Accedi per seguire   
Seguaci 0
ilvampirolestat

Log Di Hijackthis

24 messaggi in questa discussione

Ecco il mio log.... spero possiate aiutarmi...

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10.54.03, on 06/04/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmi\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Programmi\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe

C:\Programmi\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\System32\svchost.exe

c:\programmi\pinnacle\shared files\programs\mediaserver\pmshost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Programmi\ATI Technologies\ATI.ACE\cli.exe

C:\Programmi\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe

C:\Programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe

C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe

C:\Programmi\Windows Defender\MSASCui.exe

C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe

C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Programmi\QuickTime\qttask.exe

C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe

C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe

C:\Programmi\Windows Live\Messenger\usnsvc.exe

C:\Programmi\internet explorer\iexplore.exe

C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=TZPopupKiller:8100

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Programmi\TextAloud\TAForIE.dll

O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime

O4 - HKLM\..\Run: [PMCS] C:\Programmi\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe -host -clearDebug

O4 - HKLM\..\Run: [PMCRemote] C:\Programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [spywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Policies\Explorer\Run: [NT Security Service] NTSecurity.exe

O4 - HKUS\S-1-5-18\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1182896061218

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ilvampirolestat1982italy.spaces.liv...ad/MsnPUpld.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: efcCssSk - efcCssSk.dll (file missing)

O20 - Winlogon Notify: ssqoljg - ssqoljg.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\programmi\pinnacle\shared files\programs\mediaserver\pmshost.exe

O23 - Service: Spooler di stampa (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

ciao

non credi sia utile scrivere anche il motivo per il quale si posta un log?

:)

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

si hai ragione scusami ma mi hanno detto di postare qui il log... avevo scritto un post sull'errore di rundll32.exe... e poi mi hanno detto di postare qui il log... sono impedito perdonamiiiii.... imparerò piano piano.... è la prima volta che partecipo ad un forum :)

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

cmq rimetto qui il post

Salve a tutti, scusate ma sono nuovo di qui ma ho un problema che mi sta letteralmente dannando.... in pratica quando cerco di aprire qualsiasi file nel pannello di controllo come SISTEMA, SUONI E PERIFERICHE,INSTALLAZIONE APPLICAZIONI e addirittura quando clicco sull'ora in basso a destra della barra delle applicazioni mi esce un errore, questo :Impossibile trovare il file"C:\WINDOWS\system32\rundll32.exe". Verificare che il percorso e il nome del file siano corretti e ritentare. Per cercare un file fare click sul pulsante Start, quindi scegliere Trova.

sul sito di windows mi dice di fare questo:

Per risolvere il problema, attenersi alla seguente procedura: 1.Inserire il CD di Windows XP nell'unità CD-ROM. 2.Fare clic sul pulsante Start, quindi scegliere Esegui.3.Digitare expand X:\i386\rundll32.ex_ c:\windows\system32\rundll32.exe nella casella Apri, dove X è la lettera dell'unità CD-ROM. 4.Riavviare il computer.

purtoppo tutto ciò non è servito a nulla...

non so più cosa fare e non vorrei formattare se fosse qualcosa di risolvibile..

Ho fatto una scansione con Hijackthis.... spero vi possa servire...

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15.34.38, on 05/04/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmi\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Programmi\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe

C:\Programmi\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\System32\svchost.exe

c:\programmi\pinnacle\shared files\programs\mediaserver\pmshost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Programmi\ATI Technologies\ATI.ACE\cli.exe

C:\Programmi\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe

C:\Programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe

C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe

C:\Programmi\Windows Defender\MSASCui.exe

C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe

C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe

C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe

C:\Programmi\Windows Live\Messenger\usnsvc.exe

C:\Programmi\Avira\AntiVir PersonalEdition Classic\avcenter.exe

c:\programmi\avira\antivir personaledition classic\avscan.exe

C:\Programmi\QuickTime\qttask.exe

C:\Programmi\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\Programmi\Mozilla Firefox\firefox.exe

C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=TZPopupKiller:8100

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Programmi\TextAloud\TAForIE.dll

