MarcoAL

Utenti
  • Numero contenuti

    37
  • Iscritto

  • Ultima visita

Su MarcoAL

  • Livello
    Novizio
  1. Al momento non ci sono stati nuovi invii. Ho cambiato la password e ti allego i log che ho ottenuto ieri sera. Sono due perché ho interrotto la prima scansione ma poi l'ho rifatta da capo completa. mbam-log-2012-07-04 (21-52-36).txt mbam-log-2012-07-04 (21-48-33).txt
  2. Ok fatto, speriamo! C'è la possibilità di fare qualche altro controllo particolare?
  3. Salve a tutti, ho un grosso problema. Spero di aver postato nella sezione giusta, in caso contrario chiedo scusa. Da qualche giorno dalla mia casella di posta hotmail partono in automatico messaggi di posta pubblicitaria ai contatti della mia rubrica e ai contatti recenti senza che io me ne accorga. Semplicemente li vedo rilevati in messaggi inviati. AVG non ha trovato nulla. Ieri sera ho fatto girare Malwarebytes e ha trovato alcuni elementi infetti che ha rimosso con successo ma sta mattina hotmail ha inviato lo stesso messaggi ai contatti. Sono disperato, cosa posso fare? Spero possiate aiutarmi!
  4. Provate a dare un'occhiata voi ai log magari c'è qualcosa ma immagino che ormai abbiamo fatto tutto perchè i problemi mi sembrano risolti!! Grazie mille ancora per le dritte!!
  5. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20.57.45, on 23/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Intel\Wireless\Bin\EvtEng.exe C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\stsystra.exe C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\GSICON.EXE C:\WINDOWS\system32\dslagent.exe C:\Programmi\Unlocker\UnlockerAssistant.exe C:\Programmi\Broadcom\BACS\BacsTray.exe C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Programmi\WinZip\WZQKPICK.EXE C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\internet explorer\iexplore.exe C:\Programmi\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.it/ig/dell?hl=it&client=dell-row&channel=it&ibd=0061103 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\programmi\mcafee\spamkiller\mcapfbho.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [unlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [bacstray] C:\Programmi\Broadcom\BACS\BacsTray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Service Manager.lnk = C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\programmi\mcafee\spamkiller\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\programmi\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: Alice - {CDBB7312-3603-42B3-8816-A6F4F03BB525} - http://gw.aliceadsl.it/alice (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home O15 - Trusted Zone: http://*.download.microsoft.com O15 - Trusted Zone: http://*.update.microsoft.com O15 - Trusted Zone: http://*.windowsupdate.com O15 - Trusted Zone: http://*.windowsupdate.microsoft.com O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://mappe.comune.verona.it/MapGuide_plugin/mgaxctrl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{EDB270AD-6BAE-48DF-B672-A3DAE59F816E}: NameServer = 85.37.17.44 85.38.28.90 O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Servizio iPod (iPod Service) - Unknown owner - C:\Programmi\iPod\bin\iPodService.exe (file missing) O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 7750 bytes --------------------------------------------------------------------------------------------------------------------------------- Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\pihnlnwd ******************* Script file located at: \??\C:\qduwhu^a.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\ddabc.dll not found! Deletion of file C:\WINDOWS\system32\ddabc.dll failed! Could not process line: C:\WINDOWS\system32\ddabc.dll Status: 0xc0000034 File C:\WINDOWS\system32\mcrh.tmp not found! Deletion of file C:\WINDOWS\system32\mcrh.tmp failed! Could not process line: C:\WINDOWS\system32\mcrh.tmp Status: 0xc0000034 File C:\WINDOWS\system32\msvcrt23.dll not found! Deletion of file C:\WINDOWS\system32\msvcrt23.dll failed! Could not process line: C:\WINDOWS\system32\msvcrt23.dll Status: 0xc0000034 File C:\WINDOWS\system32\orutv.ini not found! Deletion of file C:\WINDOWS\system32\orutv.ini