Olimpo Informatico

yamashita · Eroe Registrato: 18/01/08 20:30 Messaggi: 51

ciao a tutti mi sono appena registrato.anch'io ho lo stesso problema e da due settimane ormai.sono anche arrivato a disinstallare i.e. con gravi conseguenze per windows,quindi ho dovuto creare un punto di ripristino e cosi i.e. e' tornato.guardando in giro nei forum il problema con questi siti,a.doginhispen e skytodayplease e' molto diffuso.ho capito che tutto cio' e' causato da msn,che installa sul pc una tool bar nel browser di internet explorer quindi tolta quella risolto il problema.almeno molti hanno risolto cosi.io purtroppo questa toolbar nn la trovo,quindi adesso provero' a disinstallare msn e dare una pulita con ccleaner che uso gia ma che nn risolve il problema.cmq adesso uso firefox e funziona bene senza dare i problemi che da l'explorer.infatti quando riapro l'explorer ritrovo li i siti bastardi.vi faccio sapere ciao.

yamashita · Eroe Registrato: 18/01/08 20:30 Messaggi: 51

niente il problema rimane..

bdoriano

Ciao yamashita, Ciao

Segui le istruzioni di questo topic per postare il log di hijackthis.

Fai questa scansione con FindAWF.

Per cortesia, non accodarti ai thread di altri utenti. Grazie per la collaborazione. Smile

PS: se vuoi, puoi presentarti qui

yamashita · Eroe Registrato: 18/01/08 20:30 Messaggi: 51

CIAO BDORIANO,SONO NUOVO QUINDI UN PO IN'ESPERTO DEL FORUM.CMQ IO HO RISOLTO DISABILITANDO I.E. DA IMPOSTAZIONI E ACCESSO HAI PROGRAMMI,ADESSO USO FIREFOX CHE FUNZIONA BENE SENZA DARMI QUEL PROBLEMA.CHE NE PENSI PUO' ESSERE UNA SOLUZIONE ACCETTABILE.GRAZIE PER L'AIUTO.

bdoriano

Non scrivere in maiuscolo, per convenzione equivale a urlare. Razz

Con la soluzione che hai adottato, puoi navigare, ma il pc rimane infetto.
Prima o poi riscontrerai altri problemi.
Se vuoi, puoi seguire le indicazioni che ti ho dato. Ciao

yamashita · Eroe Registrato: 18/01/08 20:30 Messaggi: 51

si scusami per il maiuscolo Embarassed

.volevo prima vedere se qualcuno risolveva,perche so che avrei bisogno del tempo per postare tutti quei log.esco da una settimana intensa sprecata a dare la caccia a questi virus,quindi sono megastressato.
seguo cmq gli sviluppi.grazie ancora.

bdoriano

yamashita · Eroe Registrato: 18/01/08 20:30 Messaggi: 51

posto qui il log.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 17.25.14, on 28/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SiSUSBrg.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\carpserv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\a-squared Free\a2service.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\File comuni\MicroWorld\Agent\MWASER.EXE
C:\Programmi\File comuni\MicroWorld\Agent\MWAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\hijackthis-v2\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [PrevxOne] "C:\Programmi\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Programmi\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Programmi\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.google.it
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{94180E28-8DA0-4F42-B1CE-9BF86249572A}: NameServer = 85.37.17.39 85.38.28.71
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Programmi\File comuni\MicroWorld\Agent\MWASER.EXE
O23 - Service: Prevx Agent (PREVXAgent) - Prevx - C:\Programmi\Prevx1\PXAgent.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

