Malware AIUTO!!!!

[dodago]

Come richiesta dal mitico e disponibile Lancetta adesso posto il log eseguito dal programma Hijackthis sul pc grande!
Aggiungo che ho anche eseguito la scansione all'avvio del sistema operativo da parte di avast.....
Adesso aspetto direttive.....
Ho postato con il pc piccolo ma pronto a testare il pc grande
Un ringraziamento a tutti voi per l'aiuto concesso......
Dodago

Logfile of HijackThis v1.99.1
Scan saved at 12.25.45, on 26/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\System32\wltrysvc.exe
I:\WINDOWS\System32\bcmwltry.exe
I:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
I:\Programmi\Alwil Software\Avast4\ashServ.exe
I:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
I:\Programmi\Alwil Software\Avast4\ashWebSv.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Programmi\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
I:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
I:\WINDOWS\Explorer.EXE
I:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
I:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
I:\Programmi\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
I:\Programmi\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
I:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
I:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\WINDOWS\system32\HPZipm12.exe
I:\WINDOWS\system32\svchost.exe
I:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
I:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
I:\Programmi\Microsoft IntelliType Pro\type32.exe
i:\programmi\pinnacle\shared files\programs\mediaserver\pmshost.exe
I:\Programmi\BillP Studios\WinPatrol\winpatrol.exe
I:\Programmi\Alwil Software\Avast4\ashDisp.exe
I:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
I:\Programmi\Google\Google Updater\GoogleUpdater.exe
I:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
I:\PROGRA~1\INCRED~1\bin\IMApp.exe
I:\WINDOWS\system32\wuauclt.exe
I:\Documents and Settings\AGO\Desktop\HijackThis.exe
I:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - I:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Programmi\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [type32] "I:\Programmi\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [WinPatrol] I:\Programmi\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKCU\..\Run: [swg] I:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [avast! service GUI component] I:\Programmi\Alwil Software\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [IncrediMail Tray Application] I:\Programmi\IncrediMail\bin\IncMail.exe
O4 - HKCU\..\Run: [IncrediMail] I:\Programmi\IncrediMail\bin\IncMail.exe /c
O4 - Startup: Avvio veloce di Adobe Reader.lnk = I:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Startup: Google Updater.lnk = I:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Startup: Microsoft Office.lnk = I:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://I:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: i:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: i:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: i:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: i:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: i:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: i:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: i:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: i:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: i:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: i:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: i:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: i:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: i:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: i:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: i:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: i:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: i:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: i:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: i:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: i:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: i:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: i:\windows\system32\nvappfilter.dll
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3906F7BA-98B9-4405-8E62-CDDFC30B309B}: NameServer = 151.99.125.3,151.99.0.100
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "I:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - I:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - I:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - I:\Programmi\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - I:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - I:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - I:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - I:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - I:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Pinnacle Systems tvtv Spooler (EpgSpooler) - - i:\progra~1\pinnacle\mediac~1\epgspo~2.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - I:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - I:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - I:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NkPtpEnumP2 - Unknown owner - I:\Programmi\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe" -a -d="I:\Programmi\Nikon\Wireless Camera Setup Utility\NkPtpip.dll (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - I:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - I:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - i:\programmi\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Pml Driver HPZ12 - HP - I:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - I:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - I:\WINDOWS\System32\wltrysvc.exe

Sono riuscito nell'intento??
Spero di sì

[juninho85]

il log è pulitissimo

[lancetta]

il log sembra pulito che problemi da il pc?nella scansione all'avvio di avast (quella che ti avevo detto in pm) e stato trovato qualcosa?Superantispyware l'hai fatto girare?Trovato niente? dai Ago qualche info in più

[Sisupoika]

Quote:

O23 - Service: avast! Mail Scanner - Unknown owner - I:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
File Missing
When a file is missing, you should always have HijackThis fix the item.

O23 - Service: avast! Web Scanner - Unknown owner - I:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

L'ultima volta che ho provato Avast sara' stato anni fa, quindi mi chiedevo se e' normale che HijackThis rileva questi file come mancanti.
Sembrerebbe che tu abbia un problemino col tuo antivirus, ma forse e' un comportamento normale. Cosa dicono gli altri che usano/conoscono Avast?
Curiosita', strano anche che alcuni nomi file siano in formato 8.3.
Cmq che problemi hai di preciso?

Riavvia il sistema in safe mode with networking, ed esegui uno scan con un antivirus online tipo

http://housecall.trendmicro.com

[juninho85]

Quote:

Originariamente inviato da Sisupoika

L'ultima volta che ho provato Avast sara' stato anni fa, quindi mi chiedevo se e' normale che HijackThis rileva questi file come mancanti.
Sembrerebbe che tu abbia un problemino col tuo antivirus, ma forse e' un comportamento normale. Cosa dicono gli altri che usano/conoscono Avast?

tutto ok,questo comportamente sia con chi c'ha avast che bitdefender

[Sisupoika]

Quote:

Originariamente inviato da juninho85

tutto ok,questo comportamente sia con chi c'ha avast che bitdefender

Immaginavo, grazie per la conferma