failed! Could not process line: C:\WINDOWS\system32\orutv.ini Status: 0xc0000034 File C:\WINDOWS\system32\orutv.ini2 not found! Deletion of file C:\WINDOWS\system32\orutv.ini2 failed! Could not process line: C:\WINDOWS\system32\orutv.ini2 Status: 0xc0000034 File C:\WINDOWS\system32\cbadd.ini not found! Deletion of file C:\WINDOWS\system32\cbadd.ini failed! Could not process line: C:\WINDOWS\system32\cbadd.ini Status: 0xc0000034 File C:\WINDOWS\system32\cbadd.ini2 not found! Deletion of file C:\WINDOWS\system32\cbadd.ini2 failed! Could not process line: C:\WINDOWS\system32\cbadd.ini2 Status: 0xc0000034 File C:\WINDOWS\system32\wingsa32.dll not found! Deletion of file C:\WINDOWS\system32\wingsa32.dll failed! Could not process line: C:\WINDOWS\system32\wingsa32.dll Status: 0xc0000034 File C:\Documents and Settings\Marco\Dati applicazioni\wklnhst.dat deleted successfully. File move operation C:\WINDOWS\system32\bak\ctfmon.exe|C:\WINDOWS\system32\ctfmon.exe completed successfully. File move operation C:\Programmi\McAfee\SpamKiller\bak\MSKDetct.exe|C:\Programmi\McAfee\SpamKiller\MSKDetct.exe completed successfully. File move operation C:\Programmi\Intel\Wireless\Bin\bak\ZCfgSvc.exe|C:\Programmi\Intel\Wireless\Bin\ZCfgSvc.exe completed successfully. File move operation C:\Programmi\Intel\Wireless\Bin\bak\ifrmewrk.exe|C:\Programmi\Intel\Wireless\Bin\iFrmewrk.exe completed successfully. File move operation C:\Programmi\DAEMON Tools\bak\daemon.exe|C:\Programmi\DAEMON Tools\daemon.exe completed successfully. File move operation C:\Programmi\D-Tools\bak\daemon.exe|C:\Programmi\D-Tools\daemon.exe completed successfully. Folder C:\Windows\Tasks deleted successfully. Folder C:\Windows\Temp deleted successfully. Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully. Completed script processing. ******************* Finished! Terminate. Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File "C:\Documents and Settings\Marco\Dati applicazioni\wklnhst.dat" deleted successfully. Error: file "C:\WINDOWS\system32\__c00F7568.dat" not found! Deletion of file "C:\WINDOWS\system32\__c00F7568.dat" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Folder "C:\WINDOWS\temp" deleted successfully. Folder "C:\WINDOWS\Tasks" deleted successfully. Folder "C:\Programmi\Trojan Remover" deleted successfully. Registry value "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs" replaced with dummy successfully. Completed script processing. ******************* Finished! Terminate.
  6. Fatto tutto! A quanto pare c'è qualcosa adesso uppo i results. log.txt mbam_log_08_23_2008__18_37_38_.txt
  7. Ciao ragazzi! E' da qualche giorno chi riscontrato un paio di problemi col Pc. Praticamente capita che dopo un po che sono in internet la navigazione diventa lenta e mi si blocca la chiusura delle finestre come se si fosse impallato il pc; come se nn bastasse si aprono automaticamente finestre pubblicitarie (sempre le stesse). Inoltre sono in possesso di kaspersky 2007 antivirus e sono un paio di giorni che compare l'avviso di fine infetti anche all'avvio del pc, spyware e trojan che purtroppo non riesco ad eliminare. Premetto che la versione è originale ed aggiornata, ho fatto un paio di scansioni ma nn trova niente.. Non saprei proprio come fare... immagino ci sia "qualche" schifezza infiltrata da qualche parte... Vi ho scritto anche tempo fa per altri problemi e mi avete sempre aiutato alla grande! Sono nelle vostre mani..! Vi ringrazio anticipatamente !! hijackthis.log
  8. Non riesco ad installare IE7... il pc fa tutte le operazioni di installazione, la barra di progresso raggiunge il 100% senza problemi ma quando dovrebbe dare l'avviso si avvenuta installazione dice "impossibile installare IE7". Inoltre nn riesco ad installare il "Pacchetto cumulativo di aggiornamenti della protezione per Internet Explorer 6 in Windows XP (KB939653) ". Triste faccenda..., nn so come mai. Gli altri aggiornamenti li fa senza problemi. E il sistema è autentico. Ho provato a installarlo sia in automatico che andato sul sito di microsoft update ma niente... Sapresti darmi qualche consiglio? Ho provato a disinstallare IE6 e installare IE7 ma le cose nn cambiano...