O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime

O4 - HKLM\..\Run: [PMCS] C:\Programmi\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe -host -clearDebug

O4 - HKLM\..\Run: [PMCRemote] C:\Programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [spywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Policies\Explorer\Run: [NT Security Service] NTSecurity.exe

O4 - HKUS\S-1-5-18\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1182896061218

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ilvampirolestat1982italy.spaces.liv...ad/MsnPUpld.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: efcCssSk - efcCssSk.dll (file missing)

O20 - Winlogon Notify: ssqoljg - ssqoljg.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\programmi\pinnacle\shared files\programs\mediaserver\pmshost.exe

O23 - Service: Spooler di stampa (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe

--

End of file - 9537 bytes

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

ok, già và meglio.... fai cosi;

Con HJT metti la spunta a queste voci;

O4 - HKCU\..\Policies\Explorer\Run: [NT Security Service] NTSecurity.exe

O20 - Winlogon Notify: efcCssSk - efcCssSk.dll (file missing)

O20 - Winlogon Notify: ssqoljg - ssqoljg.dll (file missing)

e premi su fix checked

portati in questa pagina, segui le info per eseguire Combofix e posta il suo log;

http://www.steven.altervista.org/files/tools.html#tools1

:)

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

ok fatto, questo è il log

ComboFix 08-04-02.1 - Kenzo 2008-04-06 14.53.05.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.474 [GMT 2:00]

Eseguito da: C:\Documents and Settings\Kenzo\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\kiasys.dll

.

((((((((((((((((((((((((( Files Creati Da 2008-03-06 al 2008-04-06 )))))))))))))))))))))))))))))))))))

.

2008-04-06 12:36 . 2008-04-06 12:36 <DIR> d-------- C:\Programmi\Nero

2008-04-04 22:04 . 2008-04-04 22:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-04-04 22:04 . 2008-04-04 22:04 1,409 --a------ C:\WINDOWS\QTFont.for

2008-04-04 20:58 . 2008-04-04 20:58 38 --a------ C:\WINDOWS\avisplitter.INI

2008-04-04 18:58 . 2008-04-04 18:58 <DIR> d-------- C:\Programmi\Avira

2008-04-04 18:58 . 2008-04-04 18:58 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avira

2008-04-04 18:55 . 2008-04-04 20:42 <DIR> d-------- C:\Programmi\WinClamAVShield

2008-04-04 18:48 . 2008-04-06 11:01 <DIR> d-------- C:\Programmi\Spyware Terminator

2008-04-04 18:48 . 2008-04-06 11:00 <DIR> d-------- C:\Documents and Settings\Kenzo\Dati applicazioni\Spyware Terminator

2008-04-04 18:48 . 2008-04-06 11:01 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator

2008-04-04 18:48 . 2008-04-04 18:48 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

2008-04-04 17:05 . 2008-04-04 17:05 <DIR> d-------- C:\Programmi\FreshDevices

2008-04-04 17:00 . 2007-11-29 23:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2008-04-04 17:00 . 2007-12-04 02:33 682,496 --a------ C:\WINDOWS\system32\divx.dll

2008-04-04 17:00 . 2007-11-29 23:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll

2008-04-04 16:39 . 2008-04-04 16:43 <DIR> d-------- C:\Programmi\RogueRemover FREE

2008-04-04 16:25 . 2007-10-15 12:51 26,112 --------- C:\WINDOWS\system32\dllcache\usbser.sys

2008-04-04 16:15 . 2007-12-31 14:09 294,400 --------- C:\WINDOWS\system32\dllcache\msctf.dll

2008-04-04 16:14 . 2007-12-18 11:51 179,584 --------- C:\WINDOWS\system32\dllcache\mrxdav.sys

2008-04-04 16:12 . 2007-11-22 13:23 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys

2008-04-04 16:12 . 2007-11-22 13:23 10,240 --------- C:\WINDOWS\system32\dllcache\sffp_mmc.sys

2008-04-04 16:06 . 2008-04-04 16:06 <DIR> d-------- C:\Programmi\MSXML 6.0

2008-04-04 15:59 . 2007-04-25 16:18 465,408 --------- C:\WINDOWS\system32\imapi2fs.dll

2008-04-04 15:59 . 2007-04-25 16:18 465,408 --------- C:\WINDOWS\system32\dllcache\imapi2fs.dll

2008-04-04 15:59 . 2007-04-25 16:18 318,464 --------- C:\WINDOWS\system32\imapi2.dll

2008-04-04 15:59 . 2007-04-25 16:18 318,464 --------- C:\WINDOWS\system32\dllcache\imapi2.dll

2008-04-04 15:59 . 2007-04-25 13:41 62,592 --------- C:\WINDOWS\system32\dllcache\cdrom.sys

2008-04-04 15:58 . 2007-05-14 14:52 178,176 --------- C:\WINDOWS\system32\dllcache\repdrvfs.dll

2008-04-04 15:57 . 2008-04-04 15:57 <DIR> d-------- C:\WINDOWS\system32\bits

2008-04-04 15:56 . 2007-05-24 15:23 408,064 --------- C:\WINDOWS\system32\dllcache\qmgr.dll

2008-04-04 15:56 . 2007-05-24 15:23 18,944 --------- C:\WINDOWS\system32\dllcache\qmgrprxy.dll

2008-04-04 15:56 . 2007-05-24 15:23 8,192 --------- C:\WINDOWS\system32\dllcache\bitsprx2.dll

2008-04-04 15:56 . 2007-05-24 15:23 7,168 --------- C:\WINDOWS\system32\dllcache\bitsprx4.dll

2008-04-04 15:56 . 2007-05-24 15:23 7,168 --------- C:\WINDOWS\system32\dllcache\bitsprx3.dll

2008-04-04 15:56 . 2007-05-24 15:23 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll

2008-04-04 15:53 . 2008-04-04 15:53 <DIR> d-------- C:\Programmi\MSECache

2008-04-04 15:45 . 2007-02-07 15:33 279,040 --------- C:\WINDOWS\system32\dllcache\qdv.dll

2008-04-04 15:44 . 2007-02-19 12:34 343,040 --------- C:\WINDOWS\system32\dllcache\msvcrt.dll

2008-04-04 15:40 . 2006-10-31 12:26 36,864 --------- C:\WINDOWS\system32\dllcache\hidclass.sys

2008-04-04 15:39 . 2006-10-30 16:01 2,185,728 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2008-04-04 15:37 . 2006-11-08 10:51 62,336 --------- C:\WINDOWS\system32\drivers\rspndr.sys

2008-04-04 15:37 . 2006-11-08 10:51 10,752 --------- C:\WINDOWS\system32\rspndr.exe

2008-04-04 15:36 . 2006-10-23 13:14 17,152 --------- C:\WINDOWS\system32\dllcache\usbohci.sys

2008-04-04 15:34 . 2006-10-04 15:33 36,352 --------- C:\WINDOWS\system32\dllcache\umandlg.dll

2008-04-04 15:32 . 2006-10-11 18:26 313,344 --------- C:\WINDOWS\system32\dllcache\p2pgraph.dll

2008-04-04 15:32 . 2006-10-11 18:26 153,088 --------- C:\WINDOWS\system32\dllcache\p2p.dll

2008-04-04 15:32 . 2006-10-11 18:26 116,224 --------- C:\WINDOWS\system32\dllcache\p2pnetsh.dll

2008-04-04 15:32 . 2006-10-11 18:26 104,960 --------- C:\WINDOWS\system32\dllcache\p2pgasvc.dll

2008-04-04 15:32 . 2006-10-11 18:26 58,880 --------- C:\WINDOWS\system32\dllcache\pnrpnsp.dll

2008-04-04 15:29 . 2006-08-18 14:41 1,715,200 --------- C:\WINDOWS\system32\dllcache\netshell.dll

2008-04-04 15:29 . 2006-08-18 14:41 476,160 --------- C:\WINDOWS\system32\dllcache\wzcsvc.dll

2008-04-04 15:29 . 2006-08-18 14:41 384,000 --------- C:\WINDOWS\system32\dllcache\wzcdlg.dll

2008-04-04 15:29 . 2006-08-18 14:41 52,736 --------- C:\WINDOWS\system32\dllcache\wzcsapi.dll

2008-04-04 15:29 . 2006-08-18 11:36 14,592 --------- C:\WINDOWS\system32\dllcache\ndisuio.sys

2008-04-04 15:23 . 2005-05-05 02:03 461,672 --------- C:\WINDOWS\system32\dllcache\micross.ttf

2008-04-04 15:23 . 2005-05-05 02:03 383,804 --------- C:\WINDOWS\system32\dllcache\tahoma.ttf

2008-04-04 15:23 . 2005-05-05 02:03 355,680 --------- C:\WINDOWS\system32\dllcache\tahomabd.ttf

2008-04-04 15:23 . 2006-05-12 06:03 6,144 --------- C:\WINDOWS\system32\kbdpash.dll

2008-04-04 15:23 . 2006-05-12 06:03 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll

2008-04-04 15:23 . 2006-05-12 06:03 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll

2008-04-04 15:23 . 2006-05-12 06:03 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll

2008-04-04 14:55 . 2008-04-04 14:55 <DIR> d--h-c--- C:\WINDOWS\$SQLUninstallMSXML2SP6-KB887606-x86-ITA$

2008-04-04 14:41 . 2008-04-04 14:41 <DIR> d-------- C:\Programmi\HighMAT CD Writing Wizard

2008-04-04 14:39 . 2007-10-07 11:27 40,960 --a------ C:\WINDOWS\system32\SSUBTMR6.DLL

2008-04-04 14:06 . 2007-10-07 11:27 10,752 --a------ C:\WINDOWS\system32\aamd532.dll

2008-04-04 13:17 . 2008-04-04 21:25 0 --a------ C:\log.tmp

2008-04-03 22:58 . 2008-04-03 22:59 11,081 --a------ C:\WINDOWS\system32\RUNDLL32.EX_

2008-04-03 22:37 . 2008-04-03 22:37 113,054 --a------ C:\Documents and Settings\Kenzo\(null)4C8515AB.DLL

2008-04-03 19:55 . 2008-04-03 19:55 37,376 --a------ C:\WINDOWS\system32\efccsssk.dll.ren

2008-04-03 11:40 . 2008-04-04 17:04 <DIR> d-------- C:\Programmi\K-Lite Codec Pack

2008-04-03 10:31 . 2008-04-03 19:55 0 --a-s---- C:\WINDOWS\yeTyezzd.sys

2008-04-01 21:46 . 2008-04-02 12:25 <DIR> d-------- C:\Programmi\TextAloud

2008-04-01 21:41 . 2008-04-02 13:09 <DIR> d-------- C:\WINDOWS\Lhsp

2008-04-01 21:27 . 2008-04-01 21:27 <DIR> d-------- C:\WINDOWS\speech

2008-04-01 21:26 . 2008-04-01 21:26 <DIR> d-------- C:\parla

2008-03-30 18:17 . 2008-03-30 18:17 <DIR> d-------- C:\Documents and Settings\Kenzo\Dati applicazioni\Nero

2008-03-30 18:14 . 2008-04-06 12:37 <DIR> d-------- C:\Programmi\File comuni\Nero

2008-03-30 18:14 . 2008-03-30 18:14 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Nero

2008-03-18 12:24 . 2008-04-04 18:08 <DIR> d-------- C:\Programmi\Yahoo!

2008-03-18 12:24 . 2008-03-18 12:25 <DIR> d-------- C:\Programmi\CCleaner

2008-03-16 00:06 . 2008-03-16 00:06 <DIR> d-------- C:\VundoFix Backups

2008-03-15 18:12 . 2008-03-15 18:12 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Office Genuine Advantage

2008-03-14 12:24 . 2008-03-15 11:26 1,350,391 --ahs---- C:\WINDOWS\system32\kaqnsvju.ini

2008-03-13 12:02 . 2008-03-14 12:20 1,350,211 --ahs---- C:\WINDOWS\system32\ewajjohm.ini

2008-03-13 11:56 . 2008-03-13 11:56 1,343,135 --ahs---- C:\WINDOWS\system32\jfjeflnk.ini

2008-03-08 19:42 . 2008-03-08 19:47 <DIR> d-------- C:\densetsu

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-04 16:06 --------- d-----w C:\Programmi\PcBugDoctor

2008-04-04 16:04 --------- d-----w C:\Programmi\MagicDVDRipper

2008-04-04 16:03 --------- d-----w C:\Programmi\a-squared Anti-Malware

2008-04-04 13:52 --------- d-----w C:\Programmi\Microsoft CAPICOM 2.1.0.2

2008-04-03 20:37 113,054 ----a-w C:\Documents and Settings\Kenzo\(null)4C8515AB.DLL

2008-04-03 14:12 --------- d-----w C:\Programmi\DivX

2008-04-01 19:43 --------- d-----w C:\Programmi\AV Vcs 4.0 DIAMOND

2008-03-30 09:22 --------- d-----w C:\Programmi\Messenger Plus! Live

2008-03-18 10:40 --------- d-----w C:\Programmi\Google

2008-03-14 19:51 39,808 ----a-w C:\WINDOWS\system32\drivers\VIRAGTLT.SYS

2008-03-13 16:12 --------- d-----w C:\Programmi\RedEye

2008-03-09 17:26 --------- d-----w C:\Programmi\Java

2008-03-05 15:12 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Grisoft

2008-03-04 15:38 --------- d-----w C:\Programmi\IObit

2008-02-28 11:37 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Kodak

2008-02-28 11:34 --------- d-----w C:\Programmi\Kodak

2008-02-25 12:11 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\QuickTime

2008-02-24 16:24 --------- d-----w C:\Programmi\ManyCam 2.1

2008-02-24 12:06 --------- d-----w C:\Documents and Settings\Kenzo\Dati applicazioni\CamTrack

2008-02-22 17:34 --------- d-----w C:\Programmi\LiveKillCleanMessenger

2008-02-18 22:30 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\FREEDB

2008-02-18 20:37 --------- d-----w C:\Documents and Settings\Kenzo\Dati applicazioni\MSN6

2008-02-18 20:37 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\MSN6

2008-02-18 15:23 --------- d-----w C:\Documents and Settings\Kenzo\Dati applicazioni\Canon

2008-02-18 14:00 --------- d-----w C:\Programmi\Macrogaming

2008-02-18 14:00 --------- d-----w C:\Programmi\AVIConverter

2008-02-18 11:22 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP

2008-02-15 09:22 633,344 ------w C:\WINDOWS\system32\gpprefcl.dll

2008-02-14 12:37 --------- d-----w C:\Programmi\File comuni\PDFView

2008-02-14 12:37 --------- d-----w C:\Programmi\File comuni\NewSoft

2008-02-14 12:35 --------- d-----w C:\Documents and Settings\Kenzo\Dati applicazioni\ScanSoft

2008-02-14 12:35 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\InstallShield

2008-02-14 12:34 --------- d-----w C:\Programmi\File comuni\ScanSoft Shared

2008-02-14 12:34 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\ScanSoft

2008-02-14 12:17 --------- d-----w C:\Programmi\LocalCooling

2008-02-14 12:16 --------- d-----w C:\Documents and Settings\Kenzo\Dati applicazioni\NewSoft

2008-02-13 19:04 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help

2008-02-13 17:57 --------- d--h--w C:\Programmi\InstallShield Installation Information

2008-02-13 17:57 --------- d-----w C:\Programmi\NewSoft

2008-02-13 17:55 --------- d-----w C:\Programmi\ScanSoft

2008-02-13 17:53 --------- d-----w C:\Programmi\ArcSoft

2008-02-13 17:52 --------- d-----w C:\Programmi\File comuni\CANON

2008-02-13 17:52 --------- d-----w C:\Programmi\Canon

2008-02-13 17:50 --------- d--h--w C:\Programmi\CanonBJ

2008-02-12 15:53 --------- d-----w C:\Programmi\Extensis

2008-01-24 14:41 323,584 ----a-w C:\WINDOWS\system32\rdgzolrws.exe

2008-01-16 15:28 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-01-11 05:32 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

2008-01-10 11:16 159,839 ----a-w C:\WINDOWS\system32\xvidvfw.dll

2008-01-10 11:15 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll

.

((((((((((((((((((((((((((((( snapshot@2008-04-05_ 0.12.18.51 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-04-01 08:45:11 3,370 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{A9261F36-883A-483F-BF47-DC4C78A55D8F}.bin

- 2004-08-19 13:39:36 98,304 -c--a-w C:\WINDOWS\system32\cscript.exe

+ 2004-08-09 19:27:08 98,304 ----a-w C:\WINDOWS\system32\cscript.exe

- 2001-08-31 10:00:00 45,083 ----a-w C:\WINDOWS\system32\dispex.dll

+ 2004-08-09 19:27:00 28,672 ----a-w C:\WINDOWS\system32\dispex.dll

- 2004-08-19 13:39:36 98,304 ----a-w C:\WINDOWS\system32\dllcache\cscript.exe

+ 2004-08-09 19:27:08 98,304 ----a-w C:\WINDOWS\system32\dllcache\cscript.exe

- 2001-08-31 10:00:00 45,083 -c--a-w C:\WINDOWS\system32\dllcache\dispex.dll

+ 2004-08-09 19:27:00 28,672 ----a-w C:\WINDOWS\system32\dllcache\dispex.dll

- 2006-10-17 10:00:00 491,520 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll

+ 2004-08-09 19:27:02 466,944 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll

+ 2004-08-09 19:27:04 151,552 ----a-w C:\WINDOWS\system32\dllcache\scrobj.dll

+ 2004-08-09 19:27:04 151,552 ----a-w C:\WINDOWS\system32\dllcache\scrrun.dll

- 2006-11-07 19:03:36 413,696 -c----w C:\WINDOWS\system32\dllcache\vbscript.dll

+ 2004-08-09 19:27:06 438,272 ----a-w C:\WINDOWS\system32\dllcache\vbscript.dll

- 2004-08-19 13:39:48 114,688 ----a-w C:\WINDOWS\system32\dllcache\wscript.exe

+ 2004-08-09 19:27:16 114,688 ----a-w C:\WINDOWS\system32\dllcache\wscript.exe

+ 2004-08-09 19:27:06 28,672 ----a-w C:\WINDOWS\system32\dllcache\wshcon.dll

+ 2004-08-09 19:27:06 65,536 ----a-w C:\WINDOWS\system32\dllcache\wshext.dll

- 2007-09-07 10:05:19 62,016 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys

+ 2008-04-05 17:03:36 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys

- 2006-10-17 10:00:00 491,520 ----a-w C:\WINDOWS\system32\jscript.dll

+ 2004-08-09 19:27:02 466,944 ----a-w C:\WINDOWS\system32\jscript.dll

- 2004-08-19 13:39:26 159,744 ----a-w C:\WINDOWS\system32\scrobj.dll

+ 2004-08-09 19:27:04 151,552 ----a-w C:\WINDOWS\system32\scrobj.dll

- 2004-08-19 13:39:26 151,552 ----a-w C:\WINDOWS\system32\scrrun.dll

+ 2004-08-09 19:27:04 151,552 ----a-w C:\WINDOWS\system32\scrrun.dll

- 2006-11-07 19:03:36 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll

+ 2004-08-09 19:27:06 438,272 ----a-w C:\WINDOWS\system32\vbscript.dll

- 2004-08-19 13:39:48 114,688 -c--a-w C:\WINDOWS\system32\wscript.exe

+ 2004-08-09 19:27:16 114,688 ----a-w C:\WINDOWS\system32\wscript.exe

- 2004-08-19 13:39:34 28,672 ----a-w C:\WINDOWS\system32\wshcon.dll

+ 2004-08-09 19:27:06 28,672 ----a-w C:\WINDOWS\system32\wshcon.dll

- 2004-08-19 13:39:34 65,536 ----a-w C:\WINDOWS\system32\wshext.dll

+ 2004-08-09 19:27:06 65,536 ----a-w C:\WINDOWS\system32\wshext.dll

+ 2008-04-06 10:41:45 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_544.dat

