AnnaLucia

Per Favore Mi Controllate Il Log Di Hijackthis?

9 messaggi in questa discussione

Da quache giorno mi si aprono le pagine di internet da sole....in particolare se ne apre una in cui c'è scritto che il mio pc ha dei problemi e che per risolverli devo cliccare su quella pagina. Cosa può essere successo? E' inutile dire che ho fatto già varie scansioni del pc con programmi antimalware e altro...vi posto il log, se qualcuno gli può dare un'occhiata e dirmi cosa eliminare gliene sarei grata!

Logfile of HijackThis v1.99.1

Scan saved at 12.14.20, on 07/05/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\DOCUME~1\user\IMPOST~1\Temp\Rar$EX00.860\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.it/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [indexSearch] C:\Programmi\ScanSoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [setDefPrt] C:\Programmi\Brother\Brmfl05a\BrStDvPt.exe

O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programmi\Brother\ControlCenter2\brctrcen.exe /autorun

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [nbmfrj] c:\documents and settings\user\impostazioni locali\dati applicazioni\nbmfrj.exe nbmfrj

O4 - Global Startup: Controllo dello stato.lnk = C:\Programmi\Brother\Brmfcmon\BrMfcWnd.exe

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao AnnaLucia

Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

http://subs.geekstogo.com/ComboFix.exe

Salvalo sul desktop.

(se il file salvato dal primo link non dovesse funzionare, scaricalo dal secondo link)

1. Doppio click su combofix.exe, comparirà la seguente videata:

http://img293.imageshack.us/img293/8500/combofix01fn6zj1.jpg

2. Digita 1, premi Invio e segui le indicazioni.

3. Al termine, verrà creato un file log chiamato C:\ComboFix.txt.

4. Posta il log creato

Nota: Durante l'operazione di scansione è importante non usare il PC e attendere pazientemente la fine delle operazioni.

Nota: ComboFix non funziona in modalità provvisoria.

Scarica ed esegui Lop S&D.exe per lanciare l'installazione

http://eric.71.mespages.googlepages.com/LopSD.exe

- Adesso doppio click su Lop S&D presente sul tuo desktop

- Scegli la lingua e seleziona 1 (ricerca)

- Attendere......

- Alla fine posta il log (C:\lopR.txt)

allega un nuovo log di HIjackthis, eseguito con l'ultima versione 2.02

http://www.trendsecure.com/portal/en-US/_d.../HiJackThis.zip

:P:)

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

mi permetto di aggiungere di salvare l'exe di HJT in una cartella dedicata, non temp e simili, altrimenti non potrà fare il backup delle chiavi fixed e, una volta "disinfettato" il sistema di aggiornarlo a SP3... :)

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Inviato (modificato)

Innanzitutto grazie ad entrabi per i preziosi consigli. In particolare ad Angelique per la risposta esauriente e veloce e a dinop per l'importate precisazione! :)

Bene, ho fatto tutto come mi avete detto e ora posto i log.....spero di aver risolto! Ma cos'ho? Sono grave? :P:P

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14.19.36, on 08/05/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Safe mode

-----------------------[ Lop S&D 4.2.0-7 XP/Vista ]---------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]

[ USER : user ] [ "C:\Lop SD" ] [ Selection : 1 ]

[ 08/05/2008 | 14.13.37,02 ] [ PC : NETGEAR ]

[ MAJ : 06-05-2008 | 21:45 ]

-------------[ Listing folders in Application Data ]------------

[25/07/2007|21.27] C:\DOCUME~1\ADMINI~1\DATIAP~1\desktop.ini

[10/05/2007|01.06] C:\DOCUME~1\ADMINI~1\DATIAP~1\Microsoft

[07/05/2008|12.04] C:\DOCUME~1\ADMINI~1\DATIAP~1\WinRAR

[1|File] C:\DOCUME~1\ADMINI~1\DATIAP~1\byte

[4|Directory] C:\DOCUME~1\ADMINI~1\DATIAP~1\byte disponibili

[16/07/2007|10.31] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Adobe

[30/08/2007|12.04] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Ahead

[07/06/2007|09.42] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Brother

[25/07/2007|21.27] C:\DOCUME~1\ALLUSE~1\DATIAP~1\desktop.ini

[08/04/2008|13.22] C:\DOCUME~1\ALLUSE~1\DATIAP~1\DVD Shrink

[20/11/2007|18.42] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Google

[07/06/2007|09.43] C:\DOCUME~1\ALLUSE~1\DATIAP~1\InstallShield

[18/04/2008|15.30] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Microsoft

[05/05/2008|09.52] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Microsoft Help