  9. Dopo averti fatto diventare matto devo risponderti "purtroppo si..." però nn ti preoccupare adesso almeno abbiamo fatto un po' di pulizia. :up1: Grazie mille per le dritte
  10. Guarda per gli antivirus ne ho passate di tutti i colori, ero partito con McAfee, poi al suo posto ho messo AVG e Antivir... adesso ho Kaspersky Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\ddabc.dll not found! Deletion of file C:\WINDOWS\system32\ddabc.dll failed! Could not process line: C:\WINDOWS\system32\ddabc.dll Status: 0xc0000034 File C:\WINDOWS\system32\mcrh.tmp not found! Deletion of file C:\WINDOWS\system32\mcrh.tmp failed! Could not process line: C:\WINDOWS\system32\mcrh.tmp Status: 0xc0000034 File C:\WINDOWS\system32\msvcrt23.dll not found! Deletion of file C:\WINDOWS\system32\msvcrt23.dll failed! Could not process line: C:\WINDOWS\system32\msvcrt23.dll Status: 0xc0000034 File C:\WINDOWS\system32\orutv.ini not found! Deletion of file C:\WINDOWS\system32\orutv.ini failed! Could not process line: C:\WINDOWS\system32\orutv.ini Status: 0xc0000034 File C:\WINDOWS\system32\orutv.ini2 not found! Deletion of file C:\WINDOWS\system32\orutv.ini2 failed! Could not process line: C:\WINDOWS\system32\orutv.ini2 Status: 0xc0000034 File C:\WINDOWS\system32\cbadd.ini not found! Deletion of file C:\WINDOWS\system32\cbadd.ini failed! Could not process line: C:\WINDOWS\system32\cbadd.ini Status: 0xc0000034 File C:\WINDOWS\system32\cbadd.ini2 not found! Deletion of file C:\WINDOWS\system32\cbadd.ini2 failed! Could not process line: C:\WINDOWS\system32\cbadd.ini2 Status: 0xc0000034 File C:\WINDOWS\system32\wingsa32.dll not found! Deletion of file C:\WINDOWS\system32\wingsa32.dll failed! Could not process line: C:\WINDOWS\system32\wingsa32.dll Status: 0xc0000034 File C:\Documents and Settings\Marco\Dati applicazioni\wklnhst.dat deleted successfully. File move operation C:\WINDOWS\system32\bak\ctfmon.exe|C:\WINDOWS\system32\ctfmon.exe completed successfully. File move operation C:\Programmi\McAfee\SpamKiller\bak\MSKDetct.exe|C:\Programmi\McAfee\SpamKiller\MSKDetct.exe completed successfully. File move operation C:\Programmi\Intel\Wireless\Bin\bak\ZCfgSvc.exe|C:\Programmi\Intel\Wireless\Bin\ZCfgSvc.exe completed successfully. File move operation C:\Programmi\Intel\Wireless\Bin\bak\ifrmewrk.exe|C:\Programmi\Intel\Wireless\Bin\iFrmewrk.exe completed successfully. File move operation C:\Programmi\DAEMON Tools\bak\daemon.exe|C:\Programmi\DAEMON Tools\daemon.exe completed successfully. File move operation C:\Programmi\D-Tools\bak\daemon.exe|C:\Programmi\D-Tools\daemon.exe completed successfully. Folder C:\Windows\Tasks deleted successfully. Folder C:\Windows\Temp deleted successfully. Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully. Completed script processing. ******************* Finished! Terminate. Male o bene?
  11. Guarda, mi conforta sapere che il problema c'è effettivamente e non è più un'entità evanescente ! Ti ringrazio per le dritte che mi stai dando e aspetterò con ansia le tue istruzioni! :up1: Grazie ancora!!
  12. Bene bene, ho fatto tutto quello che hai consigliato LOG HiJackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19.30.17, on 18/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Intel\Wireless\Bin\EvtEng.exe C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\ICO.EXE C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\GSICON.EXE C:\WINDOWS\system32\dslagent.exe C:\WINDOWS\system32\Pmxmiced.exe C:\Programmi\Unlocker\UnlockerAssistant.exe C:\Programmi\D-Tools\daemon.exe C:\Programmi\Broadcom\BACS\BacsTray.exe C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\DAEMON Tools\daemon.exe C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Programmi\WinZip\WZQKPICK.EXE C:\WINDOWS\system32\wuauclt.exe C:\Programmi\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.aliceadsl.it/home R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.it/ig/dell?hl=it&client=dell-row&channel=it&ibd=0061103 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\programmi\mcafee\spamkiller\mcapfbho.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programmi\BAE\BAE.dll O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE O4 - HKLM\..\Run: [intelZeroConfig] "C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [unlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [bacstray] C:\Programmi\Broadcom\BACS\BacsTray.exe O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Service Manager.lnk = C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\programmi\mcafee\spamkiller\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\programmi\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: Alice - {CDBB7312-3603-42B3-8816-A6F4F03BB525} - http://gw.aliceadsl.it/alice (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home O15 - Trusted Zone: http://*.download.microsoft.com O15 - Trusted Zone: http://*.update.microsoft.com O15 - Trusted Zone: http://*.windowsupdate.com O15 - Trusted Zone: http://*.windowsupdate.microsoft.com O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/a...zylomloader.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Servizio iPod (iPod Service) - Unknown owner - C:\Programmi\iPod\bin\iPodService.exe (file missing) O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 7301 bytes LOG ComboFix ComboFix 08-01-18.4 - Marco 2008-01-18 18:48:52.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1551 [GMT 1:00] Eseguito da: C:\Documents and Settings\Marco\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\ddabc.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\msvcrt23.dll C:\WINDOWS\system32\orutv.ini C:\WINDOWS\system32\orutv.ini2 . ---- Previous Run ------- . C:\WINDOWS\system32\cbadd.ini C:\WINDOWS\system32\cbadd.ini2 C:\WINDOWS\system32\wingsa32.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\nm ((((((((((((((((((((((((( Files Creati Da 2007-12-18 al 2008-01-18 ))))))))))))))))))))))))))))))))))) . 2008-01-18 17:58 . 2008-01-18 18:04 2,246 --a------ C:\WINDOWS\system32\tmp.reg 2008-01-18 17:57 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-01-18 17:57 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-01-18 17:57 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-01-18 17:57 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-01-18 17:57 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-01-18 17:57 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-01-18 12:17 . 2008-01-18 15:47 <DIR> d-------- C:\Programmi\Windows Live 2008-01-18 12:17 . 2008-01-18 12:20 <DIR> d--hsc--- C:\Programmi\File comuni\WindowsLiveInstaller 2008-01-18 12:16 . 2008-01-18 12:16 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller 2008-01-17 20:26 . 2008-01-17 20:32 <DIR> d-------- C:\Programmi\Microsoft Silverlight 2008-01-17 19:07 . 2008-01-17 19:14 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat 2008-01-17 19:07 . 2008-01-17 19:14 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat 2008-01-17 19:07 . 2008-01-17 19:07 4,128 --a------ C:\INFCACHE.1 2008-01-17 19:06 . 2008-01-17 19:06 <DIR> d-------- C:\Programmi\Kaspersky Lab 2008-01-17 19:06 . 