--
End of file - 6700 bytes

yamashita · Eroe Registrato: 18/01/08 20:30 Messaggi: 51

ecco findAWF

Find AWF report by noahdfear ©2006
Version 1.40

bak folders found
~~~~~~~~~~~

Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: E0C2-DC78

Directory di C:\WINDOWS\BAK

12/07/2002 11.15 106.496 SiSUSBrg.exe
1 File 106.496 byte
2 Directory 2.130.694.144 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: E0C2-DC78

Directory di C:\PROGRA~1\ITUNES\BAK

30/10/2006 09.36 256.576 iTunesHelper.exe
1 File 256.576 byte
2 Directory 2.130.694.144 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: E0C2-DC78

Directory di C:\PROGRA~1\QUICKT~2\BAK

25/10/2006 18.58 282.624 qttask.exe
1 File 282.624 byte
2 Directory 2.130.690.048 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: E0C2-DC78

Directory di C:\WINDOWS\SYSTEM32\BAK

31/12/2002 13.00 15.360 ctfmon.exe
30/10/2003 14.09 249.856 keyhook.exe
09/07/2001 10.50 155.648 NeroCheck.exe
30/10/2003 14.10 667.648 sistray.EXE
4 File 1.088.512 byte
2 Directory 2.130.690.048 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: E0C2-DC78

Directory di C:\PROGRA~1\ELABOR~1\VIRTUA~1\BAK

29/04/2006 14.21 94.208 VCDDaemon.exe
1 File 94.208 byte
2 Directory 2.130.690.048 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: E0C2-DC78

Directory di C:\PROGRA~1\GRISOFT\AVG7\BAK

21/12/2007 09.09 579.072 avgcc.exe
1 File 579.072 byte
2 Directory 2.130.690.048 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: E0C2-DC78

Directory di C:\PROGRA~1\FILECO~1\AHEAD\LIB\BAK

0 File 0 byte
2 Directory 2.130.690.048 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: E0C2-DC78

Directory di C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

04/03/2004 16.46 172.032 hpztsb10.exe
1 File 172.032 byte
2 Directory 2.130.690.048 byte disponibili

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

14348 2 Jan 2008 "C:\WINDOWS\SiSUSBrg.exe"
106496 12 Jul 2002 "C:\WINDOWS\bak\SiSUSBrg.exe"
256576 30 Oct 2006 "C:\Programmi\iTunes\bak\iTunesHelper.exe"
282624 25 Oct 2006 "C:\Programmi\QuickTime\bak\qttask.exe"
15360 31 Dec 2002 "C:\WINDOWS\system32\bak\ctfmon.exe"
249856 30 Oct 2003 "C:\WINDOWS\system32\bak\keyhook.exe"
155648 9 Jul 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe"
667648 30 Oct 2003 "C:\WINDOWS\system32\bak\sistray.EXE"
94208 29 Apr 2006 "C:\Programmi\Elaborate Bytes\VirtualCloneDrive\bak\VCDDaemon.exe"
579072 8 Jan 2008 "C:\Programmi\Grisoft\AVG7\avgcc.exe"
579072 21 Dec 2007 "C:\Programmi\Grisoft\AVG7\bak\avgcc.exe"
172032 4 Mar 2004 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb10.exe"

end of report

grazie per l'aiuto.

bdoriano

Scarica avenger e scompattalo in una sua cartella non temporanea e non sul desktop

Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:

yamashita · Eroe Registrato: 18/01/08 20:30 Messaggi: 51

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\cxbaejdc

*******************

Script file located at: \??\C:\nkglrkut.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\SiSUSBrg.exe deleted successfully.
File move operation C:\WINDOWS\bak\SiSUSBrg.exe|C:\WINDOWS\SiSUSBrg.exe completed successfully.

Completed script processing.

*******************

Finished! Terminate.

per scompattare avanger ho creato una cartella in c\programmi e' giusta come posizione? deduco di si,perche cmq ha funzionato bene.
grazie ancora per l'aiuto.

yamashita · Eroe Registrato: 18/01/08 20:30 Messaggi: 51

