HiJackThis - Analisi Log - leggere Regole di Sezione

[KingOfTheDark]

Quote:

Originariamente inviato da _*S7EVIN*_

Io lo levo ma poi ricompare O.o

allora prova a disabilitare il ripristino configurazione di sistema... comunque se vuoi puoi anke lasciarlo xkè è semplicemente un file ke manca e quindi inutile

[juninho85]

Quote:

Originariamente inviato da KingOfTheDark

allora prova a disabilitare il ripristino configurazione di sistema... comunque se vuoi puoi anke lasciarlo xkè è semplicemente un file ke manca e quindi inutile

pur sempre però un collegamento a un file maligno

[KingOfTheDark]

Quote:

Originariamente inviato da juninho85

pur sempre però un collegamento a un file maligno

beh ma se manca il file....non fa danni... no?

[juninho85]

Quote:

Originariamente inviato da KingOfTheDark

beh ma se manca il file....non fa danni... no?

supponi che il file sia ancora li,come accade con avs,avast,kaspersky....

[Utonto\Bis]

ciao juhni

Logfile of HijackThis v1.99.1
Scan saved at 17.21.26, on 07/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\Programmi\VIA\RAID\raid_tool.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\USBPlug.exe
C:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\Program Files\Atlantis Land\Adsl\dslstat.exe
C:\Program Files\Atlantis Land\Adsl\dslagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
D:\Pulizia\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.i.com.ua/~video/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Programmi\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Programmi\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Programmi\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Programmi\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [RaidTool] C:\Programmi\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [kav] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [dscService] C:\WINDOWS\system32\USBPlug.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Atlantis Land\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Atlantis Land\Adsl\dslagent.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: www.otherchance.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{3CBD7D85-BB79-43E0-B1C2-C5627BD98BB0}: NameServer = 192.168.1.200,151.99.125.2
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe


ecco il log....


il mio nome mi si addice non trovavo la discussione


ciaoooo

[juninho85]

Quote:

Originariamente inviato da Utonto\Bis

C:\WINDOWS\system32\USBPlug.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.i.com.ua/~video/
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Programmi\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Programmi\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Programmi\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Programmi\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [dscService] C:\WINDOWS\system32\USBPlug.exe
O15 - Trusted Zone: www.otherchance.com
O17 -

le stringhe imputabili son quelle in neretto,le altre son semplicemente zozzerie da eliminare

[juninho85]

Quote:

Originariamente inviato da Utonto\Bis

C:\WINDOWS\system32\USBPlug.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.i.com.ua/~video/
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Programmi\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Programmi\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Programmi\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Programmi\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [dscService] C:\WINDOWS\system32\USBPlug.exe
O15 - Trusted Zone: www.otherchance.com

le stringhe imputabili son quelle in neretto,le altre son semplicemente zozzerie da eliminare

[Utonto\Bis]

grazie cavo... (forza atalanta)

[juninho85]

Quote:

Originariamente inviato da Utonto\Bis

grazie cavo... (forza atalanta)

vabbeh dai ognuno c'ha la sua croce da portare

[pagapervedere]

Appena accedo ad XP il modem inizia a comporre un numero!!!
Suppongo quindi un dialer che non riesco a scovare!!
Ho dovuto staccare il cavo del modem dalla presa RJ del Telefono!!!!
Sono niubbio ma ho salvato il log:
Vi ringrazio anticipatamente !

Logfile of HijackThis v1.99.1
Scan saved at 0.03.48, on 07/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programmi\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Garmin\gStart.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\StopDialers\StopDialers.exe
C:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Documents and Settings\Utente\Desktop\Protezioni antivirus\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MMTray] "C:\Programmi\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mmtask] "C:\Programmi\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [System UI Uploader] C:\Documents and Settings\Utente\Dati applicazioni\UI_Upd_DLLT.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: Stop Dialers.lnk = C:\Programmi\StopDialers\StopDialers.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\Norton Internet Security\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe

[_*S7EVIN*_]

Quote:

Originariamente inviato da KingOfTheDark

allora prova a disabilitare il ripristino configurazione di sistema... comunque se vuoi puoi anke lasciarlo xkè è semplicemente un file ke manca e quindi inutile

quindi nex problema,grazie...

[c.giulio]

ciao a tutti raga!!

sono disperato! Ho un dialer che non mi riesce rimuovere...si trova nella cartella impostazioni locali/temp. io provo ad eliminarlo manualmente ma lui puntualmente si ripresenta...come faccio??

Vi posto un log effetuato con HijackThis, siete in grado di aiutarmi?





Logfile of HijackThis v1.99.1
Scan saved at 15.10.54, on 08/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\NeroCheck.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Symantec AntiVirus\DefWatch.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Symantec AntiVirus\Rtvscan.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\eMule\eMule.exe
C:\DOCUME~1\User\IMPOST~1\Temp\Rar$EX00.687\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice.it/oggi/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mgsgbmdb] C:\fedmlqcs.bat
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B98AB2F2-1152-407A-A20F-AE47E0CDDC14}: NameServer = 85.37.17.5 85.38.28.77
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programmi\Symantec AntiVirus\DefWatch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programmi\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programmi\Symantec AntiVirus\Rtvscan.exe



Grazie 1000 in anticipo!

[messi83]

Riposot qui. Prevx1 mi ha rilevato due malware, C:\WINDOWS\services.exe e C:\WINDOWS\services.dll sapete di cosa si tratta? Ho provato ad usare AVG, AVG antispyware e awido antispyware anche in modalità provvisoria. AVG non mi trova niente gli altri due si interrompono dandomi un errore. Qualcuno sa dirmi cos'è? (mi ero dimenticato del thread ufficiale! )

Logfile of HijackThis v1.99.1
Scan saved at 15.45.20, on 08/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Prevx1\PXAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\2kadiras.exe
C:\Programmi\Java\jre1.5.0_08\bin\jusched.exe
C:\VEXPLITE\MONLITE.EXE
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Prevx1\PXConsole.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe
C:\Programmi\SEC\Natural Color\NaturalColorLoad.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [9xadiras] 9xadiras.exe
O4 - HKLM\..\Run: [2kadiras] 2kadiras.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [PrevxRootkitRemovalTool] "C:\Documents and Settings\Work\Desktop\gommone.exe" -scan
O4 - HKLM\..\Run: [PrevxOne] "C:\Programmi\Prevx1\PXConsole.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/.../GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab55762.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab55579.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab55200.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D292182-88BE-49AE-A906-501BC10A5EE3}: NameServer = 80.118.192.111
O17 - HKLM\System\CCS\Services\Tcpip\..\{54B35849-DAB5-40E3-B813-1227D8E45747}: NameServer = 80.118.192.111
O17 - HKLM\System\CCS\Services\Tcpip\..\{761BC827-D69B-4C05-893B-8087408C5491}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{805D16DD-4027-444F-8D03-7BA248FF278D}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{9ACD2C3A-38AF-4851-92F6-5D519E45BAA4}: NameServer = 80.118.192.111
O17 - HKLM\System\CCS\Services\Tcpip\..\{B41155DB-99BF-480C-BB6F-F40A3DD9418C}: NameServer = 80.118.192.111
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Programmi\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

[pagapervedere]

Quote:

Originariamente inviato da pagapervedere

Appena accedo ad XP il modem inizia a comporre un numero!!!
Suppongo quindi un dialer che non riesco a scovare!!
Ho dovuto staccare il cavo del modem dalla presa RJ del Telefono!!!!
Sono niubbio ma ho salvato il log:
Vi ringrazio anticipatamente !

Logfile of HijackThis v1.99.1
Scan saved at 0.03.48, on 07/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programmi\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Garmin\gStart.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\StopDialers\StopDialers.exe
C:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Documents and Settings\Utente\Desktop\Protezioni antivirus\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MMTray] "C:\Programmi\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mmtask] "C:\Programmi\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [System UI Uploader] C:\Documents and Settings\Utente\Dati applicazioni\UI_Upd_DLLT.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: Stop Dialers.lnk = C:\Programmi\StopDialers\StopDialers.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\Norton Internet Security\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe

Up per cortesia .
Mi posso solo collegare dal lavoro non potendo utilizzare connessioni a casa per il dialer che entra in azione appena connetto xp

[FOXYLADY]

Da fixare

Quote:

Originariamente inviato da c.giulio

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O20 - AppInit_DLLs:

Questo file di batch in avvio automatico lo hai creato tu???
C:\fedmlqcs.bat

Se la risposta è no fixa anche questa voce
O4 - HKLM\..\Run: [mgsgbmdb] C:\fedmlqcs.bat
e cancella il file in questione.

[FOXYLADY]

Quote:

Originariamente inviato da messi83

Riposot qui. Prevx1 mi ha rilevato due malware, C:\WINDOWS\services.exe e C:\WINDOWS\services.dll sapete di cosa si tratta? Ho provato ad usare AVG, AVG antispyware e awido antispyware anche in modalità provvisoria. AVG non mi trova niente gli altri due si interrompono dandomi un errore. Qualcuno sa dirmi cos'è? (mi ero dimenticato del thread ufficiale! )

Questo log mi pare pulito, dovresti però controllare gli indirizzi IP presenti nelle stringhe 017 di hijackthis e verificare se appartengano al tuo provider, perchè mi sembrano strani
La scansione con prevx che responso ha dato? E' riuscito a rimuovere l'infezione?

[FOXYLADY]

Quote:

Originariamente inviato da pagapervedere

Up per cortesia .
Mi posso solo collegare dal lavoro non potendo utilizzare connessioni a casa per il dialer che entra in azione appena connetto xp

Ti ho risposto nell'altro thread

[messi83]

Quote:

Originariamente inviato da FOXYLADY

Questo log mi pare pulito, dovresti però controllare gli indirizzi IP presenti nelle stringhe 017 di hijackthis e verificare se appartengano al tuo provider, perchè mi sembrano strani
La scansione con prevx che responso ha dato? E' riuscito a rimuovere l'infezione?

Si appartengono al mio provider. Prevx1 non posso usarlo perchè è scaduto il periodo di prova e non riesco a comprare l'abbonamento per un anno devo provare con un altra carta di credito che ora nn ho a portata di mano. Ho fatto una scansione online con Panda antivirus e ha dato questo responso:


Virus:Trj/Agent.EHE Disinfected C:\cleaned.tmp
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Work\Cookies\work@2o7[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Work\Cookies\work@advertising[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Work\Cookies\work@burstnet[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Work\Cookies\work@casalemedia[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Work\Cookies\work@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Work\Cookies\work@fastclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Work\Cookies\work@media.fastclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Work\Cookies\work@mediaplex[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Work\Cookies\work@tribalfusion[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Work\Dati applicazioni\Mozilla\Firefox\Profiles\swfeu4cu.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Work\Dati applicazioni\Mozilla\Firefox\Profiles\swfeu4cu.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Work\Dati applicazioni\Mozilla\Firefox\Profiles\swfeu4cu.default\cookies.txt[.atdmt.com/]
Adware:Adware/SaveNow Not disinfected C:\Programmi\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\chrome\whenu_ff.jar[content/overlay.js]
Virus:W32/Puce.E.worm Not disinfected C:\RECYCLER\S-1-5-21-1123561945-1563985344-682003330-1003\Dc10.rar[setup.exe]
Adware:Adware/SaveNow Not disinfected C:\RECYCLER\S-1-5-21-1123561945-1563985344-682003330-1003\Dc11.exe[BSplayer_WhenUSave_InstallerInst.exe]
Virus:Bck/Agent.ELW Disinfected C:\WINDOWS\SERVICES.EXE

[FOXYLADY]

Dal log sembrerebbe che lo scan online di panda abbia ripulito l'infezione, ma per esserne certi dovresti fare anche un controllino con gmer
http://www.hwupgrade.it/forum/showthread.php?t=1372589

[messi83]

Questo è quello che gmer ha segnato in rosso:

GMER 1.0.12.12027 - http://www.gmer.net
Rootkit scan 2007-03-08 20:44:26
Windows 5.1.2600 Service Pack 2


---- Modules - GMER 1.0.12 ----

Module _________ F74EB000
---- Processes - GMER 1.0.12 ----

Library C:\WINDOWS\services.dll (*** hidden *** ) @ C:\Programmi\hijackthis\HijackThis.exe [620] 0x10000000

Process C:\WINDOWS\system32\services.exe (*** hidden *** ) 1060
Library C:\WINDOWS\system32\services.exe (*** hidden *** ) @ C:\WINDOWS\system32\services.exe [1060] 0x01000000
Library C:\WINDOWS\services.dll (*** hidden *** ) @ C:\WINDOWS\system32\ati2evxx.exe [1444] 0x10000000

Process C:\WINDOWS\SERVICES.EXE (*** hidden *** ) 1616
Library C:\WINDOWS\SERVICES.EXE (*** hidden *** ) @ C:\WINDOWS\SERVICES.EXE [1616] 0x00400000
Library C:\WINDOWS\services.dll (*** hidden *** ) @ C:\WINDOWS\SERVICES.EXE [1616] 0x10000000
Library C:\WINDOWS\services.dll (*** hidden *** ) @ C:\WINDOWS\SOUNDMAN.EXE [2156] 0x10000000
Library C:\WINDOWS\services.dll (*** hidden *** ) @ C:\WINDOWS\ALCWZRD.EXE [2264] 0x10000000
Library C:\WINDOWS\services.dll (*** hidden *** ) @ C:\Programmi\iTunes\iTunesHelper.exe [2504] 0x00EA0000
Library C:\WINDOWS\services.dll (*** hidden *** ) @ C:\WINDOWS\2kadiras.EXE [2620] 0x10000000
Library C:\WINDOWS\services.dll (*** hidden *** ) @ C:\VEXPLITE\MONLITE.EXE [2696] 0x00EB0000
Library C:\WINDOWS\services.dll (*** hidden *** ) @ C:\Programmi\Prevx1\PXConsole.exe [2712] 0x03070000
Library C:\WINDOWS\services.dll (*** hidden *** ) @ C:\Programmi\MSN Messenger\msnmsgr.exe [2744] 0x10000000
Library C:\WINDOWS\services.dll (*** hidden *** ) @ C:\Programmi\ADSL\StarModem ADSL USB MODEM\DSLMON.exe [2992] 0x00C50000
Library C:\WINDOWS\services.dll (*** hidden *** ) @ C:\Programmi\SEC\Natural Color\NaturalColorLoad.exe [3000] 0x00990000
Library C:\WINDOWS\services.dll (*** hidden *** ) @ C:\Documents and Settings\Work\Desktop\gmer\gmer.exe [3204] 0x10000000
Library C:\WINDOWS\services.dll (*** hidden *** ) @ C:\WINDOWS\explorer.exe [3568] 0x10000000
Library C:\WINDOWS\services.dll (*** hidden *** ) @ C:\PROGRA~1\MOZILL~1\firefox.exe [3964] 0x10000000

---- Files - GMER 1.0.12 ----


File C:\WINDOWS\system32\services.exe <-- ROOTKIT !!!


---- Services - GMER 1.0.12 ----

Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog <-- ROOTKIT !!!

---- EOF - GMER 1.0.12 ----