[20/11/2007|18.13] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Mozilla

[07/06/2007|09.42] C:\DOCUME~1\ALLUSE~1\DATIAP~1\ScanSoft

[26/06/2007|20.55] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Windows Genuine Advantage

[18/04/2008|15.04] C:\DOCUME~1\ALLUSE~1\DATIAP~1\WLInstaller

[21/04/2008|12.17] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Zylom

[1|File] C:\DOCUME~1\ALLUSE~1\DATIAP~1\byte

[15|Directory] C:\DOCUME~1\ALLUSE~1\DATIAP~1\byte disponibili

[25/07/2007|21.27] C:\DOCUME~1\DEFAUL~1\DATIAP~1\desktop.ini

[10/05/2007|01.06] C:\DOCUME~1\DEFAUL~1\DATIAP~1\Microsoft

[1|File] C:\DOCUME~1\DEFAUL~1\DATIAP~1\byte

[3|Directory] C:\DOCUME~1\DEFAUL~1\DATIAP~1\byte disponibili

[10/05/2007|01.06] C:\DOCUME~1\LOCALS~1\DATIAP~1\Microsoft

[0|File] C:\DOCUME~1\LOCALS~1\DATIAP~1\byte

[3|Directory] C:\DOCUME~1\LOCALS~1\DATIAP~1\byte disponibili

[25/07/2007|19.52] C:\DOCUME~1\NETWOR~1\DATIAP~1\Microsoft

[0|File] C:\DOCUME~1\NETWOR~1\DATIAP~1\byte

[3|Directory] C:\DOCUME~1\NETWOR~1\DATIAP~1\byte disponibili

[11/12/2007|20.49] C:\DOCUME~1\user\DATIAP~1\Adobe

[30/08/2007|12.04] C:\DOCUME~1\user\DATIAP~1\Ahead

[17/06/2007|16.16] C:\DOCUME~1\user\DATIAP~1\Brother

[10/05/2007|02.59] C:\DOCUME~1\user\DATIAP~1\desktop.ini

[20/11/2007|20.55] C:\DOCUME~1\user\DATIAP~1\DivX

[23/02/2008|13.56] C:\DOCUME~1\user\DATIAP~1\dvdcss

[11/12/2007|23.13] C:\DOCUME~1\user\DATIAP~1\Google

[09/05/2007|19.12] C:\DOCUME~1\user\DATIAP~1\Identities

[21/11/2007|20.56] C:\DOCUME~1\user\DATIAP~1\InstallShield

[20/06/2007|14.52] C:\DOCUME~1\user\DATIAP~1\Macromedia

[19/06/2007|12.57] C:\DOCUME~1\user\DATIAP~1\MicroHard

[05/05/2008|09.45] C:\DOCUME~1\user\DATIAP~1\Microsoft

[20/11/2007|18.14] C:\DOCUME~1\user\DATIAP~1\Mozilla

[17/04/2008|20.37] C:\DOCUME~1\user\DATIAP~1\Real

[05/05/2008|12.21] C:\DOCUME~1\user\DATIAP~1\Rinera Networks

[25/07/2007|19.51] C:\DOCUME~1\user\DATIAP~1\Sun

[20/11/2007|18.14] C:\DOCUME~1\user\DATIAP~1\Talkback

[08/05/2008|14.13] C:\DOCUME~1\user\DATIAP~1\uTorrent

[11/06/2007|10.22] C:\DOCUME~1\user\DATIAP~1\vlc

[20/11/2007|18.27] C:\DOCUME~1\user\DATIAP~1\WinRAR

[20/11/2007|18.57] C:\DOCUME~1\user\DATIAP~1\wsInspector

[1|File] C:\DOCUME~1\user\DATIAP~1\byte

[22|Directory] C:\DOCUME~1\user\DATIAP~1\byte disponibili

----------------[ Scheduled Tasks located in C:\WINDOWS\Tasks ]---------------

[08/05/2008 08.54][--ah-----] C:\WINDOWS\tasks\SA.DAT

[02/03/2006 14.00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

[02/03/2006 14.00][--ahs----] C:\WINDOWS\tasks\FOLDER.TSX

---------------[ Listing Folders in C:\Programmi ]--------------

[09/05/2007|19.31] C:\Programmi\7-Zip

[16/07/2007|10.31] C:\Programmi\Adobe

[07/06/2007|10.04] C:\Programmi\Brother

[09/05/2007|19.16] C:\Programmi\C-Media 3D Audio

