ForceUpdate.exe -v4089 -pC:\Programmi\Hercules\Audio\Gamesurround Fortissimo III\wdmaherc.inf
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [StartFoxie] C:\Programmi\Foxie Suite\StartFoxie.exe
O4 - HKLM\..\Run: [KazaaBooster] C:\Programmi\Kazaa FasterDownload\KazaaFasterDownload.exe
O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\system32\sfg.dll"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Taskbar] C:\Programmi\Creative\SBAudigy\Taskbar\CTLTask.exe
O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\system32\sfg.dll"
O4 - HKCU\..\Run: [Kazaa All-In-One] C:\Programmi\Kazaa-All-in-One\Kazaa-All-in-One.exe
O4 - HKCU\..\Run: [tbon] C:\Programmi\TBONBin\tbon.exe /r
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RTCTest.lnk = C:\Programmi\msi\Doctor Y2K\RTCTest.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: LG SyncManager.lnk = C:\Programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Ulead Photo Express SE Calendar Checker.lnk = C:\Programmi\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\S6U12BX\WATCH.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: *.3
O16 - DPF: {1F831FA9-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Programmi\AutoCAD 2002 Ita\InstFred.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Controllo AcDc oggi) - file://C:\Programmi\AutoCAD 2002 Ita\AcDcToday.ocx
O16 - DPF: {AE563729-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programmi\AutoCAD 2002 Ita\InstBanr.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/download/2006/cabs/ErrorSafeFreeInstall_it.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Controllo AcPreview) - file://C:\Programmi\AutoCAD 2002 Ita\AcPreview.ocx
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 8730 bytes
Top
Profilo Invia messaggio privato
Orange
Dio maturo
Dio maturo


Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
MessaggioInviato: 15 Gen 2008 10:53    Oggetto: Rispondi citando
Vai meglio, ma c'è ancora parecchio da eliminare.

Scarica VirIt (ti conviene disabilitare temporaneamente il tuo Kaspersky), aggiornalo e fai lo scan completo. Posta il log.

Scarica AVG Anti-Spyware, aggiornalo e fai lo scan completo del sistema.

Scarica ed installa DelDomains (clic con tasto destro sul link e scegli Salva con nome sul desktop; poi clic con destro sul file e seleziona Installa)

***********************************

disattiva il ripristino e avvia in modalità provvisoria
avvia HijackThis, seleziona Do a system scan only, metti la spunta alle voci indicate (se presenti) e premi Fix checked:

O2 - BHO: CvgraphObj Object - {12355F3E-90C3-41AA-8705-15969AF7F210} - C:\WINDOWS\vgraph.dll (file missing)
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programmi\NewDotNet\newdotnet7_22.dll (file missing)
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Programmi\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)
O2 - BHO: SafeGuard Protect PCShield - {564FFB73-9EEF-4969-92FA-5FC4A92E2C2A} - C:\WINDOWS\system32\sfg.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Programmi\RXToolBar\sfcont.dll (file missing)

O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\system32\sfg.dll"
O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\system32\sfg.dll"
O4 - HKCU\..\Run: [tbon] C:\Programmi\TBONBin\tbon.exe /r

O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
O15 - Trusted Zone: *.3
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/download/2006/cabs/Err orSafeFreeInstall_it.cab

Riavvia in modalità normale, fai il log HJT e postalo qui.

***********************************
Top
Profilo Invia messaggio privato
m4rc0h
Mortale adepto
Mortale adepto


Registrato: 27/09/07 09:20
Messaggi: 37
Residenza: Molfetta (Ba)
MessaggioInviato: 15 Gen 2008 12:53    Oggetto: Rispondi citando
come faccio ad aggiornare tali programmi se il mio pc se non possiedo una connesione internet?per postare qui le mie cose mi servo di un altro pc...scusate l'ignoranza

marco
Top
Profilo Invia messaggio privato
m4rc0h
Mortale adepto
Mortale adepto


Registrato: 27/09/07 09:20
Messaggi: 37
Residenza: Molfetta (Ba)
MessaggioInviato: 15 Gen 2008 21:48    Oggetto: Rispondi citando
ho eseguito le operazioni pero' come detto in precedenza non ho aggiornato i programmi ecco quanto mi avete rikiesto:

ecco il log di VirIt VirIT eXplorer Lite Log

[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
15/01/2008 - 17:32:29

[SCANSIONE DEL REGISTRO]
{564FFB73-9EEF-4969-92FA-5FC4A92E2C2A} Infetto da BHO.Safeguard.A
* * * RIMOSSO * * *
{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} Infetto da Spyware.WeatherBug.A
* * * RIMOSSO * * *
{4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} Infetto da BHO.Need2Find.A
* * * RIMOSSO * * *
{2AB289AE-4B90-4281-B2AE-1F4BB034B647} Infetto da Adware.Rxtoolbar.B
* * * RIMOSSO * * *
{59879FA4-4790-461c-A1CC-4EC4DE4CA483} Infetto da BHO.RXResult.A
* * * RIMOSSO * * *
{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} Infetto da Malware.WinFixer.B
* * * RIMOSSO * * *

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

C:\Documents and Settings\Proprietario\Dati applicazioni\Microsoft\Internet Explorer\Quick Launch\e1xplorer.lnk Infetto da Trojan.Win32.Agent.SP
* * * RIMOSSO * * *
C:\Documents and Settings\Proprietario\Desktop\MARCO pc\SmitfraudFix\exit.exe Infetto da Trojan.Win32.Agent.AWE
* * * RIMOSSO * * *
C:\WINDOWS\system32\64E150A5-0140-4623-9B4B-91E2CD094B85 Infetto da BHO.Safeguard.A
* * * RIMOSSO * * *
C:\WINDOWS\system32\sfg.dll Infetto da BHO.Safeguard.A
* * * RIMOSSO * * *
C:\WINDOWS\system32\sfg_382f.dll Infetto da BHO.Safeguard.B
* * * RIMOSSO * * *

Chiavi Registro infette: 6.
Files Infetti: 5.
Files Sospetti: 0.
Files Analizzati: 36654.
Files Totali: 36654.
Chiavi Registro rimosse: 6.
Virus Rimossi: 5.

ecco ora il log di Avg anche se non lo avevate rikiesto

--------------------------------------------------------
AVG Anti-Spyware - Rapporto scansione
---------------------------------------------------------

+ Creato alle: 18.37.55 15/01/2008

+ Risultato scansione:



HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Adware.Altnet : Ignorato.
HKLM\SOFTWARE\Classes\ADM25.ADM25.1 -> Adware.Altnet : Ignorato.
HKLM\SOFTWARE\Classes\ADM25.ADM25\CurVer -> Adware.Altnet : Ignorato.
HKLM\SOFTWARE\Classes\ADM4.ADM4 -> Adware.Altnet : Ignorato.
HKLM\SOFTWARE\Classes\ADM4.ADM4.1 -> Adware.Altnet : Ignorato.
HKLM\SOFTWARE\Classes\ADM4.ADM4\CurVer -> Adware.Altnet : Ignorato.
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : Ignorato.
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Adware.Altnet : Ignorato.
HKLM\SOFTWARE\Classes\TopSearch.TSLink -> Adware.Altnet : Ignorato.
HKLM\SOFTWARE\Classes\TopSearch.TSLink.1 -> Adware.Altnet : Ignorato.
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CLSID -> Adware.Altnet : Ignorato.
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CurVer -> Adware.Altnet : Ignorato.
C:\Programmi\TBONBin -> Adware.BetterInternet : Ignorato.
C:\Programmi\TBONBin\TBONUnst.htm -> Adware.BetterInternet : Ignorato.
C:\Programmi\TBONBin\tboninst.cfg -> Adware.BetterInternet : Ignorato.
HKLM\SOFTWARE\Cydoor -> Adware.Cydoor : Ignorato.
C:\Programmi\INSTAFINK -> Adware.Gator : Ignorato.
C:\Programmi\File comuni\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Ignorato.
HKLM\SOFTWARE\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Ignorato.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Ignorato.
HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : Ignorato.
HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : Ignorato.
HKU\S-1-5-21-789336058-1292428093-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Ignorato.
HKU\S-1-5-21-789336058-1292428093-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{59879FA4-4790-461C-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Ignorato.
HKU\S-1-5-21-789336058-1292428093-839522115-1003\Software\RX Toolbar -> Adware.RXToolbar : Ignorato.
C:\System Volume Information\_restore{B1A73C52-931A-4C82-9BB4-FBD0A64D7B5D}\RP4\A0006411.dll -> Adware.SafeGuard : Ignorato.
C:\System Volume Information\_restore{B1A73C52-931A-4C82-9BB4-FBD0A64D7B5D}\RP2\A0002102.dll -> Adware.SafeGuardProtect : Ignorato.
C:\System Volume Information\_restore{B1A73C52-931A-4C82-9BB4-FBD0A64D7B5D}\RP4\A0006410.dll -> Adware.SafeGuardProtect : Ignorato.
HKLM\SOFTWARE\Classes\CLSID\{12355F3E-90C3-41AA-8705-15969AF7F210} -> Adware.Webdir : Ignorato.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12355F3E-90C3-41AA-8705-15969AF7F210} -> Adware.Webdir : Ignorato.
HKU\S-1-5-21-789336058-1292428093-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{12355F3E-90C3-41AA-8705-15969AF7F210} -> Adware.Webdir : Ignorato.
C:\Programmi\whInstall -> Adware.Webhancer : Ignorato.
C:\Programmi\whInstall\license.txt -> Adware.Webhancer : Ignorato.
C:\Programmi\whInstall\readme.txt -> Adware.Webhancer : Ignorato.
C:\Programmi\whInstall\whAgent.inf -> Adware.Webhancer : Ignorato.
C:\Programmi\whInstall\whAgent.ini -> Adware.Webhancer : Ignorato.
C:\Programmi\whInstall\whInstaller.ini -> Adware.Webhancer : Ignorato.
C:\System Volume Information\_restore{B1A73C52-931A-4C82-9BB4-FBD0A64D7B5D}\RP4\A0004064.inf -> Adware.WebHancer : Ignorato.
C:\WINDOWS\whAgent.inf -> Adware.Webhancer : Ignorato.
C:\WINDOWS\whInstaller.ini -> Adware.Webhancer : Ignorato.
C:\Documents and Settings\Proprietario\Cookies\proprietario@bestoffersnetworks[2].txt -> TrackingCookie.Bestoffersnetworks : Ignorato.
C:\Documents and Settings\Proprietario\Cookies\proprietario@cliks[1].txt -> TrackingCookie.Cliks : Ignorato.
C:\Documents and Settings\Proprietario\Cookies\proprietario@cliks[2].txt -> TrackingCookie.Cliks : Ignorato.
C:\Documents and Settings\Proprietario\Cookies\proprietario@need2find[1].txt -> TrackingCookie.Need2find : Ignorato.