2008-01-18 19:12 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab 2008-01-17 19:06 . 2008-01-18 19:10 2,519,584 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-01-17 19:06 . 2008-01-18 19:09 46,880 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2008-01-17 19:06 . 2008-01-18 15:50 31,868 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-01-17 19:06 . 2008-01-18 15:50 4,748 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2008-01-17 18:55 . 2008-01-17 18:55 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avg7 2008-01-17 17:24 . 2008-01-17 22:11 <DIR> d-------- C:\Programmi\Netscape 2008-01-17 17:24 . 2008-01-17 17:24 <DIR> d-------- C:\Documents and Settings\Marco\Dati applicazioni\Netscape 2008-01-05 23:53 . 1997-01-18 11:40 299,520 --a------ C:\WINDOWS\uninst.exe 2008-01-05 21:47 . 2008-01-05 21:47 <DIR> d-------- C:\Documents and Settings\NetworkService\Dati applicazioni\McAfee.com Personal Firewall 2008-01-05 21:27 . 2008-01-05 21:27 <DIR> d-------- C:\Documents and Settings\Marco\Dati applicazioni\McAfee 2008-01-02 18:13 . 2008-01-03 00:17 <DIR> d-------- C:\Programmi\SniffPass 2008-01-02 18:13 . 2008-01-02 18:13 39,424 --a------ C:\WINDOWS\zipinst.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-16 14:03 --------- d-----w C:\Programmi\eMule 2008-01-14 19:13 --------- d-----w C:\Programmi\McAfee.com 2008-01-14 19:10 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\McAfee.com 2008-01-14 19:09 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\McAfee.com Personal Firewall 2008-01-05 20:57 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Avira 2008-01-04 22:50 1,208 -c--a-w C:\Documents and Settings\Marco\Dati applicazioni\wklnhst.dat 2007-11-24 11:22 --------- d-----w C:\Programmi\File comuni\Autodesk Shared 2007-11-24 11:22 --------- d-----w C:\Programmi\Autodesk 2007-11-24 11:22 --------- d-----w C:\Programmi\AutoCAD 2005 2007-11-24 11:21 --------- d-----w C:\Programmi\AnswerWorks 4.0 2007-11-24 11:19 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Autodesk 2007-11-23 19:40 --------- d-----w C:\Programmi\Microsoft Works 2007-11-23 15:45 --------- d-----w C:\Programmi\Trend Micro 2007-11-23 13:59 --------- d-----w C:\Programmi\p-nand-q.com 2007-11-22 18:19 --------- d-----w C:\Programmi\File comuni\Real 2007-11-22 18:12 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer 2007-11-22 11:33 --------- d-----w C:\Programmi\NetWaiting 2007-11-19 20:02 --------- d-----w C:\Programmi\D-Tools 2007-11-18 15:34 --------- d-----w C:\Programmi\Yahoo! 2007-11-18 14:59 --------- d-----w C:\Programmi\DAEMON Tools 2007-11-18 14:59 --------- d-----w C:\Programmi\BAE 2007-11-18 14:25 --------- d--h--w C:\Programmi\InstallShield Installation Information 2007-11-18 11:50 --------- d-----w C:\Programmi\MSBuild 2007-11-18 11:44 --------- d-----w C:\Programmi\Reference Assemblies 2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe 2006-11-24 20:53 168 -csh--r C:\WINDOWS\system32\AB119646E1.sys 2006-11-24 20:53 6,266 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . -c--a-w 45,056 2006-01-02 17:41:22 C:\Programmi\ATI Technologies\ATI.ACE\bak\cli.exe -c--a-w 81,920 2003-12-15 17:56:02 C:\Programmi\D-Tools\bak\daemon.exe ----a-w 81,920 2003-12-15 17:56:02 C:\Programmi\D-Tools\daemon.exe -c--a-w 157,592 2006-11-12 10:48:46 C:\Programmi\DAEMON Tools\bak\daemon.exe ----a-w 171,464 2007-09-18 14:16:16 C:\Programmi\DAEMON Tools\daemon.exe -c--a-w 184,320 2006-08-22 15:32:18 C:\Programmi\Dell\MediaDirect\bak\PCMService.exe -c--a-w 81,920 2005-08-11 15:30:30 C:\Programmi\File comuni\InstallShield\UpdateService\bak\issch.exe -c--a-w 249,856 2005-08-11 15:30:30 C:\Programmi\File comuni\InstallShield\UpdateService\bak\ISUSPM.exe -c--a-w 602,182 2006-05-01 09:28:26 C:\Programmi\Intel\Wireless\Bin\bak\ifrmewrk.exe ----a-w 602,182 2006-05-01 07:28:26 C:\Programmi\Intel\Wireless\Bin\iFrmewrk.exe -c--a-w 667,718 2006-05-01 09:28:06 C:\Programmi\Intel\Wireless\Bin\bak\ZCfgSvc.exe ----a-w 667,718 2006-05-01 07:28:06 C:\Programmi\Intel\Wireless\Bin\ZCfgSvc.exe -c--a-w 49,263 2006-11-09 14:07:30 C:\Programmi\Java\jre1.5.0_10\bin\bak\jusched.exe -c--a-w 1,121,792 