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]

"Uniblue RegistryBooster 2"="C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-10-22 11:12 1885464]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35 202024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Collegamento alla pagina delle proprietà di High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 15:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]

"SoundMan"="SOUNDMAN.EXE" [2004-06-18 01:12 69632 C:\WINDOWS\SOUNDMAN.EXE]

"ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-01 21:05 339968]

"ATICCC"="C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" [2005-02-01 22:23 32768]

"PMCS"="C:\Programmi\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" [2004-11-08 14:01 57344]

"PMCRemote"="C:\Programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2004-09-23 17:56 73728]

"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"Windows Defender"="C:\Programmi\Windows Defender\MSASCui.exe" [2006-11-03 20:20 866584]

"NBKeyScan"="C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]

"SpywareTerminator"="C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2008-04-04 18:48 2957824]

"avgnt"="C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-05 19:03 249896]

"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2007-06-26 23:53 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ATICCC"="C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" [2005-02-01 22:23 32768]

"DWQueuedReporting"="C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 04:18 437160]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Yrs80.sys]

@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Hotkey TSR.lnk]

backup=C:\WINDOWS\pss\Hotkey TSR.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Kenzo^Menu Avvio^Programmi^Esecuzione automatica^CamTrack.lnk]

backup=C:\WINDOWS\pss\CamTrack.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2ca487d9]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2007-10-10 20:51 39792 C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

--a------ 2004-05-21 20:56 57344 C:\WINDOWS\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]

--a------ 2004-06-18 00:43 2550272 C:\WINDOWS\ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atwtusb]

--a------ 2005-09-21 18:08 290816 C:\WINDOWS\system32\ATWTUSB.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM2f97b445]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]

--a------ 2007-05-14 18:01 644696 C:\Programmi\Canon\SolutionMenu\CNSLMAIN.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2004-08-19 15:39 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

--a------ 2007-08-24 08:00 33648 C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam]

--a------ 2007-08-20 12:44 1515520 C:\Programmi\ManyCam 2.1\ManyCam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msgairlive]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]

--a------ 2007-02-04 13:02 79400 C:\Programmi\ScanSoft\OmniPageSE4\OpwareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pbshoeixg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-06-26 23:53 98304 C:\Programmi\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

--a------ 2006-10-25 10:03 210472 C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]

--a------ 2007-10-22 11:12 1885464 C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VIRIT LITE MONITOR]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\emule0.48a-Xtreme6.0\\emule.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Programmi\\SightSpeed\\SightSpeed.exe"=

R1 aiptektp;HyperPen;C:\WINDOWS\system32\DRIVERS\aiptektp.sys [2004-07-07 16:02]

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-04-04 18:48]

R3 3xHybrid;Pinnacle PCTV Stereo service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2004-09-03 11:14]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2007-03-22 14:17]

R3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

R3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

S2 BulkUsb;Genesys Logic USB Scanner Controller NT 5.0;C:\WINDOWS\system32\Drivers\usbscan.sys [2004-08-03 22:58]

*Newly Created Service* - NMINDEXINGSERVICE

.

Contenuto della cartella 'Scheduled Tasks'

"2008-04-06 11:02:04 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Programmi\Windows Defender\MpCmdRun.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-06 14:57:56

Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo

Files nascosti: 0

**************************************************************************

.

Ora fine scansione: 2008-04-06 14.58.52

ComboFix-quarantined-files.txt 2008-04-06 12:58:48

ComboFix2.txt 2008-04-04 22:12:40

ComboFix3.txt 2008-04-03 13:54:59

ComboFix4.txt 2008-04-03 08:56:24

ComboFix5.txt 2008-03-18 10:49:08

21 Directory 160,778,895,360 byte disponibili

24 Directory 160,767,320,064 byte disponibili

.

