Olimpo Informatico

Warlock · Mortale devoto Registrato: 28/07/06 16:29 Messaggi: 13 Residenza: Roma

Ciao ragazzi.

Ho già postato qui per un Link Optimizer.

Ora invece il PC da dei problemi odiosi. Nn so a cosa siano legati, ma molto spesso vanno in errore applicazioni, tra cui internet explorer molto spesso, il PC è molto + lento, molte volte il sistema va in palla nn risponde + ai comandi.
Insomma, c\'è qualcosa che nn va.

Posto qui di seguito un log Hjackthis. Qualunque altra cosa servisse, sono qui. Spero di sentirti presto holi Smile

Logfile of HijackThis v1.99.1
Scan saved at 20.19.39, on 12/10/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\csrss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\System32\\Ati2evxx.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe
C:\\WINDOWS\\system32\\Ati2evxx.exe
C:\\WINDOWS\\Explorer.EXE
C:\\Programmi\\Eset\\nod32kui.exe
C:\\Programmi\\Zone Labs\\ZoneAlarm\\zlclient.exe
C:\\Programmi\\Messenger\\msmsgs.exe
C:\\Programmi\\Spyware Doctor\\swdoctor.exe
C:\\Programmi\\Skype\\Phone\\Skype.exe
C:\\FRAPS\\FRAPS.EXE
C:\\Programmi\\ADSL\\StarModem ADSL USB MODEM\\dslmon.exe
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\Programmi\\File comuni\\EPSON\\EBAPI\\eEBSVC.exe
C:\\Programmi\\File comuni\\EPSON\\EBAPI\\SAgent2.exe
C:\\Programmi\\ewido anti-spyware 4.0\\guard.exe
C:\\Programmi\\Eset\\nod32krn.exe
C:\\Programmi\\Spyware Doctor\\sdhelp.exe
C:\\Programmi\\Analog Devices\\SoundMAX\\SMAgent.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\System32\\wdfmgr.exe
C:\\Programmi\\Canon\\CAL\\CALMAIN.exe
C:\\Programmi\\Trillian\\trillian.exe
C:\\PROGRAMMI\\INTERNET EXPLORER\\IEXPLORE.EXE
C:\\Programmi\\Internet Explorer\\IEXPLORE.EXE
C:\\WINDOWS\\System32\\wuauclt.exe
C:\\Programmi\\Hijackthis\\HijackThis.exe

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://www.jabolis.org/forum
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\\Programmi\\Adobe\\Acrobat 5.0\\Reader\\ActiveX\\AcroIEHelper.ocx
O2 - BHO: edit_html Class - {14D1A72D-8705-11D8-B120-0040F46CB696} - blank (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\\PROGRA~1\\SPYWAR~1\\tools\\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\\PROGRA~1\\SPYWAR~1\\tools\\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\\WINDOWS\\System32\\msdxm.ocx
O4 - HKLM\\..\\Run: [EPSON Stylus CX3200] C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S10IC2.EXE /P19 \"EPSON Stylus CX3200\" /O6 \"USB001\" /M \"Stylus CX3200\"
O4 - HKLM\\..\\Run: [QuickTime Task] \"C:\\Programmi\\QuickTime\\qttask.exe\" -atboottime
O4 - HKLM\\..\\Run: [9xadiras] 9xadiras.exe
O4 - HKLM\\..\\Run: [2kadiras] 2kadiras.exe
O4 - HKLM\\..\\Run: [nod32kui] \"C:\\Programmi\\Eset\\nod32kui.exe\" /WAITSERVICE
O4 - HKLM\\..\\Run: [Zone Labs Client] \"C:\\Programmi\\Zone Labs\\ZoneAlarm\\zlclient.exe\"
O4 - HKLM\\..\\Run: [KernelFaultCheck] %systemroot%\\system32\\dumprep 0 -k
O4 - HKCU\\..\\Run: [MSMSGS] \"C:\\Programmi\\Messenger\\msmsgs.exe\" /background
O4 - HKCU\\..\\Run: [Spyware Doctor] \"C:\\Programmi\\Spyware Doctor\\swdoctor.exe\" /Q
O4 - HKCU\\..\\Run: [Skype] \"C:\\Programmi\\Skype\\Phone\\Skype.exe\" /nosplash /minimized
O4 - HKCU\\..\\Run: [Fraps] C:\\FRAPS\\FRAPS.EXE
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\\Programmi\\Microsoft Office\\Office10\\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\\PROGRA~1\\MICROS~2\\Office10\\EXCEL.EXE/3000
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{F5205A6C-72BB-4408-A127-E60F7F605500}: NameServer = 193.70.152.15 193.70.152.25
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\\WINDOWS\\System32\\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\\WINDOWS\\system32\\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\\Programmi\\Canon\\CAL\\CALMAIN.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\\Programmi\\File comuni\\EPSON\\EBAPI\\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\\Programmi\\File comuni\\EPSON\\EBAPI\\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\\Programmi\\ewido anti-spyware 4.0\\guard.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\\Programmi\\Eset\\nod32krn.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\\Programmi\\Spyware Doctor\\sdhelp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\\Programmi\\Analog Devices\\SoundMAX\\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe

Grazie in anticipo.