::Fine rapporto


e l'HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.58.01, on 15/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Hercules\Audio\Gamesurround Fortissimo III\ForceUpdate.exe
C:\VEXPLITE\MONLITE.EXE
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Creative\SBAudigy\Taskbar\CTLTask.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe
C:\Programmi\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Programmi\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Programmi\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\WINDOWS\twain_32\S6U12BX\WATCH.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Proprietario\Desktop\M4Rc0\X RIPARARE PC\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Gtwatch] C:\WINDOWS\gtwatch.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HFUpdate] C:\Programmi\Hercules\Audio\Gamesurround Fortissimo III\ForceUpdate.exe -v4089 -pC:\Programmi\Hercules\Audio\Gamesurround Fortissimo III\wdmaherc.inf
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [StartFoxie] C:\Programmi\Foxie Suite\StartFoxie.exe
O4 - HKLM\..\Run: [KazaaBooster] C:\Programmi\Kazaa FasterDownload\KazaaFasterDownload.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Taskbar] C:\Programmi\Creative\SBAudigy\Taskbar\CTLTask.exe
O4 - HKCU\..\Run: [Kazaa All-In-One] C:\Programmi\Kazaa-All-in-One\Kazaa-All-in-One.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RTCTest.lnk = C:\Programmi\msi\Doctor Y2K\RTCTest.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: LG SyncManager.lnk = C:\Programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Ulead Photo Express SE Calendar Checker.lnk = C:\Programmi\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\S6U12BX\WATCH.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {1F831FA9-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Programmi\AutoCAD 2002 Ita\InstFred.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Controllo AcDc oggi) - file://C:\Programmi\AutoCAD 2002 Ita\AcDcToday.ocx
O16 - DPF: {AE563729-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programmi\AutoCAD 2002 Ita\InstBanr.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Controllo AcPreview) - file://C:\Programmi\AutoCAD 2002 Ita\AcPreview.ocx
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

--
End of file - 8352 bytes
Top
Profilo Invia messaggio privato
Orange
Dio maturo
Dio maturo


Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
MessaggioInviato: 16 Gen 2008 10:56    Oggetto: Rispondi citando
Il log HJT mi pare pulito, anche se ho un dubbio su questa: O4 - Startup: RTCTest.lnk = C:\Programmi\msi\Doctor Y2K\RTCTest.exe E' per caso qualcosa che conosci?

