HiJackThis - Analisi Log - leggere Regole di Sezione

[Chill-Out]

Sembrerebbe di si, ma l'osservazione di Bugs Bunny è più che giusta, posta il log di FindAWF.

[paolo-fcb]

Ciao ragazzi, sono tornato da una vacanza di 14 giorni, il pc mi pare sempre un pò lento non so, cmq potete gentilmente controllarmi questo log? Grazie in anticipo, Paolo


Logfile of HijackThis v1.99.1
Scan saved at 14.33.56, on 30/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Prevx2\PXAgent.exe
C:\WINDOWS\system32\PSIService.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\programmi\powerstrip\pstrip.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\D-Tools\daemon.exe
C:\Programmi\Prevx2\PXConsole.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\MSN Messenger\livecall.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Paolo\Desktop\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.prevx.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.prevx.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.prevx.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.prevx.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.prevx.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [PowerStrip] c:\programmi\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\StarModem\StarModem USB Network\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [StartCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [PrevxOne] "C:\Programmi\Prevx2\PXConsole.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [UIWatcher] C:\Programmi\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1174439887796
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8FC9E75-1AA6-4BEE-9E68-02414E15A90A}: NameServer = 213.156.54.80,213.156.54.81
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: PREVXAgent - Prevx - C:\Programmi\Prevx2\PXAgent.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe

[paolo-fcb]

Quote:

Originariamente inviato da Hitman079

@paolo-fcb...
il problema è altrove perche il log è pulito

Grazie mille, cmq devo riformattare a breve, ciaooooooooo

[Capitan_J]

Quote:

Originariamente inviato da paolo-fcb

Ciao ragazzi, sono tornato da una vacanza di 14 giorni, il pc mi pare sempre un pò lento non so, cmq potete gentilmente controllarmi questo log? Grazie in anticipo, Paolo

Se Hitman079 ha scritto che il tuo log è pulito prova a fare così (magari è un consiglio per tutti) :

pulisci il pc da tutti i file temp e inutilizzati (tipo con ccleaner);
pulisci il registro di sistema;
deframmenta l'hard disk (se è parecchio frammentato fallo un paio di volte, una anche al riavvio di XP);
deframmenta il registro di sistema.

[paolo-fcb]

Grazie ragazzi, seguirò i vostri consigli, io Ashampoo ce l'ho già ma solo l'uninstaller, lo uso perchè se disinstallo una applicazione mi cancella pure i files di registro. Uso regolarmente CCleaner....
Ciaoooooooooo

[paolo-fcb]

Quote:

Originariamente inviato da Capitan_J

Se Hitman079 ha scritto che il tuo log è pulito prova a fare così (magari è un consiglio per tutti) :

pulisci il pc da tutti i file temp e inutilizzati (tipo con ccleaner);
pulisci il registro di sistema;
deframmenta l'hard disk (se è parecchio frammentato fallo un paio di volte, una anche al riavvio di XP);
deframmenta il registro di sistema.

Ho fatto tutti i 4 passi, sembra che vada meglio, nel seguito vi racconterò. Grazie ancora

[paolo-fcb]

Quote:

Originariamente inviato da Hitman079

..e magari prendere in considerazione l'installazione di un programma come ashampoo winoptimizer, iolo system machine (c'è ne sono un pacco...ma io conosco solo questi) che in automatico (anche con la possibilità di pianificare) deframmentano, mettono le patch di windows, ripuliscono il registro, tolgono eventuali spyware etc...
in un unico programma anzichè avere centomila ad-aware, O&O defragment, paragon drive backup, regscan..ecc.

Io per ottimizzare uso AusLogics BoostSpeed, ora vedo di prendere i programmi che mi hai scritto Hitman, grazie, ciaooooo

[PierCC]

Salve a tutti

Dal seguente log
Logfile of HijackThis v1.99.1
Scan saved at 11.29.01, on 02/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Comodo\Firewall\cmdagent.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmi\Comodo\Firewall\CPF.exe
C:\Programmi\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\File comuni\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Programmi\Java\jre1.6.0_02\bin\bak\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Mozilla Firefox\firefox.exe
c:\programmi\internet explorer\iexplore.exe
F:\ESEGUIBILI\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hijackthis.de/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programmi\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [crtfmon] C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\1188572794.dat.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Programmi\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Programmi\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: *.whataboutadog.com
O15 - Trusted Zone: *.whataboutarabit.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.alice.it/downloa...derActiveX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16F71935-E2EF-4FE3-BB07-8932400007A2}: NameServer = 85.37.17.52 85.38.28.92
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Programmi\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - Ahead Software - (no file)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe


Le voci evidenziate in rosso parlano di siti presenti nell'elenco degli "indesiderati" di IE nel mio pc:Ma RITORNANO ad ogni analisi di HIJACK nonostante le fixi regolarmente:Ho scansionato con Gmer perchè pensavo ad un rootkit ma non ha rilevato nulla cosi come successive scansioni con Spybot,AdAware e Kaspersky online scanner.Se puo' essere utile, Comodo FW mi avvisa continuamente che c'è una istanza di IE che tenta di collegarsi per qualcosa che riguarda jusched.exe:avendo disabilitato gli aggiornamenti di Java ho pensato potesse trattarsi di un trojan (e quindi nego l'accesso) ma non so quanto questo abbia una relazione con i problemi rilevati da Hijack

C'è qualcuno che puo' darmi una mano per sapere di che si tratta?Un grazie in anticipo.Buona giornata

[juninho85]

hai il trojan obfuscated....qualche post fa bugs bunny ha scritto come va rimosso

[Bugs Bunny]

Quote:

Originariamente inviato da PierCC

Dal seguente log

ciao. devi postare un log di findawf

[PierCC]

Quote:

Originariamente inviato da juninho85

hai il trojan obfuscated....qualche post fa bugs bunny ha scritto come va rimosso

Dici a me?non ho l'icona dell'nstant access sul desktop e non mi risultano processi "strani" in task manager o nel task di Gmer,jusched.exe raddoppiato a parte.....

[PierCC]

Quote:

Originariamente inviato da Bugs Bunny

ciao. devi postare un log di findawf

Ciao,ecco il log di findawf



Find AWF report by noahdfear ©2006
Version 1.40



bak folders found
~~~~~~~~~~~

Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 1CF6-BE27

Directory di C:\PROGRA~1\ITUNES\BAK

30/10/2006 10.36 256.576 iTunesHelper.exe
1 File 256.576 byte
2 Directory 26.848.710.656 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 1CF6-BE27

Directory di C:\PROGRA~1\MSNMES~1\BAK

0 File 0 byte
2 Directory 26.848.710.656 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 1CF6-BE27

Directory di C:\PROGRA~1\QUICKT~1\BAK

25/10/2006 19.58 282.624 qttask.exe
1 File 282.624 byte
2 Directory 26.848.706.560 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 1CF6-BE27

Directory di C:\WINDOWS\SYSTEM32\BAK

09/07/2001 12.50 155.648 NeroCheck.exe
1 File 155.648 byte
2 Directory 26.848.706.560 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 1CF6-BE27

Directory di C:\PROGRA~1\ALWILS~1\AVAST4\BAK

15/01/2007 19.28 108.160 ashDisp.exe
1 File 108.160 byte
2 Directory 26.848.706.560 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 1CF6-BE27

Directory di C:\PROGRA~1\COMODO\FIREWALL\BAK

0 File 0 byte
2 Directory 26.848.706.560 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 1CF6-BE27

Directory di C:\PROGRA~1\MACROG~1\SWEETIM\BAK

27/12/2006 17.53 73.840 SweetIM.exe
1 File 73.840 byte
2 Directory 26.848.706.560 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 1CF6-BE27

Directory di C:\PROGRA~1\RAYADA~1\ATITRA~1\BAK

05/04/2007 14.14 519.592 atitray.exe
1 File 519.592 byte
2 Directory 26.848.706.560 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 1CF6-BE27

Directory di C:\PROGRA~1\YOURWA~1\FREERA~1\BAK

0 File 0 byte
2 Directory 26.848.706.560 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 1CF6-BE27

Directory di C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK

11/05/2007 03.06 40.048 Reader_sl.exe
1 File 40.048 byte
2 Directory 26.848.706.560 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 1CF6-BE27

Directory di C:\PROGRA~1\GOOGLE\GOOGLE~1\121128~1.546\BAK

03/02/2007 22.12 171.448 GoogleToolbarNotifier.exe
1 File 171.448 byte
2 Directory 26.848.706.560 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 1CF6-BE27

Directory di C:\PROGRA~1\JAVA\JRE15~1.0_1\BIN\BAK

15/12/2006 04.23 75.520 jusched.exe
1 File 75.520 byte
2 Directory 26.848.702.464 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 1CF6-BE27

Directory di C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK

12/07/2007 04.00 132.496 jusched.exe
1 File 132.496 byte
2 Directory 26.848.702.464 byte disponibili


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

256576 30 Oct 2006 "C:\Programmi\iTunes\bak\iTunesHelper.exe"
102400 16 Feb 2007 "C:\WINDOWS\Installer\{446DBFFA-4088-48E3-8932-74316BA4CAE4}\iTunesIco.exe"
108096 30 Oct 2006 "C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 7.0.2.16\iTunesSetupAdmin.exe"
282624 25 Oct 2006 "C:\Programmi\QuickTime\bak\qttask.exe"
155648 9 Jul 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe"
75128 28 Jul 2007 "C:\Programmi\Alwil Software\Avast4\ashDisp.exe"
108160 15 Jan 2007 "C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe"
73840 27 Dec 2006 "C:\Programmi\Macrogaming\SweetIM\bak\SweetIM.exe"
24080 31 Aug 2007 "C:\Programmi\Ray Adams\ATI Tray Tools\atitray.exe"
519592 5 Apr 2007 "C:\Programmi\Ray Adams\ATI Tray Tools\bak\atitray.exe"
24080 31 Aug 2007 "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
40048 11 May 2007 "C:\Programmi\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
52272 3 Feb 2007 "C:\Programmi\Google\googletoolbar3user.exe"
138168 3 Feb 2007 "C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe"
171448 3 Feb 2007 "C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe"
83608 14 Mar 2007 "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
24080 31 Aug 2007 "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
75520 15 Dec 2006 "C:\Programmi\Java\jre1.5.0_11\bin\bak\jusched.exe"
132496 12 Jul 2007 "C:\Programmi\Java\jre1.6.0_02\bin\bak\jusched.exe"
83608 14 Mar 2007 "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
24080 31 Aug 2007 "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
75520 15 Dec 2006 "C:\Programmi\Java\jre1.5.0_11\bin\bak\jusched.exe"
132496 12 Jul 2007 "C:\Programmi\Java\jre1.6.0_02\bin\bak\jusched.exe"


end of report


Grazie mille

[eldolcefarnienteditommy]

ciao a tutti

Logfile of HijackThis v1.99.1
Scan saved at 17.04.04, on 02/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Seagate\Schedule2\schedul2.exe
C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Programmi\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Programmi\Microsoft Windows OneCare Live\winss.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\vsnpstd.exe
C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe
C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Microsoft Windows OneCare Live\winssnotify.exe
C:\Programmi\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Programmi\Seagate\DiscWizard\TimounterMonitor.exe
C:\Programmi\File comuni\Seagate\Schedule2\schedhlp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\ScanPanel\ScnPanel.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tommaso\Impostazioni locali\Temporary Internet Files\Content.IE5\52XXSXQW\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OneCareUI] "C:\Programmi\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Programmi\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programmi\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmi\File comuni\Seagate\Schedule2\schedhlp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ScanPanel.lnk = C:\ScanPanel\ScnPanel.exe
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\programmi\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.rossoalice.it
O15 - Trusted Zone: *.rossoalice.virgilio.it
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Seagate\Schedule2\schedul2.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Unknown owner - C:\Programmi\iPod\bin\iPodService.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Programmi\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe

?

[juninho85]

Quote:

Originariamente inviato da eldolcefarnienteditommy

C:\WINDOWS\system32\MSSWCHX.EXE

fallo analizzare su virustotal.com

[toonamix]

Salve, per favore mi potete controllare un pò il log il pc è lento e quando chiudo internet explorer si apre da sola un altra finestra di internet explorer con la pagina about:blank (ho comunque google.it come home page) e la stessa si chiude da sola dopo circa un secondo...ecco il log...grazie

Logfile of HijackThis v1.99.1
Scan saved at 19.57.29, on 02/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\Trust\CnxDslTb.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Acronis\TrueImage\TrueImageMonitor.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
C:\Programmi\TextBridge Pro Millennium\Bin\InstantAccess.exe
C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
C:\Programmi\Java\jre1.5.0_08\bin\jusched.exe
C:\Programmi\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\VIA\RAID\raid_tool.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCSVR.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Java\jre1.5.0_08\bin\jucheck.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Winamp\winamp.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\Paolo\IMPOST~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.254:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Encarta Web Companion Oggetto helper - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [trustras] trustras.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Programmi\Trust\CnxDslTb.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programmi\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [InstantAccess] C:\Programmi\TextBridge Pro Millennium\Bin\InstantAccess.exe /h
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series (Copia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P41 "EPSON Stylus Photo RX420 Series (Copia 1)" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [E06IXLRD_220734] "C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE" -m
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programmi\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?13f162c3d6474f8a9040319ad7f18698
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?13f162c3d6474f8a9040319ad7f18698
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Poker - http://download2.games.yahoo.com/gam...ts/y/pt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/gam...s/y/poti_x.cab
O16 - DPF: Yahoo! Scopa - http://download2.games.yahoo.com/gam...s/y/sct5_x.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/.../GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe

[PierCC]

Quote:

Originariamente inviato da Bugs Bunny

ciao. devi postare un log di findawf

Ho postato il log di findawf:le voci duplicate dovrei ora ripararle con Avenger giusto?vanno riparate TUTTE le voci trovate da findawf? Grazie, scusa l'incapacità

[djmatrix619]

Salve...
Potreste controllarmi anke il mio di logfile?
Eccolo..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0.02.39, on 03/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Programmi\AOL\Active Virus Shield\avp.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Programmi\CyberLink\Shared Files\RichVideo.exe
D:\Programmi\Spyware Doctor\svcntaux.exe
D:\Programmi\Spyware Doctor\swdsvc.exe
D:\Programmi\AOL\Active Virus Shield\avp.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Programmi\D-Tools\daemon.exe
D:\Programmi\Spyware Doctor\SDTrayApp.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\System32\svchost.exe
D:\Programmi\MSN Messenger\msnmsgr.exe
D:\Programmi\MSN Messenger\usnsvc.exe
D:\Programmi\MSN Messenger\msnmsgr.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\explorer.exe
D:\Programmi\Mozilla Firefox\firefox.exe
D:\Programmi\Winamp\winamp.exe
D:\Programmi\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [aol] "D:\Programmi\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RemoteControl] D:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SDTray] "D:\Programmi\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [MSMSGS] "D:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://D:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://D:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?ba303166964146dcb43578040d6ea7c0
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://D:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?ba303166964146dcb43578040d6ea7c0
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/re...s/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F38D251-937A-445C-BF11-10E192AEA6CC}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3F38D251-937A-445C-BF11-10E192AEA6CC}: NameServer = 192.168.1.1
O23 - Service: Adobe LM Service - Adobe Systems - D:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Active Virus Shield (AVP) - AOL - D:\Programmi\AOL\Active Virus Shield\avp.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - D:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - D:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - D:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Programmi\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Programmi\Spyware Doctor\swdsvc.exe

--
End of file - 5514 bytes


C'è qlks che non va?

[Bugs Bunny]

Quote:

Originariamente inviato da PierCC

Ho postato il log di findawf:le voci duplicate dovrei ora ripararle con Avenger giusto?vanno riparate TUTTE le voci trovate da findawf? Grazie, scusa l'incapacità

immetti questo script in avenger

Quote:

Files to move:
C:\Programmi\iTunes\bak\iTunesHelper.exe | C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\bak\qttask.exe | C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\bak\NeroCheck.exe | C:\WINDOWS\system32\NeroCheck.exe
C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe | C:\Programmi\Alwil Software\Avast4\ashDisp.exe
C:\Programmi\Macrogaming\SweetIM\bak\SweetIM.exe | C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
C:\Programmi\Ray Adams\ATI Tray Tools\bak\atitray.exe | C:\Programmi\Ray Adams\ATI Tray Tools\atitray.exe
C:\Programmi\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe | C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe | C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmi\Java\jre1.5.0_11\bin\bak\jusched.exe | C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe
C:\Programmi\Java\jre1.6.0_02\bin\bak\jusched.exe | C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmi\MSN Messenger\bak\msnmsgr.exe | C:\Programmi\MSN Messenger\msnmsgr.exe

[Bugs Bunny]

Quote:

Originariamente inviato da djmatrix619

Salve...
Potreste controllarmi anke il mio di logfile?

pulito

[Bugs Bunny]

non so cosa sia questo:

C:\Programmi\TextBridge Pro Millennium\Bin\InstantAccess.exe

fallo controllare su virustotal