Log Da Controllare

morariccia · June 29, 2009

Controllino del log, ogni volta che avvio il mio pc

si riavvia anche spyware terminetor e trova

un cookie da rimuovere, faccio rimuovi ma

alla successiva idem

(ho passato spybot, malawarebytes antivirus ma non trovano nulla)

meglio una controllatina.Grazie sempre per la vostra disponibilità

e gentilezza, a presto

Mora

allora e quindi ecco il Log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20.50.12, on 29/06/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmi\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe

C:\Programmi\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\windows\system\hpsysdrv.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe

C:\Programmi\Windows Defender\MSASCui.exe

C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\vsnpstd.exe

C:\Programmi\Windows Live\Messenger\msnmsgr.exe

C:\Programmi\Messenger\msmsgs.exe

C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe

C:\Programmi\Yahoo!\Messenger\ymsgr_tray.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\CSHelper.exe

C:\WINDOWS\System32\gearsec.exe

C:\Programmi\Java\jre6\bin\jqs.exe

C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe

C:\Programmi\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\System32\svchost.exe

C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe

C:\Programmi\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Programmi\IncrediMail\bin\IMApp.exe

C:\WINDOWS\system32\wuauclt.exe

C:\DOCUME~1\PROPRI~1\IMPOST~1\Temp\Directory temporanea 1 per HiJackThis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.a...&tbid=60076

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [spywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programmi\Yahoo!\Messenger\ypager.exe" -quiet

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesit.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesit.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab

O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} - https://media.pineconeresearch.com/ActiveX/...loadcontrol.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe

O23 - Service: Provvedere al Servizio Sicurezza (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe

O23 - Service: Servizio iPod (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe

O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/PROPRI~1/IMPOST~1/Temp/msohtml1/01/clip_image001.jpg

--

End of file - 9451 bytes

Luke57 · June 30, 2009

Ciao, non mi pare di vedere minacce attive nel report.

Riverside · June 30, 2009

ogni volta che avvio il mio pc si riavvia anche spyware terminetor e trova un cookie da rimuovere ....

Più che del cookie mi preoccuperei di altro.

Intanto, rilancia Hijacthis e:

● spunta la casellina fianco di ogni singola voce che ti indicherò sotto

● una volta spuntate le voci:

● chiudi tutte le applicazioni aperte

● chiudi tutte le pagine del browser aperte

● in Hijkackthis fixa le voci cliccando su Fixchecked

Queste le voci da fixare:

O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programmi\Yahoo!\Messenger\ypager.exe" –quiet

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe

O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} - https://media.pineconeresearch.com/ActiveX/...dcontrol.cabO16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} - https://media.pineconeresearch.com/ActiveX/...loadcontrol.cab

Poi, segui questo percorso:

> Risorse del Computer

> Disco locali C:

> apri la cartella WINDOWS

> apri la cartella system32

> individua questo file: CSHelper.exe e fallo analizzare su Virustotal

Al termine della analisi verrà rilasciato un report: pubblica i link al report.

Modificato June 30, 2009 da Riverside

Luke57 · June 30, 2009

@Riverside

Ciao, scusa se intervengo ma detta così sembra che abbia il computer pieno di minacce, penso che sia necessario precisare a che cosa serve eliminare quelle voci. A meno che tu non abbia scorto qualcosa che a me, francamente, è sfuggito.

Riverside · June 30, 2009

.... penso che sia necessario precisare a che cosa serve eliminare quelle voci. A meno che tu non abbia scorto qualcosa che a me, francamente, è sfuggito.

A occhio, direi la seconda, Luke.

Per il resto, tutte le voci da fixare non servono a nulla se non a riempire la barra del browser di inutili orpelli e a appesantire la traybar con una miriade di applicazioni che girano in background.

Tra l'altro deve essere un miracolo se quel PC non si pianta: tra antivirus, firewall e software antimalware, ci sono 5 o 6 software che girano in realtime.