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11.58.37, on 29/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\a-squared Free\a2service.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\carpserv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\File comuni\MicroWorld\Agent\MWASER.EXE
C:\Programmi\File comuni\MicroWorld\Agent\MWAgent.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programmi\hijackthis-v2\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [PrevxOne] "C:\Programmi\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Programmi\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Programmi\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.google.it
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{94180E28-8DA0-4F42-B1CE-9BF86249572A}: NameServer = 85.37.17.39 85.38.28.71
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Programmi\File comuni\MicroWorld\Agent\MWASER.EXE
O23 - Service: Prevx Agent (PREVXAgent) - Prevx - C:\Programmi\Prevx1\PXAgent.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

--
End of file - 6660 bytes

yamashita · Eroe Registrato: 18/01/08 20:30 Messaggi: 51

ComboFix 08-01-29.3 - Utente 2008-01-29 12.12.03.1 - NTFSx86
Eseguito da: C:\Documents and Settings\Utente\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com

.
((((((((((((((((((((((((( Files Creati Da 2007-12-28 al 2008-01-29 )))))))))))))))))))))))))))))))))))
.

2008-01-29 11:40 . 2008-01-29 11:40 <DIR> d-------- C:\Programmi\avanger
2008-01-28 17:21 . 2008-01-29 11:58 <DIR> d-------- C:\Programmi\hijackthis-v2
2008-01-28 16:44 . 2008-01-28 16:51 <DIR> d-------- C:\Programmi\Eusing Free Registry Cleaner
2008-01-28 16:14 . 2008-01-28 16:14 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-28 16:14 . 2008-01-28 16:14 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-01-22 22:17 . 2008-01-22 22:17 <DIR> d-------- C:\Programmi\ASIO4ALL v2
2008-01-18 20:20 . 2008-01-18 20:26 <DIR> d-------- C:\Programmi\Windows Live
2008-01-16 16:52 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-16 16:52 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-01-16 16:42 . 2008-01-16 16:42 <DIR> d-------- C:\Programmi\Messenger Plus! Live
2008-01-16 14:07 . 2008-01-16 16:39 <DIR> d-------- C:\Programmi\MSN Messenger(2)
2008-01-16 13:02 . 2008-01-16 16:40 <DIR> d-------- C:\Programmi\Uniblue(2)
2008-01-16 04:21 . 2008-01-16 04:21 <DIR> d-------- C:\Programmi\IObit
2008-01-16 03:56 . 2008-01-16 03:56 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\Uniblue
2008-01-15 22:50 . 2008-01-18 20:24 <DIR> d--hsc--- C:\Programmi\File comuni\WindowsLiveInstaller
2008-01-15 22:49 . 2008-01-18 20:19 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-01-15 11:32 . 2008-01-16 16:42 <DIR> d-------- C:\Programmi\Toolbar Uninstaller
2008-01-14 05:45 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-10 01:52 . 2007-08-01 22:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-09 22:54 . 2008-01-27 13:33 <DIR> d-------- C:\Documents and Settings\Utente\.housecall6.6
2008-01-09 20:00 . 2008-01-09 20:00 <DIR> d-------- C:\WINDOWS\Sun
2008-01-09 19:59 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-09 19:56 . 2008-01-09 19:59 <DIR> d-------- C:\Programmi\Java
2008-01-09 19:54 . 2008-01-09 19:54 <DIR> d-------- C:\Programmi\File comuni\Java
2008-01-09 19:53 . 2008-01-09 23:48 1,414 --a------ C:\WINDOWS\mozver.dat
2008-01-09 19:46 . 2008-01-09 19:46 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-08 22:04 . 2008-01-27 12:54 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\AVG7