2005-08-12 15:16:44 C:\Programmi\McAfee\SpamKiller\bak\MSKDetct.exe ----a-w 1,117,184 2005-07-12 18:05:30 C:\Programmi\McAfee\SpamKiller\MSKDetct.exe -c--a-w 351,000 2006-06-13 01:01:04 C:\Programmi\Microsoft Encarta\Microsoft Encarta 2007 - Premium DVD\bak\EDICT.EXE -c--a-w 761,947 2006-03-08 18:48:02 C:\Programmi\Synaptics\SynTP\bak\SynTPEnh.exe -c--a-w 67,584 2005-09-29 14:01:14 C:\WINDOWS\ehome\bak\ehtray.exe -c--a-w 15,360 2004-09-07 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe ----a-w 15,360 2004-09-07 12:00:00 C:\WINDOWS\system32\ctfmon.exe -c--a-w 155,648 2001-07-09 09:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe -c--a-w 122,941 2005-05-31 04:33:00 C:\WINDOWS\system32\dla\bak\tfswctrl.exe . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* i valori vuoti & legittimi/default non sono visualizzati. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-07 13:00 15360] "DAEMON Tools"="C:\Programmi\DAEMON Tools\daemon.exe" [2007-09-18 15:16 171464] "MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 00:30 282624 C:\WINDOWS\stsystra.exe] "PMX Daemon"="ICO.EXE" [2006-06-09 13:47 47104 C:\WINDOWS\system32\ico.exe] "IntelZeroConfig"="C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 08:28 667718] "IntelWireless"="C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 08:28 602182] "GSICONEXE"="GSICON.EXE" [2001-07-20 03:22 90112 C:\WINDOWS\system32\gsicon.exe] "DSLAGENTEXE"="dslagent.exe" [2001-06-14 08:52 16384 C:\WINDOWS\system32\DSLAGENT.EXE] "UnlockerAssistant"="C:\Programmi\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19 15872] "DAEMON Tools-1033"="C:\Programmi\D-Tools\daemon.exe" [2003-12-15 18:56 81920] "bacstray"="C:\Programmi\Broadcom\BACS\BacsTray.exe" [2005-07-13 17:54 118784] "AVP"="C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51 218376] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-07 13:00 15360] C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\ AutoCAD Startup Accelerator.lnk - C:\Programmi\File comuni\Autodesk Shared\acstart16.exe [2004-02-25 01:35:22] Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26] Service Manager.lnk - C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2000-08-06 01:03:20] WinZip Quick Pick.lnk - C:\Programmi\WinZip\WZQKPICK.EXE [2007-01-20 15:43:40] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll R0 d343bus;d343bus;C:\WINDOWS\system32\DRIVERS\d343bus.sys [2003-12-15 18:46] R0 d343port;d343port;C:\WINDOWS\system32\DRIVERS\d343port.sys [2003-12-15 17:29] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58] R3 pmxmouse;PMXMOUSE;C:\WINDOWS\system32\DRIVERS\pmxmouse.sys [2006-04-24 10:57] R3 pmxusblf;PMXUSBLF;C:\WINDOWS\system32\DRIVERS\pmxusblf.sys [2006-04-24 10:59] S2 gafwload;Modem ADSL B-QUICK Loader;C:\WINDOWS\system32\DRIVERS\gafwload.sys [2001-07-22 13:50] S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-18 19:12:25 Windows 5.1.2600 Service Pack 2 NTFS scansione processi nascosti ... scansione entrate autostart nascoste ... Scansione files nascosti ... Scansione completata con successo Files nascosti: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156] -> C:\Programmi\Unlocker\UnlockerHook.dll . Ora fine scansione: 2008-01-18 19:15:38 - machine was rebooted [Marco] ComboFix-quarantined-files.txt 2008-01-18 18:15:31 . 2008-01-18 14:02:54 --- E O F ---
  13. Heilà! Grazie per l'attenzione! Ho cancellato le voci che mi hai indicato e ho fatto la scansione che mi dicevi... ecco il log... (spero nn manchi niente) PS, con "posta i due log" intendi quello di fraudfix e un nuovo log di hijack? SmitFraudFix v2.274 Scan done at 18:04:29.64, 2008-01-18 Run from C:\Documents and Settings\Marco\Desktop\nnnn\SmitfraudFix OS: Microsoft Windows XP [Versione 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Intel\Wireless\Bin\EvtEng.exe C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\ICO.EXE C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\GSICON.EXE C:\WINDOWS\system32\dslagent.exe C:\Programmi\Unlocker\UnlockerAssistant.exe C:\Programmi\D-Tools\daemon.exe C:\Programmi\Broadcom\BACS\BacsTray.exe C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\DAEMON Tools\daemon.exe C:\WINDOWS\system32\Pmxmiced.exe C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Programmi\WinZip\WZQKPICK.