Modificato June 30, 2009 da Riverside

morariccia · July 1, 2009

Innanzitutto grazie mille!

@riverside: con ogni probabilità tu hai ragionissima

ma abbi pazienza sono un'ignorante in materia

sono sempre un pò restia a eliminare quando leggo la parola system

perchè temo di far danni...per il resto posso eliminare quello che vuoi

però mi traduci in parole povere questa: ": pubblica i link al report."

scusami non so cosa sia un report , né dove si possa pubblicare, sorry!

A meno che non significa che poi devo cliccare sotto la scritta "invia file" , giusto?

un'altra cosa il pc grazie a dio è vecchiotto ma non mi si pianta, salvo che non mi si butti sfiga...e domani

mi tocca buttarlo

Modificato July 1, 2009 da morariccia

morariccia · July 1, 2009

cmq ho fatto come mi hai indicato e sono arrivata a questo punto

copio:

Il file è già stato analizzato:

MD5: aefb8558199bd5212b268b09bfa1d71a First received: 2009.02.03 12:01:08 UTC Data 2009.06.13 11:50:03 UTC [>17D] Risultati 0/40 Permalink: analisis/8623c845977ffceca6e90f8b148b05ae8e85cf7c517652be8ed44f597a749bee-1244893803

cliccando è venuto fuori questo (scusate l'OT ma sono un pò confusa perchè non ci capisco nulla)

Stato corrente: finito

Risultato: 0/40 (0.00%) Formattato Stampa risultati Antivirus Versione Ultimo aggiornamento Risultato a-squared 4.5.0.18 2009.06.13 - AhnLab-V3 5.0.0.2 2009.06.12 - AntiVir 7.9.0.187 2009.06.12 - Antiy-AVL 2.0.3.1 2009.06.12 - Authentium 5.1.2.4 2009.06.12 - Avast 4.8.1335.0 2009.06.12 - AVG 8.5.0.339 2009.06.13 - BitDefender 7.2 2009.06.13 - CAT-QuickHeal 10.00 2009.06.13 - ClamAV 0.94.1 2009.06.13 - Comodo 1325 2009.06.13 - DrWeb 5.0.0.12182 2009.06.13 - eSafe 7.0.17.0 2009.06.11 - eTrust-Vet 31.6.6556 2009.06.12 - F-Prot 4.4.4.56 2009.06.12 - F-Secure 8.0.14470.0 2009.06.13 - Fortinet 3.117.0.0 2009.06.13 - GData 19 2009.06.13 - Ikarus T3.1.1.59.0 2009.06.13 - K7AntiVirus 7.10.762 2009.06.12 - Kaspersky 7.0.0.125 2009.06.13 - McAfee 5644 2009.06.12 - McAfee+Artemis 5644 2009.06.12 - McAfee-GW-Edition 6.7.6 2009.06.12 - Microsoft 1.4701 2009.06.13 - NOD32 4152 2009.06.13 - Norman 6.01.09 2009.06.12 - nProtect 2009.1.8.0 2009.06.13 - Panda 10.0.0.14 2009.06.13 - PCTools 4.4.2.0 2009.06.12 - Prevx 3.0 2009.06.13 - Rising 21.33.52.00 2009.06.13 - Sophos 4.42.0 2009.06.13 - Sunbelt 3.2.1858.2 2009.06.13 - Symantec 1.4.4.12 2009.06.13 - TheHacker 6.3.4.3.345 2009.06.13 - TrendMicro 8.950.0.1092 2009.06.12 - VBA32 3.12.10.7 2009.06.13 - ViRobot 2009.6.13.1785 2009.06.13 - VirusBuster 4.6.5.0 2009.06.12 - Informazioni addizionali File size: 266240 bytes MD5 : aefb8558199bd5212b268b09bfa1d71a SHA1 : 08dc117fe57fcba4c9078081300854b6a54a6c79 SHA256: 8623c845977ffceca6e90f8b148b05ae8e85cf7c517652be8ed44f597a749bee PEInfo: PE Structure information