2008-01-08 22:04 . 2008-01-08 22:04 <DIR> d-------- C:\Documents and Settings\LocalService\Dati applicazioni\AVG7
2008-01-08 22:03 . 2008-01-08 22:03 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Grisoft
2008-01-08 21:56 . 2008-01-08 12:09 203 --a------ C:\bootini.uns
2008-01-08 21:29 . 2008-01-26 03:47 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avg7
2008-01-08 20:28 . 2008-01-08 20:30 5,004,110 --a------ C:\WINDOWS\REGBK00.ZIP
2008-01-08 10:59 . 2008-01-08 12:14 <DIR> d-------- C:\PUB
2008-01-08 10:56 . 2008-01-08 10:56 111,934 --a------ C:\WINDOWS\winsbak2.reg
2008-01-08 10:56 . 2008-01-08 10:56 15,676 --a------ C:\WINDOWS\winsbak.reg
2008-01-08 10:55 . 2008-01-08 21:56 <DIR> d-------- C:\Programmi\File comuni\MicroWorld
2008-01-08 10:55 . 2008-01-08 10:55 <DIR> d-------- C:\Documents and Settings\remoteservice\Preferiti
2008-01-08 10:55 . 2008-01-08 10:55 <DIR> d-------- C:\Documents and Settings\remoteservice\Modelli
2008-01-08 10:55 . 2008-01-08 10:55 <DIR> d-------- C:\Documents and Settings\remoteservice\Menu Avvio
2008-01-08 10:55 . 2008-01-08 10:55 <DIR> d-------- C:\Documents and Settings\remoteservice\Documenti
2008-01-08 10:55 . 2008-01-08 10:55 <DIR> d-------- C:\Documents and Settings\remoteservice\Dati applicazioni
2008-01-08 10:55 . 2008-01-08 10:55 <DIR> d-------- C:\Documents and Settings\LocalService\Preferiti
2008-01-08 10:55 . 2008-01-08 10:55 <DIR> d-------- C:\Documents and Settings\LocalService\Modelli
2008-01-08 10:55 . 2008-01-08 10:55 <DIR> d-------- C:\Documents and Settings\LocalService\Menu Avvio
2008-01-08 10:55 . 2008-01-08 10:55 <DIR> d-------- C:\Documents and Settings\LocalService\Documenti
2008-01-08 10:53 . 2008-01-08 10:53 <DIR> d-------- C:\WINDOWS\system32\FLCSS.EXE
2008-01-08 10:53 . 2006-07-31 04:12 950,272 --a------ C:\WINDOWS\system32\contfilt.dll
2008-01-08 10:53 . 2006-07-31 03:52 339,968 --a------ C:\WINDOWS\system32\mwtsp.dll
2008-01-08 10:53 . 2000-04-03 22:00 130,560 --a------ C:\WINDOWS\system32\ZIPDLL.DLL
2008-01-08 10:53 . 2005-10-09 18:53 125,440 --a------ C:\WINDOWS\system32\UNZDLL.DLL
2008-01-08 10:53 . 2006-07-31 03:48 118,784 --a------ C:\WINDOWS\system32\mwnsp.dll
2008-01-08 10:53 . 2006-07-31 03:28 41,984 --a------ C:\WINDOWS\killproc.exe
2008-01-08 10:53 . 2006-07-31 03:52 40,448 --a------ C:\WINDOWS\inst_tsp.exe
2008-01-08 10:53 . 1997-09-18 06:12 9,488 --a------ C:\WINDOWS\sporder.dll
2008-01-08 10:53 . 1997-09-18 06:12 7,680 --a------ C:\WINDOWS\sporder.exe
2008-01-08 00:11 . 2008-01-29 11:46 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Prevx
2008-01-08 00:11 . 2006-11-23 17:04 9,728 --a------ C:\WINDOWS\system32\drivers\pxscinst.dll
2008-01-08 00:11 . 2006-11-23 17:04 7,680 --a------ C:\WINDOWS\system32\drivers\pxinst.dll
2008-01-07 21:17 . 2008-01-07 21:17 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-01-07 21:17 . 2008-01-07 21:17 <DIR> d-------- C:\Programmi\microsoft frontpage
2008-01-07 20:27 . 2008-01-26 16:10 <DIR> d-------- C:\Programmi\a-squared Free
2008-01-07 19:00 . 2008-01-07 19:01 <DIR> d-------- C:\Kaspersky
2008-01-07 16:28 . 2008-01-08 21:56 0 --a------ C:\23990098.$$$
2008-01-07 14:17 . 2008-01-07 18:35 <DIR> d-------- C:\escheck
2008-01-07 13:57 . 2008-01-07 13:57 <DIR> d-a------ C:\WINDOWS\zts2.exe
2008-01-07 13:57 . 2008-01-07 13:57 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-01-07 13:57 . 2008-01-07 13:57 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2008-01-07 13:46 . 2008-01-07 18:47 50 --a------ C:\WINDOWS\Lic.xxx
2008-01-07 13:45 . 2002-12-31 13:00 151,552 --a------ C:\WINDOWS\R.COM