2008-02-08 18:22:22 --- E O F ---

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

ripeti il fix con Navilog ma questa volta scegli l'opzione 2

poi con OtMoveIt come spiegato qui,

http://www.steven.altervista.org/files/tools1.html#tools5

elimina;

C:\WINDOWS\system32\KGyGaAvL.sys

posta i due log e per finire fai uno scan online Kaspersky in questo modo

* Dai anche una ripulita a cookie,cache e prefetch con Ccleaner

(Quando lo installi ricordati che se lasci le spunte di defuat ,verrà installata anche la toolbar yahoo)

(prima di usarlo vai in Opzioni/avanzate e togli la spunta da :Elimina file temp di Windows solo se piu vecchi di 48 ore)

:)

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

OOOOOOOOK, grazie tante farò anche questo, cmq volevo dirti che il problema di rundll32.exe nn c'è più :)

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Allora, ho fatto entrambe le scansioni con navilog e otmoveit, ma il log nn sono riuscito a salvarlo x il primo, per il secondo non me l'ha dato... ora sta facendo la scansione con kaspersky :leggi:

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

EVITA il linguaggio sms

aspettiamo il log

:)

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

eccomi qua dopo 5 ore e passa di scansione con jaspersky posso postare il log

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

hum... :) . l'ho messo in allegato... si vede o devo fare il copia incolla??? vabè l faccio comunque.... il copia incolla...

KASPERSKY ONLINE SCANNER REPORT

EDIT__ se non riesci ad allegarlo, caricalo su questo server;

www.wikifortio.com

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Inviato (modificato)

Ciao a tutti,

anch'io sono nuovissima sia di questo che di qualsiasi altro forum...spero di scrivere nella sezione corretta.

Il mio problema è il medesimo riscontrato da "Kenzo82" che ha scritto:

EDIT__

EVITA di accodarti ad altri post ma aprine uno tutto tuo (grazie)

:)

hijackthis_07042008.txt

Modificato da Steve75

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

eccomi, ho provato ad andare sul server www.wikifortio.com ma mi dice impossiile visualizzare la pagina... c'è un'altro modo per allegare il file di kaspersky? anche perchè dopo che ho fatto tutte quelle scansioni il computer non mi riconosce più la stampante dicendo che il servizio di stampa non è in esecuzione, sono andato su pannello di controllo>strumenti di amministrazione>servizi>spooler di stampa" automatico, per vedere se era attivo, ma lo è.... ho provato a reinstallarlo ma non me lo consente....

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

fai cosi;

* Scarica ATF Cleaner

- Avvialo con un doppio click

- clicca sul menu main

- seleziona la casella Select All

- clicca sul pulsante Empty selected

- aspetta l'avviso Done Cleaning.

(se non vuoi eliminare le password togli la spunta)

(se usi opera o firefox,spunta anche le loro sezioni)

* disattiva il ripristino configurazione di sistema

ancvhe se già inattivi, con OtMoveIt come hai fatto con l'altro file, elimina;

C:\WINDOWS\system32\ntos.exe.ren

C:\WINDOWS\system32\efccsssk.dll.ren

fai uno scan con MBA e posta il suo log

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

alla fine, riattiva il ripristino e crea un punto pulito

:)

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

si rimuovili e dicci se hai ancora problemi

:)

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Grazie tante steve, il problema rundll.exe l'ho risolto, quello della stampante anche, nn mi trovava il file spolv e l'ho messo, ora va tutto alla grande :P sei un mito :) :up1:

grazie tante :P se avrò problemi in futuro farò qualche altro pot uhuhuh

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Crea un account o accedi per lasciare un commento

Devi essere un utente registrato per partecipare

Crea un account

Iscriviti per un nuovo account nella nostra community. È facile!


Registra un nuovo account

Accedi

Sei già registrato? Accedi qui.


Accedi Ora
Accedi per seguire   
Seguaci 0