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Marco »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Marco\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Marco\PREFER~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Programmi »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Pagina iniziale corrente" »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, following keys are not inevitably infected!!! IEDFix.exe by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End
  14. Ciao ragazzi, ho un problema... nn riesco a fare un aggiornamento di windows e non riesco ad installare IE7. Ne stò gia parlando in una sezione adeguata ma posto qui il mio LOG di hijack perchè non vorrei che la causa dei miei problemi sia qualcosa che magari può essere risolto in questa maniera... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:06, on 2008-01-18 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Intel\Wireless\Bin\EvtEng.exe C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\ICO.EXE C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\GSICON.EXE C:\WINDOWS\system32\dslagent.exe C:\Programmi\Unlocker\UnlockerAssistant.exe C:\Programmi\D-Tools\daemon.exe C:\Programmi\Broadcom\BACS\BacsTray.exe C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\DAEMON Tools\daemon.exe C:\WINDOWS\system32\Pmxmiced.exe C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Programmi\WinZip\WZQKPICK.EXE C:\WINDOWS\system32\wuauclt.exe C:\Programmi\Internet Explorer\iexplore.exe C:\WINDOWS\system32\rundll32.exe C:\Programmi\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.aliceadsl.it/home R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.it/ig/dell?hl=it&client=dell-row&channel=it&ibd=0061103 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {218EA3C6-59E5-4592-8BA8-7841FB234A39} - (no file) O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\programmi\mcafee\spamkiller\mcapfbho.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: (no name) - {8ED2EE63-44E2-46A6-8BB4-E486F5F22EF4} - (no file) O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programmi\BAE\BAE.dll O2 - BHO: (no name) - {E0490846-A9B6-4FFC-A713-E5C6519BBD17} - (no file) O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE O4 - HKLM\..\Run: [intelZeroConfig] "C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [unlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [bacstray] C:\Programmi\Broadcom\BACS\BacsTray.exe O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Service Manager.lnk = C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\programmi\mcafee\spamkiller\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\programmi\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: Alice - {CDBB7312-3603-42B3-8816-A6F4F03BB525} - http://gw.aliceadsl.it/alice (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home O15 - Trusted Zone: http://*.download.microsoft.com O15 - Trusted Zone: http://*.update.microsoft.com O15 - Trusted Zone: http://*.windowsupdate.com O15 - Trusted Zone: http://*.windowsupdate.microsoft.com O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/a...zylomloader.cab O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/323/webolr/OCX/FlashAX.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{EDB270AD-6BAE-48DF-B672-A3DAE59F816E}: NameServer = 85.37.17.44 85.38.28.90 O20 - Winlogon Notify: hggffcc - hggffcc.dll (file missing) O20 - Winlogon Notify: wingsa32 - wingsa32.dll (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Servizio iPod (iPod Service) - Unknown owner - C:\Programmi\iPod\bin\iPodService.exe (file missing) O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 7978 bytes Attendoi un vostro saggio responso...! E grazie mille!!! :angel_not:
  15. Ho provato ma non riesce ad aggiornalo comunque... siamo da capo... Provo a fare una scansione hijackthis tanto per vedere se c'è qualcosa sotto e la posto nella sezione apposita ma nn so...