BilloKenobi · Mortale pio Registrato: 12/10/06 16:19 Messaggi: 25

amico mio, il tuo log è praticamente pulito, eccezion fatta per

O2 - BHO: edit_html Class - {14D1A72D-8705-11D8-B120-0040F46CB696} - blank (file missing)

che devi fixare, ma prima di tutto installa i service pack con windowsupdate se no sei esposto a virus dannosi e di vecchissima origine

Warlock · Mortale devoto Registrato: 28/07/06 16:29 Messaggi: 13 Residenza: Roma

Appena ora, con l'analisi profonda di NOD 32, nella memora risulta esserci un cavallo di troia WIN32/Trojanclicker.small.KJ, mentre nel disco locale c'è sempre lo stesso virus sotto C:\windows\spoolsv32.dll

Ditemi come devo procedere. Per ora lascio tutto intatto. Nn vorrei fare passi falsi.

Era netto che il pc nn andava bene. Sento che lavora come un pazzo e si arresta frequentemente.

Holi ti aspetto Smile

BilloKenobi · Mortale pio Registrato: 12/10/06 16:19 Messaggi: 25

i clicker sono antipatici, e come al solito creano qualche problema... per eliminarlo segui questi procedimenti

1)scarica killbox (non necessita installazione. devi solo estrarlo)
2)riavvia in modalità provvisoria e cerchi e cancelli questi files con killbox

C:\Windows\Temp\c1.txt
C:\Windows\Temp\c2.txt
C:\Windows\Temp\c3.txt
C:\Windows\svchost.exe
C:\Windows\SYSHOST.DLL
C:\windows\spoolsv32.dll
C:\Windows\service32.exe (probabilmente lo troverai, va in coppia con syshost.dll.)

3)scarica Ccleaner, lo installi e lo apri, vai su Opzioni -> avanzate, e togli la spunta a "Cancella files in windows temp solo se più vecchi di 48 ore". poi fai girare il programa (riclicchi su cleaner -> Avvia Cleaner)

4)scarica gmer e posta un log della sezione autostart

gmer= http://www.suspectfile.com/upload/files/tools/gmer.zip

Warlock · Mortale devoto Registrato: 28/07/06 16:29 Messaggi: 13 Residenza: Roma

In attesa si Holi (sempre se verrà Smile

) ringrazio te Billokenobi.

-Allora, kill box l'ho scaricato
-in modalità provvisoria ho trovato solo spoolsv32.dll e service32.exe (eliminati entrambi)
-fatto pulizia con ccleaner
-ecco il log di gmer autostart

GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-10-13 14:08:02
Windows 5.1.2600

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent@DLLName = Ati2evxx.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Ati HotKey Poller@ = %SystemRoot%\System32\Ati2evxx.exe
ATI Smart /*ATI Smart*/@ = C:\WINDOWS\system32\ati2sgag.exe
CCALib8 /*Canon Camera Access Library 8*/@ = C:\Programmi\Canon\CAL\CALMAIN.exe
EpsonBidirectionalService /*EpsonBidirectionalService*/@ = C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
EPSONStatusAgent2 /*EPSON Printer Status Agent2*/@ = C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
ewido anti-spyware 4.0 guard /*ewido anti-spyware 4.0 guard*/@ = C:\Programmi\ewido anti-spyware 4.0\guard.exe
NOD32krn /*NOD32 Kernel Service*/@ = C:\Programmi\Eset\nod32krn.exe
SDhelper /*PC Tools Spyware Doctor*/@ = C:\Programmi\Spyware Doctor\sdhelp.exe
SoundMAX Agent Service (default) /*SoundMAX Agent Service*/@ = C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\System32\wdfmgr.exe
vsmon /*TrueVector Internet Monitor*/@ = C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@RegistryMechanic /*file not found*/ = /*file not found*/
@EPSON Stylus CX3200C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200" = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@9xadiras9xadiras.exe /*file not found*/ = 9xadiras.exe /*file not found*/
@2kadiras2kadiras.exe = 2kadiras.exe
@nod32kui"C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE = "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
@Zone Labs Client"C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" = "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
@KernelFaultCheck%systemroot%\system32\dumprep 0 -k = %systemroot%\system32\dumprep 0 -k

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run@1 = C:\WINDOWS\service32.exe /*file not found*/

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@MSMSGS"C:\Programmi\Messenger\msmsgs.exe" /background = "C:\Programmi\Messenger\msmsgs.exe" /background
@Spyware Doctor"C:\Programmi\Spyware Doctor\swdoctor.exe" /Q = "C:\Programmi\Spyware Doctor\swdoctor.exe" /Q
@Skype"C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized = "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
@FrapsC:\FRAPS\FRAPS.EXE = C:\FRAPS\FRAPS.EXE

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{57B86673-276A-48B2-BAE7-C6DBB3020EB8} = C:\Programmi\ewido anti-spyware 4.0\shellexecutehook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{5F327514-6C5E-4d60-8F16-D07FA08A78ED} /*Estensione finestra proprietà di aggiornamento automatico*/C:\WINDOWS\System32\wuaueng.dll = C:\WINDOWS\System32\wuaueng.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\Programmi\Microsoft Office\Office10\OLKFSTUB.DLL = C:\Programmi\Microsoft Office\Office10\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\Office10\msohev.dll = C:\Programmi\Microsoft Office\Office10\msohev.dll
@{B089FE88-FB52-11d3-BDF1-0050DA34150D} /*NOD32 Context Menu Shell Extension*/C:\Programmi\Eset\nodshex.dll = C:\Programmi\Eset\nodshex.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\System32\dfshim.dll = C:\WINDOWS\System32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\System32\dfshim.dll = C:\WINDOWS\System32\dfshim.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
ewido anti-spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\ewido anti-spyware 4.0\context.dll
NOD32 Context Menu Shell Extension@{B089FE88-FB52-11d3-BDF1-0050DA34150D} = C:\Programmi\Eset\nodshex.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
ewido anti-spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmi\ewido anti-spyware 4.0\context.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
NOD32 Context Menu Shell Extension@{B089FE88-FB52-11d3-BDF1-0050DA34150D} = C:\Programmi\Eset\nodshex.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx = C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
@{14D1A72D-8705-11D8-B120-0040F46CB696}blank /*file not found*/ = blank /*file not found*/
@{53707962-6F74-2D53-2644-206D7942484F}C:\PROGRA~1\SPYBOT~1\SDHelper.dll = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
@{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll = C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
@{B56A7D7D-6927-48C8-A975-17DF180C71AC}C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll = C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.jabolis.org/forum = http://www.jabolis.org/forum
@Local PageC:\WINDOWS\System32\blank.htm = C:\WINDOWS\System32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
cdo@CLSID = C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL
dvd@CLSID = C:\WINDOWS\System32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
lid@CLSID = C:\WINDOWS\System32\msvidctl.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
tv@CLSID = C:\WINDOWS\System32\msvidctl.dll
vnd.ms.radio@CLSID = C:\WINDOWS\System32\msdxm.ocx
wia@CLSID = C:\WINDOWS\System32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = imon.dll
000000000002@PackedCatalogItem = imon.dll
000000000003@PackedCatalogItem = imon.dll
000000000004@PackedCatalogItem = imon.dll
000000000005@PackedCatalogItem = imon.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021@PackedCatalogItem = imon.dll

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
DSLMON.lnk = DSLMON.lnk
Microsoft Office.lnk = Microsoft Office.lnk

---- EOF - GMER 1.0.10 ----

Warlock · Mortale devoto Registrato: 28/07/06 16:29 Messaggi: 13 Residenza: Roma

Qualcuno mi può aiutare nel come procedere?

Aggiungo che è ho fatto una scansione con kaspersky, ecco il resoconto:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, October 13, 2006 6:04:16 PM
Operating System: Microsoft Windows XP Professional, (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 13/10/2006
Kaspersky Anti-Virus database records: 218210
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 33311
Number of viruses found: 2
Number of infected objects: 17 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:28:16

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Vasqua\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Vasqua\Dati applicazioni\Skype\vasquack\call256.dbb Object is locked skipped
C:\Documents and Settings\Vasqua\Dati applicazioni\Skype\vasquack\chat256.dbb Object is locked skipped
C:\Documents and Settings\Vasqua\Dati applicazioni\Skype\vasquack\chat512.dbb Object is locked skipped
C:\Documents and Settings\Vasqua\Dati applicazioni\Skype\vasquack\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\Vasqua\Dati applicazioni\Skype\vasquack\chatmsg512.dbb Object is locked skipped
C:\Documents and Settings\Vasqua\Dati applicazioni\Skype\vasquack\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\Vasqua\Dati applicazioni\Skype\vasquack\index2.dat Object is locked skipped
C:\Documents and Settings\Vasqua\Dati applicazioni\Skype\vasquack\profile256.dbb Object is locked skipped
C:\Documents and Settings\Vasqua\Dati applicazioni\Skype\vasquack\transfer256.dbb Object is locked skipped
C:\Documents and Settings\Vasqua\Dati applicazioni\Skype\vasquack\transfer512.dbb Object is locked skipped
C:\Documents and Settings\Vasqua\Dati applicazioni\Skype\vasquack\user1024.dbb Object is locked skipped
C:\Documents and Settings\Vasqua\Dati applicazioni\Skype\vasquack\user16384.dbb Object is locked skipped
C:\Documents and Settings\Vasqua\Dati applicazioni\Skype\vasquack\user256.dbb Object is locked skipped
C:\Documents and Settings\Vasqua\Dati applicazioni\Skype\vasquack\user4096.dbb Object is locked skipped
C:\Documents and Settings\Vasqua\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Vasqua\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Vasqua\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Vasqua\Impostazioni locali\Temp\Perflib_Perfdata_61c.dat Object is locked skipped
C:\Documents and Settings\Vasqua\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Vasqua\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Vasqua\NTUSER.DAT.LOG Object is locked skipped
C:\Programmi\ESET\logs\virlog.dat Object is locked skipped
C:\Programmi\ESET\logs\warnlog.dat Object is locked skipped
C:\RECYCLER\S-1-5-21-73586283-1450960922-682003330-1003\Dc1\spoolsv32.dll Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\System Volume Information\_restore{F1A59D90-1BFA-441A-B96A-492488242406}\RP85\A0074489.dll Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\System Volume Information\_restore{F1A59D90-1BFA-441A-B96A-492488242406}\RP85\A0075489.dll Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\System Volume Information\_restore{F1A59D90-1BFA-441A-B96A-492488242406}\RP85\A0076489.dll Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\System Volume Information\_restore{F1A59D90-1BFA-441A-B96A-492488242406}\RP85\A0076569.dll Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\System Volume Information\_restore{F1A59D90-1BFA-441A-B96A-492488242406}\RP85\A0076584.dll Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\System Volume Information\_restore{F1A59D90-1BFA-441A-B96A-492488242406}\RP85\A0076618.dll Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\System Volume Information\_restore{F1A59D90-1BFA-441A-B96A-492488242406}\RP85\A0077618.dll Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\System Volume Information\_restore{F1A59D90-1BFA-441A-B96A-492488242406}\RP85\A0078618.dll Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\System Volume Information\_restore{F1A59D90-1BFA-441A-B96A-492488242406}\RP85\A0079618.dll Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\System Volume Information\_restore{F1A59D90-1BFA-441A-B96A-492488242406}\RP85\A0080618.dll Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\System Volume Information\_restore{F1A59D90-1BFA-441A-B96A-492488242406}\RP85\A0080655.dll Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\System Volume Information\_restore{F1A59D90-1BFA-441A-B96A-492488242406}\RP85\A0080685.dll Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\System Volume Information\_restore{F1A59D90-1BFA-441A-B96A-492488242406}\RP85\A0080764.dll Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\System Volume Information\_restore{F1A59D90-1BFA-441A-B96A-492488242406}\RP85\A0081764.dll Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\System Volume Information\_restore{F1A59D90-1BFA-441A-B96A-492488242406}\RP85\A0081772.dll Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\System Volume Information\_restore{F1A59D90-1BFA-441A-B96A-492488242406}\RP85\A0081845.exe Infected: Packed.Win32.PolyCrypt.a skipped
C:\System Volume Information\_restore{F1A59D90-1BFA-441A-B96A-492488242406}\RP85\change.log Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\Internet Logs\VASQUA.ldb Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\Temp\ZLT0478a.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT0478d.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{F1A59D90-1BFA-441A-B96A-492488242406}\RP85\change.log Object is locked skipped

Scan process completed.

Help me ! -.- Se serve altro sono pronto

Smjert

Accidenti hai il Clicker nel punto di ripristino, c'è il rischio che si rigeneri.
Fai così:
Disabilita il ripristino di sistema (leggi qua come fare).
Riavvia il pc e poi riattiva il ripristino.
Controlla inoltre che i file che avevi trovato non siano risbucati (spoolsv32.dll, service32.exe ecc...).

PS: Ricordati di svuotare il cestino! hai ancora quella dll del clicker.

Warlock · Mortale devoto Registrato: 28/07/06 16:29 Messaggi: 13 Residenza: Roma

Ok.

Disattivato il ripristino blablabla;
Riavviato;
Riattivato il ripristino blablabla;

Controllato i files e nn ci sono:
Svuotato il cestino.

Prossimo STEP? Smile

p.s. thx anche a te Smjert

Smjert

Direi che dovresti essere a posto...

Warlock · Mortale devoto Registrato: 28/07/06 16:29 Messaggi: 13 Residenza: Roma

Quindi in finale va bene questo log di hjack?

ditemi se devo fixare qlc o se ci sono problemi:

Logfile of HijackThis v1.99.1
Scan saved at 23.11.35, on 14/10/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Spyware Doctor\swdoctor.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\FRAPS\FRAPS.EXE
C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe
C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Spyware Doctor\sdhelp.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Programmi\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jabolis.org/forum
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: edit_html Class - {14D1A72D-8705-11D8-B120-0040F46CB696} - blank (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [9xadiras] 9xadiras.exe
O4 - HKLM\..\Run: [2kadiras] 2kadiras.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmi\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F5205A6C-72BB-4408-A127-E60F7F605500}: NameServer = 193.70.152.15 193.70.152.25
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Programmi\Eset\nod32krn.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programmi\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

In attesa, ringrazio chi ha collaborato Wink

Smjert

mmm fixa questa voce:

O2 - BHO: edit_html Class - {14D1A72D-8705-11D8-B120-0040F46CB696} - blank (file missing)

se riscanni o riavvi il pc e poi scanni la voce rimane?

Warlock · Mortale devoto Registrato: 28/07/06 16:29 Messaggi: 13 Residenza: Roma

ok fixata quella voce e nn si presentà più manco al riavvio.

Altri fix? tipo:O17 - HKLM\System\CCS\Services\Tcpip\..\{F5205A6C-72BB-4408-A127-E60F7F605500}: NameServer = 193.70.152.15 193.70.152.25 ?

L'analizzatore automatico mi dice che è superfluo -.-

che dici?

luken · Comune mortale Registrato: 15/10/06 01:21 Messaggi: 3

vi posto un log di hijackthis anke io ho avuto lo stesso problema del virus win32/trojancliker.small.ks vorrei tanto sapere se il mio pc è libero dal virus
grazie
ecco il log:
Logfile of HijackThis v1.99.1
Scan saved at 1.17.50, on 15/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\FlyNet\CnxDslTb.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Agnitum\Outpost Firewall\outpost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\eMule\emule.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Eset\nod32.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Pellecchia\Impostazioni locali\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {14D1A72D-8705-11D8-B120-0040F46CB696} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Programmi\Power Translator\Applications\LEC IE Translation Extension.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\FlyNet\CnxDslTb.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Programmi\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Outpost Firewall Pro Regolazione rapida - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Programmi\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab50997.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab50997.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{309067A2-D445-4A69-817F-53583A27BF20}: NameServer = 62.94.0.1,62.94.0.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D8028B4-1C89-4935-B99E-8BED0A2486AA}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Programmi\Agnitum\Outpost Firewall\outpost.exe

Smjert

Warlock: sei a posto, quella voce riguarda i DNS di Infostrada.

luken:
Fixa questa voce O2 - BHO: (no name) - {14D1A72D-8705-11D8-B120-0040F46CB696} - (no file) dopodichè anche tu dal log di HijackThis sembri essere a posto, se non l'hai ancora fatto fai una scansione online con Panda e poi posta il risultato (ti conviene, durante la scansione, disattivare il controllo real-time dell'antivirus).

luken · Comune mortale Registrato: 15/10/06 01:21 Messaggi: 3

grazie x la risposta immediata , ho fatto come hai detto tu adesso ti posto il log della scansione on line con panda della partizione C , poi ho un hd esterno di 250 gb che scansiono dopo. Ho eliminato i cookies da firefox e da internet explorer cosi va bene?
grazie ancora

Incident Status Location

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\mionome\Cookies\mionome@atdmt[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\mionome\Dati applicazioni\Mozilla\Firefox\Profiles\0u82dy83.default\cookies.txt[.tribalfusion.com/]

Smjert

Sì sei a posto

luken · Comune mortale Registrato: 15/10/06 01:21 Messaggi: 3

grazie mille.... Razz

holifay · Dio maturo Registrato: 08/03/05 10:48 Messaggi: 2912 Residenza: Milano