( base data )

entrypointaddress.: 0x4E8F

timedatestamp.....: 0x48F46F15 (Tue Oct 14 12:06:13 2008)

machinetype.......: 0x14C (Intel I386)

( 7 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0x1AEF4 0x1B000 6.65 eab07101d3812cf5211d2ceb6e3bc0d8

CODE 0x1C000 0x1BAFC 0x1C000 6.48 508884a809f9365c1f39fa1aa4f46bfe

.rdata 0x38000 0x4AA4 0x5000 5.23 25fe59cc0204aba1d958946441d7927e

.data 0x3D000 0x1B50 0x1000 2.96 617df622cbcbc5dc816905b102fecef7

DATA 0x3F000 0xF80 0x1000 4.58 18c8970d32d7ab38a958fafab01a5ba6

BSS 0x40000 0x759 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110

.rsrc 0x41000 0xB0 0x1000 3.06 63dd4599aa8fbdfca297181b242bedf2

( 0 imports )

( 0 exports )

TrID : File type identification

Win32 Executable MS Visual C++ (generic) (65.2%)

Win32 Executable Generic (14.7%)

Win32 Dynamic Link Library (generic) (13.1%)

Generic Win/DOS Executable (3.4%)

DOS Executable Generic (3.4%) ThreatExpert: http://www.threatexpert.com/report.aspx?md...b268b09bfa1d71a ssdeep: 3072:wJjoZd9Lih2vNu8luiNX5gKBrWYGc+voYMcCoPwUGB7eZqmPx2n2l7YrACBsty:6jo/2muQui/gK9WYIoYMxw2noYrADty PEiD : - CWSandbox: http://research.sunbelt-software.com/partn...b268b09bfa1d71a RDS : NSRL Reference Data Set

e ora? che faccio?

mi pare di capire che sia tutto ok, giusto?

Modificato July 1, 2009 da morariccia

morariccia · July 1, 2009

il pc va sicuramente meglio

ma il tracking cookie persevera!

avevo copiato il tutto ma mi sono persa nei meandri del web come mio solito

grazie a tutti cmq!

Riverside · July 2, 2009

Facciamo cosi: sono solo di passaggio su questo forum, però una mano te la do volentieri.

Allega un nuovo log di Hijackthis e vediamo di sistemare un pò di cose.

Del tracking cookie, per ora non ti preoccupare (non fa danni ).

Luna75 · July 2, 2009

Chiedo scusa, forse potrebbe servire anche combofix, (a parte quello che dicono riverside e Luke

segui questa guida:

http://forum.wininizio.it/index.php?showtopic=98188

e alllega ciò che risulta al forum.

Riverside · July 2, 2009

Chiedo scusa, forse potrebbe servire anche combofix

C'è una ragione specifica? per ora suggerirei di soprassedere ... ma forse, mi sbaglio .... quel forse che significa? o serve oppure non serve

morariccia · July 2, 2009

vedrò di seguire entrambi i consigli...

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23.09.35, on 02/07/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmi\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe

C:\Programmi\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\ps2.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe

C:\Programmi\Windows Defender\MSASCui.exe

C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\vsnpstd.exe

C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe

C:\Programmi\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\CSHelper.exe

C:\WINDOWS\System32\gearsec.exe

C:\Programmi\Java\jre6\bin\jqs.exe

C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe

C:\Programmi\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe

C:\Programmi\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\Programmi\IncrediMail\bin\IncMail.exe

C:\Programmi\Mozilla Firefox\firefox.exe

C:\Programmi\IncrediMail\bin\IMApp.exe

C:\Documents and Settings\Proprietario\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.a...&tbid=60076

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [spywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')

O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesit.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesit.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll