malware....le ho provate tutte

viandante · 09-01-2007, 17:09

Allora....
Si aprono in conituazione finestre pubblicitarie di : ERRORSAFE, AMAENA, VEGASRED e altri....
Ho provato tutti gli antispyware, 3 antivirus, tutto sia in modalità normale che in provvisoria. Trovano sempre gli stessi problemi, li riparano e poi tornano. Non c'è proprio niente da fare??

Il log di hijack è pulito.......
Sono disperato.

Grazie a chi mi aiuterà

viandante · 09-01-2007, 17:11

Logfile of HijackThis v1.99.1
Scan saved at 17.10.49, on 09/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AOL\Active Virus Shield\avp.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\vsnpstd.exe
C:\Programmi\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.it/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [aol] "C:\Programmi\AOL\Active Virus Shield\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?7e73abef10ce46a3b780de4d96f0b6b0
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?7e73abef10ce46a3b780de4d96f0b6b0
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/reso...scbase8460.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Programmi\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe

viandante · 09-01-2007, 17:23

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-01-09 17:23:02
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.12 ----

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwClose
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcessEx
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSection
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSymbolicLinkObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDuplicateObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwFlushKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwInitializeRegistry
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey2
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwNotifyChangeKey
SSDT kl1.sys ZwOpenFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenSection
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryMultipleValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQuerySystemInformation
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwReplaceKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwRestoreKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwResumeThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSaveKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetContextThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetSecurityObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSuspendThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwUnloadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwWriteVirtualMemory
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[284]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[285]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[286]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[287]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[288]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[289]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[290]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[291]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[292]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[293]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[294]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[295]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[296]

Code \??\C:\WINDOWS\system32\drivers\klif.sys FsRtlCheckLockForReadAccess
Code \??\C:\WINDOWS\system32\drivers\klif.sys IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.12 ----

.text ntoskrnl.exe!KiDispatchInterrupt + BA 804D492E 7 Bytes JMP EDBC4120 \??\C:\WINDOWS\system32\drivers\klif.sys
.text ntoskrnl.exe!IoIsOperationSynchronous 804E1752 5 Bytes JMP EDBC12A0 \??\C:\WINDOWS\system32\drivers\klif.sys
.text ntoskrnl.exe!FsRtlCheckLockForReadAccess 804F4E09 5 Bytes JMP EDBC0E10 \??\C:\WINDOWS\system32\drivers\klif.sys

---- User code sections - GMER 1.0.12 ----

.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[132] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[132] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[132] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[132] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[132] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[132] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[132] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 10002EF4
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[132] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 10002E63
.text C:\WINDOWS\system32\alg.exe[168] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\WINDOWS\system32\alg.exe[168] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\WINDOWS\system32\alg.exe[168] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 10002EF4
.text C:\WINDOWS\system32\alg.exe[168] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 10002E63
.text C:\WINDOWS\system32\bgualjz.exe[488] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 015B200E
.text C:\WINDOWS\system32\bgualjz.exe[488] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 015B1DAF
.text C:\WINDOWS\system32\bgualjz.exe[488] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 015B1CF2
.text C:\WINDOWS\system32\bgualjz.exe[488] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 015B191B
.text C:\WINDOWS\system32\bgualjz.exe[488] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 015B2D81
.text C:\WINDOWS\system32\bgualjz.exe[488] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 015B2CF3
.text C:\WINDOWS\system32\bgualjz.exe[488] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 015B2EF4
.text C:\WINDOWS\system32\bgualjz.exe[488] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 015B2E63
.text C:\WINDOWS\vsnpstd.exe[496] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\vsnpstd.exe[496] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\vsnpstd.exe[496] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\vsnpstd.exe[496] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\vsnpstd.exe[496] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\WINDOWS\vsnpstd.exe[496] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\WINDOWS\vsnpstd.exe[496] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 10002EF4
.text C:\WINDOWS\vsnpstd.exe[496] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 10002E63
.text C:\WINDOWS\system32\winlogon.exe[552] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00BC200E
.text C:\WINDOWS\system32\winlogon.exe[552] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00BC1DAF
.text C:\WINDOWS\system32\winlogon.exe[552] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00BC1CF2
.text C:\WINDOWS\system32\winlogon.exe[552] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00BC191B
.text C:\WINDOWS\system32\winlogon.exe[552] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00BC2D81
.text C:\WINDOWS\system32\winlogon.exe[552] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00BC2CF3
.text C:\WINDOWS\system32\winlogon.exe[552] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 00BC2EF4
.text C:\WINDOWS\system32\winlogon.exe[552] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 00BC2E63
.text C:\WINDOWS\system32\services.exe[596] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\services.exe[596] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\services.exe[596] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\services.exe[596] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\services.exe[596] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\WINDOWS\system32\services.exe[596] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\WINDOWS\system32\services.exe[596] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 10002EF4
.text C:\WINDOWS\system32\services.exe[596] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 10002E63
.text C:\WINDOWS\system32\lsass.exe[608] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\lsass.exe[608] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\lsass.exe[608] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\lsass.exe[608] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\WINDOWS\system32\lsass.exe[608] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 10002EF4
.text C:\WINDOWS\system32\lsass.exe[608] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 10002E63
.text C:\WINDOWS\system32\ctfmon.exe[712] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\ctfmon.exe[712] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\ctfmon.exe[712] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\ctfmon.exe[712] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\ctfmon.exe[712] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\WINDOWS\system32\ctfmon.exe[712] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\WINDOWS\system32\ctfmon.exe[712] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 10002EF4
.text C:\WINDOWS\system32\ctfmon.exe[712] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 10002E63
.text C:\WINDOWS\system32\ati2evxx.exe[740] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\ati2evxx.exe[740] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\ati2evxx.exe[740] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\ati2evxx.exe[740] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\ati2evxx.exe[740] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\WINDOWS\system32\ati2evxx.exe[740] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\WINDOWS\system32\ati2evxx.exe[740] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 10002EF4
.text C:\WINDOWS\system32\ati2evxx.exe[740] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 10002E63
.text C:\WINDOWS\system32\svchost.exe[772] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\svchost.exe[772] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\svchost.exe[772] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\svchost.exe[772] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 10002EF4
.text C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 10002E63
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\WINDOWS\system32\svchost.exe[860] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 10002EF4
.text C:\WINDOWS\system32\svchost.exe[860] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 10002E63
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 10002EF4
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 10002E63
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\WINDOWS\system32\svchost.exe[960] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 10002EF4
.text C:\WINDOWS\system32\svchost.exe[960] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 10002E63
.text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1020] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1020] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1020] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1020] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1020] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1020] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1020] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 10002EF4
.text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1020] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 10002E63
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 10002EF4
.text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 10002E63
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1080] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1080] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1080] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1080] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1080] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1080] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1080] kernel32.dll!SetUnhandledExceptionFilter 7C84479D 5 Bytes JMP 004E12D0 C:\Programmi\MSN Messenger\MsnMsgr.Exe
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1080] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 10002EF4
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1080] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 10002E63
.text C:\WINDOWS\system32\spoolsv.exe[1168] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\spoolsv.exe[1168] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\spoolsv.exe[1168] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\spoolsv.exe[1168] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\spoolsv.exe[1168] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\WINDOWS\system32\spoolsv.exe[1168] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\WINDOWS\system32\spoolsv.exe[1168] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 10002EF4
.text C:\WINDOWS\system32\spoolsv.exe[1168] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 10002E63
.text C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE[1312] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE[1312] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE[1312] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE[1312] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE[1312] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE[1312] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE[1312] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 10002EF4
.text C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE[1312] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 10002E63
.text C:\WINDOWS\system32\slserv.exe[1348] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\slserv.exe[1348] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\slserv.exe[1348] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\slserv.exe[1348] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\slserv.exe[1348] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\WINDOWS\system32\slserv.exe[1348] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\WINDOWS\system32\slserv.exe[1348] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 10002EF4
.text C:\WINDOWS\system32\slserv.exe[1348] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 10002E63
.text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 10002EF4
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 10002E63
.text C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe[1392] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe[1392] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe[1392] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe[1392] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe[1392] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe[1392] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe[1392] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 10002EF4
.text C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe[1392] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 10002E63
.text C:\WINDOWS\system32\wdfmgr.exe[1408] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\WINDOWS\system32\wdfmgr.exe[1408] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\WINDOWS\system32\wdfmgr.exe[1408] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 10002EF4
.text C:\WINDOWS\system32\wdfmgr.exe[1408] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 10002E63
.text C:\WINDOWS\system32\ati2evxx.exe[1732] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\ati2evxx.exe[1732] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\ati2evxx.exe[1732] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\ati2evxx.exe[1732] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\ati2evxx.exe[1732] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\WINDOWS\system32\ati2evxx.exe[1732] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\WINDOWS\system32\ati2evxx.exe[1732] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 10002EF4
.text C:\WINDOWS\system32\ati2evxx.exe[1732] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 10002E63
.text C:\WINDOWS\explorer.exe[1940] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\explorer.exe[1940] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\explorer.exe[1940] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\explorer.exe[1940] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\explorer.exe[1940] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\WINDOWS\explorer.exe[1940] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\WINDOWS\explorer.exe[1940] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 10002EF4
.text C:\WINDOWS\explorer.exe[1940] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 10002E63
.text C:\WINDOWS\system32\svchost.exe[2136] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\svchost.exe[2136] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\svchost.exe[2136] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\svchost.exe[2136] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\svchost.exe[2136] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\WINDOWS\system32\svchost.exe[2136] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\WINDOWS\system32\svchost.exe[2136] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 10002EF4
.text C:\WINDOWS\system32\svchost.exe[2136] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 10002E63
.text C:\Documents and Settings\Utente\Desktop\gmer.exe[3332] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Documents and Settings\Utente\Desktop\gmer.exe[3332] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Documents and Settings\Utente\Desktop\gmer.exe[3332] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Documents and Settings\Utente\Desktop\gmer.exe[3332] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Documents and Settings\Utente\Desktop\gmer.exe[3332] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\Documents and Settings\Utente\Desktop\gmer.exe[3332] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\Documents and Settings\Utente\Desktop\gmer.exe[3332] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 10002EF4
.text C:\Documents and Settings\Utente\Desktop\gmer.exe[3332] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 10002E63

---- Threads - GMER 1.0.12 ----

Thread 4:112 8265BA20
Thread 4:116 8263AC60
Thread 4:120 8263AC60
Thread 4:312 8265BA20
Thread 4:376 8265BA20

---- Processes - GMER 1.0.12 ----

Process C:\WINDOWS\system32\bgualjz.exe (*** hidden *** ) 488
Library C:\windows\system32\bgualjz.exe (*** hidden *** ) @ C:\WINDOWS\system32\bgualjz.exe [488] 0x00400000

---- Registry - GMER 1.0.12 ----

Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@bgualjz c:\windows\system32\bgualjz.exe bgualjz
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@bgualjz c:\windows\system32\bgualjz.exe bgualjz

---- Files - GMER 1.0.12 ----

File C:\WINDOWS\Prefetch\BGUALJZ.EXE-24D266E6.pf
File C:\WINDOWS\system32\bgualjz.dat
File C:\WINDOWS\system32\bgualjz.exe
File C:\WINDOWS\system32\bgualjz_nav.dat
File C:\WINDOWS\system32\bgualjz_navps.dat

---- EOF - GMER 1.0.12 ----

wizard1993 · 09-01-2007, 17:52

per curiosità; ma che firewall hai?

viandante · 09-01-2007, 17:55

Quote:

Originariamente inviato da wizard1993

per curiosità; ma che firewall hai?

questo computer non ha firewall, solo antivirus

wizard1993 · 09-01-2007, 18:05

installane uno

Bugs Bunny · 09-01-2007, 19:42

sei in rete con qualche pc? hai disabilitato ripristino conf di sys?

viandante · 09-01-2007, 20:19

Quote:

Originariamente inviato da Bugs Bunny

sei in rete con qualche pc? hai disabilitato ripristino conf di sys?

Allora il pc non era in rete, aveva un modem.Poi l'ho portato da me e l'ho messo in rete per farlo navigare.
Il firewall purtroppo non lo posso mettere perchè il proprietario del pc è uno di quegli "utonti" da far paura......
Si ho anche disabilitato il ripristino.

sto cercando la soluzione in tutti i forum del mondo.....ma pare proprio che nessuno sappia come fare

wizard1993 · 09-01-2007, 20:27

fai un passaggio con f-secure blacklight

viandante · 09-01-2007, 20:31

Quote:

Originariamente inviato da wizard1993

fai un passaggio con f-secure blacklight

devo disinstallare il mio antivirus prima?

wizard1993 · 09-01-2007, 20:34

no visto chè è un antirootkit

viandante · 10-01-2007, 09:58

Quote:

Originariamente inviato da wizard1993

no visto chè è un antirootkit

non mi ha trovato niente...che faccioi?

FOXYLADY · 10-01-2007, 11:22

Se sono finestre di messaggistica immediata devi disattivare il messenger nei servizi di windows, benchè con l'sp2 dovrebbe essere disattivato di default

Se invece sono finestre del browser prova a fare una scansione con smitfraudfix.
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

GmG · 10-01-2007, 11:27

Quote:

---- Processes - GMER 1.0.12 ----

Process C:\WINDOWS\system32\bgualjz.exe (*** hidden *** ) 488
Library C:\windows\system32\bgualjz.exe (*** hidden *** ) @ C:\WINDOWS\system32\bgualjz.exe [488] 0x00400000

---- Registry - GMER 1.0.12 ----

Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@bgualjz c:\windows\system32\bgualjz.exe bgualjz
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@bgualjz c:\windows\system32\bgualjz.exe bgualjz

---- Files - GMER 1.0.12 ----

File C:\WINDOWS\Prefetch\BGUALJZ.EXE-24D266E6.pf
File C:\WINDOWS\system32\bgualjz.dat
File C:\WINDOWS\system32\bgualjz.exe
File C:\WINDOWS\system32\bgualjz_nav.dat
File C:\WINDOWS\system32\bgualjz_navps.dat

---- EOF - GMER 1.0.12 ----

Penso che il problema sia questo processo c:\windows\system32\bgualjz.exe che gmer indica come nascosto

solidguitarman · 10-01-2007, 11:37

Non sono molto esperto nel settore, ma io quando ero disperato ho installato Ad-aware SE Personal e con un passaggio in modalità provvisoria mia ripulito il sistema che era davverto incasinato. Come ho già detto non sono un esperto, magari non c'entra con il tuo problema, ma meglio avertelo consigliato che no...
Ciao.

09-01-2007, 17:09	#1
viandante Senior Member Iscritto dal: Oct 2002 Città: Ancona Messaggi: 1622	malware....le ho provate tutte Allora.... Si aprono in conituazione finestre pubblicitarie di : ERRORSAFE, AMAENA, VEGASRED e altri.... Ho provato tutti gli antispyware, 3 antivirus, tutto sia in modalità normale che in provvisoria. Trovano sempre gli stessi problemi, li riparano e poi tornano. Non c'è proprio niente da fare?? Il log di hijack è pulito....... Sono disperato. Grazie a chi mi aiuterà

09-01-2007, 17:52	#4
wizard1993 Senior Member Iscritto dal: Apr 2006 Messaggi: 22462	per curiosità; ma che firewall hai? __________________ amd a64x2 4400+ sk939;asus a8n-sli; 2x1gb ddr400; x850 crossfire; 2 x western digital abys 320gb\|\| asus g1 Se striscia fulmina, se svolazza l'ammazza

09-01-2007, 18:05	#6
wizard1993 Senior Member Iscritto dal: Apr 2006 Messaggi: 22462	installane uno __________________ amd a64x2 4400+ sk939;asus a8n-sli; 2x1gb ddr400; x850 crossfire; 2 x western digital abys 320gb\|\| asus g1 Se striscia fulmina, se svolazza l'ammazza

09-01-2007, 19:42	#7
Bugs Bunny Senior Member Iscritto dal: Aug 2005 Città: Genova Messaggi: 3397	sei in rete con qualche pc? hai disabilitato ripristino conf di sys? __________________ Rimozione Worm/Rootkit Bagle - Rimozione Trojan Vundo - Rimozione virus MSN Messenger -Rimozione virus su chiavetta o errori di file mancante all'apertura del disco fisso - NT AUTHORITY SYSTEM spegne il pc ad ogni avvio. Cosa fare?(worm sasser/blaster/rustock) - Thread Ufficiale firewall software

09-01-2007, 20:27	#9
wizard1993 Senior Member Iscritto dal: Apr 2006 Messaggi: 22462	fai un passaggio con f-secure blacklight __________________ amd a64x2 4400+ sk939;asus a8n-sli; 2x1gb ddr400; x850 crossfire; 2 x western digital abys 320gb\|\| asus g1 Se striscia fulmina, se svolazza l'ammazza

09-01-2007, 17:11	#2
viandante Senior Member Iscritto dal: Oct 2002 Città: Ancona Messaggi: 1622	Logfile of HijackThis v1.99.1 Scan saved at 17.10.49, on 09/01/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\AOL\Active Virus Shield\avp.exe C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\vsnpstd.exe C:\Programmi\AOL\Active Virus Shield\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe C:\Programmi\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.it/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [aol] "C:\Programmi\AOL\Active Virus Shield\avp.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?7e73abef10ce46a3b780de4d96f0b6b0 O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?7e73abef10ce46a3b780de4d96f0b6b0 O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/reso...scbase8460.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Programmi\AOL\Active Virus Shield\avp.exe" -r (file missing) O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe

09-01-2007, 20:34	#11
wizard1993 Senior Member Iscritto dal: Apr 2006 Messaggi: 22462	no visto chè è un antirootkit __________________ amd a64x2 4400+ sk939;asus a8n-sli; 2x1gb ddr400; x850 crossfire; 2 x western digital abys 320gb\|\| asus g1 Se striscia fulmina, se svolazza l'ammazza

10-01-2007, 11:22	#13
FOXYLADY Senior Member Iscritto dal: Oct 2004 Città: Milano Messaggi: 2641	Se sono finestre di messaggistica immediata devi disattivare il messenger nei servizi di windows, benchè con l'sp2 dovrebbe essere disattivato di default Se invece sono finestre del browser prova a fare una scansione con smitfraudfix. http://siri.urz.free.fr/Fix/SmitfraudFix_En.php __________________ FOXYLADY è un MASCHIO!! Un amico è una persona che sa tutto di te e nonostante questo gli piaci

10-01-2007, 11:37	#15
solidguitarman Senior Member Iscritto dal: May 2006 Città: Cervaiolo - Montignoso Messaggi: 2338	Non sono molto esperto nel settore, ma io quando ero disperato ho installato Ad-aware SE Personal e con un passaggio in modalità provvisoria mia ripulito il sistema che era davverto incasinato. Come ho già detto non sono un esperto, magari non c'entra con il tuo problema, ma meglio avertelo consigliato che no... Ciao.

Strumenti
Mostra una versione stampabile Invia questa pagina per email