[07/06/2007|10.04] C:\Programmi\Common Files

[10/05/2007|01.04] C:\Programmi\ComPlus Applications

[21/11/2007|20.57] C:\Programmi\CONITECH

[29/04/2008|09.31] C:\Programmi\DivX

[07/07/2007|23.44] C:\Programmi\DVD Shrink

[07/07/2007|23.45] C:\Programmi\DVDFab HD Decrypter 3

[29/04/2008|10.12] C:\Programmi\eMule

[17/04/2008|15.00] C:\Programmi\ESET

[18/04/2008|14.39] C:\Programmi\File comuni

[11/12/2007|23.12] C:\Programmi\Google

[09/05/2007|19.38] C:\Programmi\InfraRecorder

[07/05/2008|14.06] C:\Programmi\InstallShield Installation Information

[09/05/2007|19.15] C:\Programmi\Intel

[18/04/2008|09.22] C:\Programmi\Internet Explorer

[26/04/2008|17.29] C:\Programmi\Java

[01/07/2007|11.20] C:\Programmi\Messenger

[17/04/2008|15.07] C:\Programmi\MessengerPlus! 3

[20/08/2007|22.45] C:\Programmi\MicroHard

[10/05/2007|01.07] C:\Programmi\microsoft frontpage

[09/05/2007|19.46] C:\Programmi\Microsoft Office

[09/05/2007|19.46] C:\Programmi\Microsoft Visual Studio

[09/05/2007|19.46] C:\Programmi\Microsoft Works

[21/12/2007|11.45] C:\Programmi\Monte Cristo

[10/05/2007|01.05] C:\Programmi\Movie Maker

[08/05/2008|13.59] C:\Programmi\Mozilla Firefox

[10/05/2007|01.04] C:\Programmi\MSN Gaming Zone

[16/06/2007|12.18] C:\Programmi\Nero

[10/05/2007|01.05] C:\Programmi\NetMeeting

[31/07/2007|13.01] C:\Programmi\Outlook Express

[21/04/2008|18.01] C:\Programmi\QuickTime

[25/07/2007|19.06] C:\Programmi\Registry Mechanic

[07/06/2007|09.42] C:\Programmi\ScanSoft

[10/05/2007|01.05] C:\Programmi\Servizi in linea

[07/05/2008|14.14] C:\Programmi\Startup Inspector for Windows

[16/04/2008|12.35] C:\Programmi\Telecom Italia

[09/05/2007|19.12] C:\Programmi\Uninstall Information

[29/04/2008|10.04] C:\Programmi\uTorrent

[09/05/2007|19.30] C:\Programmi\VideoLAN

[18/04/2008|15.29] C:\Programmi\Windows Live

[31/07/2007|13.01] C:\Programmi\Windows Media Player

[10/05/2007|01.03] C:\Programmi\Windows NT

[10/05/2007|01.06] C:\Programmi\WindowsUpdate

[20/11/2007|18.27] C:\Programmi\WinRAR

[10/05/2007|01.07] C:\Programmi\xerox

[0|File] C:\Programmi\byte

[50|Directory] C:\Programmi\byte disponibili

------[ Listing Folders in C:\Programmi\File comuni ]------

[09/05/2007|19.26] C:\Programmi\File comuni\Adobe

[16/06/2007|12.19] C:\Programmi\File comuni\Ahead

[28/11/2007|21.02] C:\Programmi\File comuni\Borland Shared

[09/05/2007|19.46] C:\Programmi\File comuni\DESIGNER

[07/06/2007|10.04] C:\Programmi\File comuni\InstallShield

[20/11/2007|18.58] C:\Programmi\File comuni\Java

[18/04/2008|15.30] C:\Programmi\File comuni\Microsoft Shared

[10/05/2007|01.05] C:\Programmi\File comuni\MSSoap

[10/05/2007|02.59] C:\Programmi\File comuni\ODBC

[17/04/2008|20.10] C:\Programmi\File comuni\Real

[07/06/2007|09.42] C:\Programmi\File comuni\ScanSoft Shared

[10/05/2007|01.05] C:\Programmi\File comuni\Services

[10/05/2007|02.59] C:\Programmi\File comuni\SpeechEngines

[31/07/2007|13.01] C:\Programmi\File comuni\System

[18/04/2008|15.29] C:\Programmi\File comuni\WindowsLiveInstaller

[17/04/2008|20.10] C:\Programmi\File comuni\xing shared

[0|File] C:\Programmi\File comuni\byte

[18|Directory] C:\Programmi\File comuni\byte disponibili

---------------------------[ Process ]--------------------------

... 38

MsgPlus.exe ~ [2316]

----------------------[ Searching with S_Lop ]---------------------

No Lop folder found !

-----------------[ Searching for Lop Files - Folders ]-----------------

No Lop folder found !

----------------------[ Searching within the Registry ]----------------------

..... OK !

--------------------[ Checking the Hosts file ]---------------------

Hosts file CLEAN

----------------[ Searching for hidden files with Catchme ]-----------------

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-08 14:14:28

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

--------------------[ Searching for other infections ]---------------------

No other infections found !

/!\ [Fich:694][Doss:0] C:\DOCUME~1\user\Cookies

/!\ [Fich:2][Doss:0] C:\DOCUME~1\user\IMPOST~1\TEMPOR~1\content.IE5

--------------------[ Scan completed at 14.14.52,97 ]----------------------

ComboFix 08-05-07.1 - user 2008-05-08 13.44.42.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.603 [GMT 2:00]

Eseguito da: C:\Documents and Settings\user\Desktop\ComboFix.exe

* Creato nuovo punto di ripristino

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\DOCUME~1\user\IMPOST~1\Temp\1.html

C:\Documents and Settings\All Users\Desktop\webmediaplayer.lnk

C:\Documents and Settings\All Users\Menu Avvio\Programmi\WebMediaPlayer

C:\Documents and Settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Condizioni generali.url

C:\Documents and Settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Disinstalla.lnk

C:\Documents and Settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Riservatezza.url

C:\Documents and Settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\WebMediaPlayer.lnk

C:\Documents and Settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Website.url

C:\Programmi\webmediaplayer

C:\Programmi\webmediaplayer\resources\languages_v2.xml

C:\Programmi\webmediaplayer\resources\webmedias

C:\Programmi\webmediaplayer\skins\classic.skn

C:\Programmi\webmediaplayer\sqlite3.dll

C:\Programmi\webmediaplayer\uninst.exe

C:\Programmi\webmediaplayer\WebMediaPlayer.exe

C:\WINDOWS\Downloaded Program Files\setup.inf

C:\WINDOWS\system32\nvs2.inf

.

((((((((((((((((((((((((( Files Creati Da 2008-04-08 al 2008-05-08 )))))))))))))))))))))))))))))))))))

.

2008-05-08 13:44 . 2008-05-08 13:44 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG

2008-05-07 12:54 . 2008-05-07 14:16 <DIR> d-------- C:\Documents and Settings\user\.housecall6.6

2008-05-05 12:21 . 2008-05-05 12:21 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\Rinera Networks

2008-04-28 20:13 . 2008-04-29 10:04 <DIR> d-------- C:\Programmi\uTorrent

2008-04-28 20:13 . 2008-05-08 13:44 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\uTorrent

2008-04-26 18:59 . 2008-04-26 19:47 <DIR> d-------- C:\AVOneExport

2008-04-26 18:58 . 2008-04-30 18:49 79 --a------ C:\WINDOWS\buyurl0501.dat

2008-04-21 18:01 . 2008-04-21 18:01 <DIR> d-------- C:\Programmi\QuickTime

2008-04-21 16:29 . 2008-04-21 16:29 158,456 --------- C:\WINDOWS\system32\pxwma.dll

2008-04-21 12:17 . 2008-04-21 12:17 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Zylom

2008-04-19 09:28 . 2008-05-07 23:02 77 --a------ C:\WINDOWS\cdplayer.ini

2008-04-19 09:19 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-04-18 15:30 . 2008-04-18 15:31 <DIR> d-------- C:\Documents and Settings\user\Contacts

2008-04-18 15:29 . 2008-04-18 15:29 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-04-18 14:39 . 2008-04-18 15:29 <DIR> d-------- C:\Programmi\Windows Live

2008-04-18 14:39 . 2008-04-18 15:29 <DIR> d--hsc--- C:\Programmi\File comuni\WindowsLiveInstaller

2008-04-18 14:39 . 2008-04-18 15:04 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller

2008-04-17 20:10 . 2008-04-17 20:10 <DIR> d-------- C:\Programmi\File comuni\xing shared

2008-04-17 20:10 . 2008-04-17 20:10 <DIR> d-------- C:\Programmi\File comuni\Real

2008-04-17 20:10 . 2008-04-17 20:10 <DIR> d-------- C:\Program Files

2008-04-17 20:10 . 2008-04-17 20:10 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll

2008-04-17 20:10 . 2008-04-17 20:10 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll

2008-04-17 17:41 . 2008-04-29 10:12 <DIR> d-------- C:\Programmi\eMule

2008-04-17 15:06 . 2008-04-17 15:07 <DIR> d-------- C:\Programmi\MessengerPlus! 3

2008-04-16 12:40 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys

2008-04-16 12:40 . 2004-08-03 22:31 20,992 --a--c--- C:\WINDOWS\system32\dllcache\rtl8139.sys

2008-04-16 12:35 . 2008-04-16 12:35 <DIR> d-------- C:\Programmi\Telecom Italia

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-07 12:14 --------- d-----w C:\Programmi\Startup Inspector for Windows

2008-05-07 12:06 --------- d--h--w C:\Programmi\InstallShield Installation Information

2008-05-05 07:52 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help

2008-04-29 07:31 --------- d-----w C:\Programmi\DivX

2008-04-26 15:29 --------- d-----w C:\Programmi\Java

2008-04-17 13:00 --------- d-----w C:\Programmi\ESET

2008-04-08 11:22 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\DVD Shrink

2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll

2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll

2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll

2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll

2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll

2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll

2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll

2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll

2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-17 17:23 39,808 ----a-w C:\WINDOWS\system32\drivers\VIRAGTLT.SYS

2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-02-23 11:54 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-03-20 13:09 86,070 ----a-w C:\Programmi\mozilla firefox\plugins\pthreadVC2.dll

2008-03-20 13:09 1,516,280 ----a-w C:\Programmi\mozilla firefox\plugins\RineraProxy.dll

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 11:28 139264]

"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-21 11:34 68856]

"MessengerPlus3"="C:\Programmi\MessengerPlus! 3\MsgPlus.exe" [2008-04-17 15:06 190024]

"msnmsgr"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Cmaudio"="cmicnfg.cpl" []

"SSBkgdUpdate"="C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]

"PaperPort PTD"="C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-11 01:01 57393]

"IndexSearch"="C:\Programmi\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-11 01:28 40960]

"SetDefPrt"="C:\Programmi\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 18:02 49152]

"ControlCenter2.0"="C:\Programmi\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 17:42 933888]

"NeroFilterCheck"="C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]

"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2007-07-01 10:14 921600]

"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 04:35 94208]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 04:32 77824]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 04:36 114688]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2006-03-02 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]

"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"MessengerPlus3"="C:\Programmi\MessengerPlus! 3\MsgPlus.exe" [2008-04-17 15:06 190024]

"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2008-04-17 20:10 185896]

"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2008-04-21 18:01 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

"DWQueuedReporting"="C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 09:01 437160]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\

Controllo dello stato.lnk - C:\Programmi\Brother\Brmfcmon\BrMfcWnd.exe [2007-06-07 10:04:32 802816]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Programmi\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=

"C:\\Programmi\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programmi\\Messenger\\msmsgs.exe"=

"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"C:\\Programmi\\uTorrent\\uTorrent.exe"=

"C:\\Programmi\\Mozilla Firefox\\firefox.exe"=

R2 ZDCNDIS5;ZDCNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\ZDCNDIS5.sys [2007-04-19 11:16]

R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 12:50]

S3 XG762_XP;CONITECH 802.11g XG762N Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2007-04-19 11:16]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6da02af-b639-11dc-a0e5-00138ff04cf7}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

\Shell\Open(&0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6da02b0-b639-11dc-a0e5-00138ff04cf7}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

\Shell\Open(&0)\command - Recycled\ctfmon.exe

*Newly Created Service* - CATCHME

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-08 13:48:15

Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo

Files nascosti: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe

-> C:\Programmi\Eset\pr_imon.dll

.

Ora fine scansione: 2008-05-08 13.48.59

ComboFix-quarantined-files.txt 2008-05-08 11:48:52

11 Directory 55,863,447,552 byte disponibili

14 Directory 57,558,962,176 byte disponibili

170 --- E O F --- 2008-04-19 11:39:32

Modificato da angelique

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao,

intanto che controllo i log...dovresti rifare la scansione con hijackthis, perchè va eseguita in modalità provvisoria

:)

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

L'ho già fatta in modalità provvisoria, guarsa bene insieme alle altre che t'ho loggato.

Grazie ancora!

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Scusa, pensavo una cosa e ne ho scritto un'altra... :)

il log di hijackthis lo devi allegare eseguito in modalità normale

:P:P

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Non preoccuparti, non ci sono problemi!

Questo è il log in modalità normale:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19.27.10, on 11/05/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe

C:\Programmi\Eset\nod32kui.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe

C:\Programmi\MessengerPlus! 3\MsgPlus.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe

C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Programmi\Brother\Brmfcmon\BrMfcWnd.exe

C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe

C:\Programmi\Windows Live\Messenger\msnmsgr.exe

C:\Programmi\Eset\nod32krn.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmi\Windows Live\Messenger\usnsvc.exe

C:\Programmi\internet explorer\iexplore.exe

C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Programmi\File comuni\Real\Update_OB\RealOneMessageCenter.exe

C:\Programmi\File comuni\Real\Update_OB\realsched.exe

C:\Programmi\Mozilla Firefox\firefox.exe

C:\Programmi\WinRAR\WinRAR.exe

C:\DOCUME~1\user\IMPOST~1\Temp\Rar$EX00.328\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.it/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [indexSearch] C:\Programmi\ScanSoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [setDefPrt] C:\Programmi\Brother\Brmfl05a\BrStDvPt.exe

O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programmi\Brother\ControlCenter2\brctrcen.exe /autorun

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Controllo dello stato.lnk = C:\Programmi\Brother\Brmfcmon\BrMfcWnd.exe

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{C3219B8D-09D0-4BB2-86F7-2416CE69258B}: NameServer = 193.70.152.15 193.70.152.25

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe

--

End of file - 7861 bytes

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Il log di Hijackthis è pulito... riscontri ancora problemi??

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Crea un account o accedi per lasciare un commento

Devi essere un utente registrato per partecipare

Crea un account

Iscriviti per un nuovo account nella nostra community. È facile!


Registra un nuovo account

Accedi

Sei già registrato? Accedi qui.


Accedi Ora