2008-01-07 13:45 . 2002-12-31 13:00 139,264 --a------ C:\WINDOWS\system32\T.COM
2008-01-07 13:28 . 2008-01-07 20:00 77,312 --a------ C:\WINDOWS\ua2.dll
2008-01-07 11:44 . 2008-01-26 12:50 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\Prevx
2008-01-07 11:34 . 2008-01-16 11:41 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-01-06 21:31 . 2008-01-06 21:31 <DIR> d-------- C:\Programmi\Sophos
2008-01-06 21:29 . 2008-01-06 21:30 <DIR> d-------- C:\Programmi\CCleaner
2008-01-06 20:36 . 2008-01-12 22:31 <DIR> d-------- C:\VEXPLITE
2008-01-06 20:36 . 2008-01-08 21:57 36,096 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-01-02 20:01 . 2008-01-02 20:01 <DIR> d-------- C:\WINDOWS\system32\bak
2008-01-02 20:01 . 2008-01-29 11:44 <DIR> d-------- C:\WINDOWS\bak
2007-12-31 14:22 . 2007-12-31 14:22 <DIR> d-------- C:\Programmi\Panasonic
2007-12-31 14:22 . 2005-03-07 19:44 45,056 --a------ C:\WINDOWS\system32\PhDi2.sys
2007-12-31 14:21 . 2007-12-31 14:21 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2019-12-15 04:41 --------- d--h--w C:\Programmi\Uninstall Information
2008-01-29 03:33 --------- d-----w C:\Programmi\eMule
2008-01-28 15:34 --------- d-----w C:\Programmi\SpywareBlaster
2008-01-27 15:20 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\foobar2000
2008-01-26 10:33 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-01-12 13:46 --------- d-----w C:\Programmi\QuickTime
2008-01-12 13:46 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2008-01-12 13:38 --------- d-----w C:\Programmi\iTunes
2008-01-03 13:32 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-01-03 13:32 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-12-31 13:22 --------- d--h--w C:\Programmi\InstallShield Installation Information
2007-12-28 17:16 --------- d-----w C:\Programmi\Skype
2007-12-28 17:16 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Skype
2007-12-25 16:03 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\Screenshot Sender
2007-12-16 12:55 --------- d-----w C:\Programmi\Personal Chess Trainer
2007-11-14 13:23 74,394 ----a-w C:\Programmi\Uninstal.exe
2007-11-11 20:51 230,432 ----a-w C:\PA207.DAT
2006-04-26 09:09 110,468 ----a-w C:\Programmi\pgnread.zip
2005-10-12 18:32 1,682,186 ------w C:\Programmi\CrystalFree.rar
2005-10-12 12:16 1,052,449 -c--a-w C:\Programmi\bsplayer.rar
2002-12-03 16:01 55,426 -c--a-r C:\Programmi\data.tag
2000-11-07 12:13 182 ----a-w C:\Programmi\Info.txt
2000-01-19 16:20 1,328 ----a-w C:\Programmi\Install.bat
2000-01-10 21:30 311 ----a-w C:\Programmi\Leggimi.txt
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 94,208 2006-04-29 13:21:28 C:\Programmi\Elaborate Bytes\VirtualCloneDrive\bak\VCDDaemon.exe

----a-w 579,072 2007-12-21 08:09:21 C:\Programmi\Grisoft\AVG7\bak\avgcc.exe
----a-w 579,072 2008-01-08 21:03:56 C:\Programmi\Grisoft\AVG7\avgcc.exe

----a-w 256,576 2006-10-30 08:36:36 C:\Programmi\iTunes\bak\iTunesHelper.exe

----a-w 282,624 2006-10-25 17:58:18 C:\Programmi\QuickTime\bak\qttask.exe

-c--a-w 15,360 2002-12-31 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe

----a-w 249,856 2003-10-30 13:09:36 C:\WINDOWS\system32\bak\keyhook.exe

----a-w 155,648 2001-07-09 09:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe

----a-w 667,648 2003-10-30 13:10:20 C:\WINDOWS\system32\bak\sistray.EXE

----a-w 172,032 2004-03-04 15:46:24 C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb10.exe

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15 106496]
"Cmaudio"="cmicnfg.cpl" []
"CARPService"="carpserv.exe" [2002-11-19 12:17 4608 C:\WINDOWS\system32\carpserv.exe]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [ ]
"VIRIT LITE MONITOR"="C:\VEXPLITE\MONLITE.EXE" [2008-01-12 14:46 245760]
"PrevxOne"="C:\Programmi\Prevx1\PXConsole.exe" [2006-12-02 17:43 1507328]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-08 22:03 579072]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-08 22:04 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-01-08 21:57]
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2008-01-12 14:46]
R3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2004-08-19 14:23]
R3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-14 09:26]
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\21.tmp []
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]

*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-29 12:17:02
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-01-29 12.19.10
ComboFix-quarantined-files.txt 2008-01-29 11:19:06
.
2008-01-17 02:03:10 --- E O F ---

yamashita · Eroe Registrato: 18/01/08 20:30 Messaggi: 51

ci sono tre link li metto tutti e tre per evitare errori

kaspersky log1.html

yamashita · Eroe Registrato: 18/01/08 20:30 Messaggi: 51

cmq il problema sembra essersi risolto,aspetto conferma.grazie

yamashita · Eroe Registrato: 18/01/08 20:30 Messaggi: 51

ormai da piu' di un giorno il problema si e' risolto.grazie mille per l'aiuto.aspetto che gualcuno dia un'okkiata agli ultimi log.cmq qui e' tutt'ok Very Happy

bdoriano

Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:

yamashita · Eroe Registrato: 18/01/08 20:30 Messaggi: 51

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ijrbebhk

*******************

Script file located at: \??\C:\Documents and Settings\pgetfodk.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\21.tmp not found!
Deletion of file C:\WINDOWS\system32\21.tmp failed!

Could not process line:
C:\WINDOWS\system32\21.tmp
Status: 0xc0000034

File C:\WINDOWS\ua2.dll deleted successfully.
File C:\WINDOWS\system32\T.COM deleted successfully.
File C:\WINDOWS\R.COM deleted successfully.
Folder C:\WINDOWS\zts2.exe deleted successfully.
Folder C:\WINDOWS\system32\vcmgcd32.dll deleted successfully.
Folder C:\WINDOWS\system32\iifgfgf.dll deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

yamashita · Eroe Registrato: 18/01/08 20:30 Messaggi: 51

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3.11.20, on 01/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\carpserv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\File comuni\MicroWorld\Agent\MWASER.EXE
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmi\File comuni\MicroWorld\Agent\MWAgent.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\hijackthis-v2\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [PrevxOne] "C:\Programmi\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Programmi\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Programmi\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.google.it
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{94180E28-8DA0-4F42-B1CE-9BF86249572A}: NameServer = 85.37.17.39 85.38.28.71
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Programmi\File comuni\MicroWorld\Agent\MWASER.EXE
O23 - Service: Prevx Agent (PREVXAgent) - Prevx - C:\Programmi\Prevx1\PXAgent.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

--
End of file - 6680 bytes

yamashita · Eroe Registrato: 18/01/08 20:30 Messaggi: 51

bdoriano allora? che ne pensi ?il pc cmq sembra in ottima forma.grazie