Purtroppo non è possibile aggiornare manualmente AVG e VirIt Sad

Citazione:
AVG Anti-Spyware - Rapporto scansione
---------------------------------------------------------

+ Creato alle: 18.37.55 15/01/2008

+ Risultato scansione:



HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Adware.Altnet : Ignorato.
HKLM\SOFTWARE\Classes\ADM25.ADM25.1 -> Adware.Altnet : Ignorato.
HKLM\SOFTWARE\Classes\ADM25.ADM25\CurVer -> Adware.Altnet : Ignorato.
HKLM\SOFTWARE\Classes\ADM4.ADM4 -> Adware.Altnet : Ignorato.

Question
Non hai eliminato nulla? Alla fine scansione dovresti selezionare Applica operazioni consigliate (o qualcosa di simile), solo in questo modo le minacce riconosciute vengono eliminate.
Top
Profilo Invia messaggio privato
m4rc0h
Mortale adepto
Mortale adepto


Registrato: 27/09/07 09:20
Messaggi: 37
Residenza: Molfetta (Ba)
MessaggioInviato: 17 Gen 2008 22:49    Oggetto: Rispondi citando
si orange :\Programmi\msi\Doctor Y2K\RTCTest.exe è un programma che installai tempo fa ma non so a cosa serve,era un softwere del mio vekkio pc e lo installai sul mio nuovo computer pensando che servisse...
comunque farò quanto mi hai detto e ti farò sapere
grazie mille
Top
Profilo Invia messaggio privato
m4rc0h
Mortale adepto
Mortale adepto


Registrato: 27/09/07 09:20
Messaggi: 37
Residenza: Molfetta (Ba)
MessaggioInviato: 20 Gen 2008 18:50    Oggetto: Rispondi citando
vi posto un altro hjt dopo aver fatto le operazioni da voi dette


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.31.52, on 20/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Hercules\Audio\Gamesurround Fortissimo III\ForceUpdate.exe
C:\VEXPLITE\MONLITE.EXE
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Creative\SBAudigy\Taskbar\CTLTask.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe
C:\Programmi\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Programmi\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Programmi\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\WINDOWS\twain_32\S6U12BX\WATCH.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Proprietario\Desktop\M4Rc0\X RIPARARE PC\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Gtwatch] C:\WINDOWS\gtwatch.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HFUpdate] C:\Programmi\Hercules\Audio\Gamesurround Fortissimo III\ForceUpdate.exe -v4089 -pC:\Programmi\Hercules\Audio\Gamesurround Fortissimo III\wdmaherc.inf
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [StartFoxie] C:\Programmi\Foxie Suite\StartFoxie.exe
O4 - HKLM\..\Run: [KazaaBooster] C:\Programmi\Kazaa FasterDownload\KazaaFasterDownload.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Taskbar] C:\Programmi\Creative\SBAudigy\Taskbar\CTLTask.exe
O4 - HKCU\..\Run: [Kazaa All-In-One] C:\Programmi\Kazaa-All-in-One\Kazaa-All-in-One.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RTCTest.lnk = C:\Programmi\msi\Doctor Y2K\RTCTest.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: LG SyncManager.lnk = C:\Programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Ulead Photo Express SE Calendar Checker.lnk = C:\Programmi\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\S6U12BX\WATCH.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {1F831FA9-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Programmi\AutoCAD 2002 Ita\InstFred.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Controllo AcDc oggi) - file://C:\Programmi\AutoCAD 2002 Ita\AcDcToday.ocx
O16 - DPF: {AE563729-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programmi\AutoCAD 2002 Ita\InstBanr.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Controllo AcPreview) - file://C:\Programmi\AutoCAD 2002 Ita\AcPreview.ocx
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

--
End of file - 8352 bytes
Top
Profilo Invia messaggio privato
m4rc0h
Mortale adepto
Mortale adepto


Registrato: 27/09/07 09:20
Messaggi: 37
Residenza: Molfetta (Ba)
MessaggioInviato: 22 Gen 2008 22:47    Oggetto: Rispondi citando
Crying or Very sad rispondeteeee
Top
Profilo Invia messaggio privato
Orange
Dio maturo
Dio maturo


Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
MessaggioInviato: 23 Gen 2008 09:12    Oggetto: Rispondi
scusa Rolling Eyes

Il log è pulito, ma per andare sul sicuro fai una scansione on-line con Kaspersky in modalità estesa e riporta il risultato.
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Pagina 1 di 1

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi