Utility
Home Messaggi odierni FAQ Ricerca avanzata Lo staff del forum Regolamento Utenti Archivio
Pagina 1 di 2 1 2 ultimoultimo
Visualizzazione dei risultati da 1 a 10 su 15
  1. 20-11-2007, 20:20 #1
    moonba
    moonba non è in linea
    Utente di HTML.it L'avatar di moonba
    Registrato dal
    Jun 2007
    Messaggi
    649

    Win32/Adware.Virtumonde.FP

    il nod ha trovato questo virus,non sono molto esperta in ogni caso,oltre a questo ne ha trovato uno che si chiama ezula.sono circa cinque giorni che faccio scansioni di tutto il pc anche se li trova e li cancella poi ricompaiono.mi sta venendo l'esaurimento perchè proprio non trovo il modo di abbatterli definitivamente,per di + penso che il pc inizia ad avere qualche brutto sintomo,tipo che dal nulla il desktop si svuota totalmente e praticamente scompare tutto.ecco ciò mi fa un pò temere.non so come ci si comporta in questi casi,cmq inserisco il rapportino di hijackthis.log:

    Logfile of HijackThis v1.99.1
    Scan saved at 19.17.48, on 20/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    C:\Programmi\Eset\nod32kui.exe
    C:\WINDOWS\system32\atwtusb.exe
    C:\Programmi\iTunes\iTunesHelper.exe
    C:\Programmi\BillP Studios\WinPatrol\winpatrol.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\MSN Messenger\msnmsgr.exe
    C:\Programmi\Skype\Phone\Skype.exe
    C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Programmi\Nikon\NkView6\NkvMon.exe
    C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Programmi\Eset\nod32krn.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Programmi\iPod\bin\iPodService.exe
    C:\Programmi\Skype\Plugin Manager\skypePM.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Programmi\MSN Messenger\usnsvc.exe
    C:\Programmi\Eset\nod32.exe
    C:\Programmi\Internet Explorer\IEXPLORE.EXE
    C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\Elisa\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {772DC884-9F13-4DCD-A3C5-2B13F1C2A460} - C:\WINDOWS\system32\pmkhi.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Programmi\Hewlett-Packard\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Programmi\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
    O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
    O4 - HKLM\..\Run: [LocalCooling] "C:\Programmi\LocalCooling\localcooling.exe" -s
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [WinPatrol] C:\Programmi\BillP Studios\WinPatrol\winpatrol.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Global Startup: NkvMon.exe.lnk = C:\Programmi\Nikon\NkView6\NkvMon.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: opnopqr - opnopqr.dll (file missing)
    O20 - Winlogon Notify: winbfi32 - C:\WINDOWS\
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Programmi\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
    O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe

    ringrazio per l'attenzione.
    ciao a tutti
    Rispondi quotando Rispondi quotando
  2. 20-11-2007, 20:27 #2
    OYS
    OYS non è in linea
    Utente di HTML.it L'avatar di OYS
    Registrato dal
    Apr 2006
    Messaggi
    3,142
    1) Fixa questi:


    O2 - BHO: (no name) - {772DC884-9F13-4DCD-A3C5-2B13F1C2A460} - C:\WINDOWS\system32\pmkhi.dll

    O20 - Winlogon Notify: opnopqr - opnopqr.dll (file missing)

    O20 - Winlogon Notify: winbfi32 - C:\WINDOWS\



    2) scarica questi tre programmi e fagli fare una scansione:


    http://www.softpedia.com/get/Antivirus/VundoFix.shtml
    http://securityresponse.symantec.com...r/FixVundo.exe
    http://securityresponse.symantec.com...r/FxVMonde.exe
    Internet Assigned Numbers Authority
    Rispondi quotando Rispondi quotando
  3. 20-11-2007, 21:08 #3
    moonba
    moonba non è in linea
    Utente di HTML.it L'avatar di moonba
    Registrato dal
    Jun 2007
    Messaggi
    649

    grazie

    scusa ma di sicurezza proprio non ne so nulla cosa significa fixa-fixare?
    Rispondi quotando Rispondi quotando
  4. 20-11-2007, 21:37 #4
    OYS
    OYS non è in linea
    Utente di HTML.it L'avatar di OYS
    Registrato dal
    Apr 2006
    Messaggi
    3,142
    Significa che fai una scansione con hijackthis, e al termine selezioni le voci che ti ho detto, e clicchi su fix checked in basso a sinistra.
    Internet Assigned Numbers Authority
    Rispondi quotando Rispondi quotando
  5. 20-11-2007, 22:57 #5
    bdori@no
    bdori@no non è in linea
    Utente di HTML.it L'avatar di bdori@no
    Registrato dal
    Sep 2007
    Messaggi
    51
    Se non ricordo male, quando c'è di mezzo VirtuMonde hijackthis non può fare molto.

    =============== passo 1 ===============
    Scarica VundoFix.exe sul desktop

    - Esegui VundoFix.exe
    - Clicca Scan for Vundo.
    - al termine della scansione, clicca Remove Vundo.
    - ti chiede se vuoi eliminare i files infetti, clicca YES
    - il tuo video diventerà nero durante la rimozione di Vundo.
    - al termine ti chiederà di riavviare il pc, clicca OK.
    - Copia qui il contenuto del log C:\vundofix.txt e un nuovo log di hijackthis.

    Nota: VundoFix potrebbe non riuscire ad eliminare qualche file. In questo caso, VundoFix si avvierà automaticamente al riavvio del pc, ripeti le operazioni indicate sopra partendo da "Clicca Scan for Vundo" quando VundoFix apparirà al riavvio.

    =============== passo 2 ===============
    Scarica VirtumundoBeGone e salvalo sul desktop.
    Avvia il pc in modalità provvisoria.
    Esegui VirtumundoBeGone

    =============== passo 3 ===============
    Scaricati Combofix da qui o da qui.
    Salvalo sul desktop.

    1. Doppio click su combofix.exe, comparirà la seguente videata:

    2. Digita 1, premi Invio e segui le indicazioni.
    3. Al termine, verrà creato un file log chiamato C:\ComboFix.txt.
    4. Posta il log creato insieme a un log aggiornato di hijackthis.

    Nota: Durante l'operazione di scansione è importante non usare il PC e attendere pazientemente la fine delle operazioni.

    Nota: ComboFix non funziona in modalità provvisoria.
    "Domandare è lecito, rispondere è cortesia"

    HJT GMER Avenger
    Rispondi quotando Rispondi quotando
  6. 21-11-2007, 15:31 #6
    moonba
    moonba non è in linea
    Utente di HTML.it L'avatar di moonba
    Registrato dal
    Jun 2007
    Messaggi
    649

    passo 1

    ciao per ora sono al passo 1,vundofix non ha trovato nessun file,il log è questo:
    VundoFix V6.6.2

    Checking Java version...

    Sun Java not detected
    Scan started at 20.15.25 20/11/2007

    Listing files found while scanning....

    C:\windows\system32\ihkmp.ini
    C:\windows\system32\ihkmp.ini2
    C:\windows\system32\pmkhi.dll

    Beginning removal...

    Attempting to delete C:\windows\system32\ihkmp.ini
    C:\windows\system32\ihkmp.ini Has been deleted!

    Attempting to delete C:\windows\system32\ihkmp.ini2
    C:\windows\system32\ihkmp.ini2 Has been deleted!

    Attempting to delete C:\windows\system32\pmkhi.dll
    C:\windows\system32\pmkhi.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.6.2

    Checking Java version...

    Sun Java not detected
    Scan started at 20.25.35 20/11/2007

    Listing files found while scanning....

    No infected files were found.


    Beginning removal...

    VundoFix V6.6.2

    Checking Java version...

    Sun Java not detected
    Scan started at 21.18.35 20/11/2007

    Listing files found while scanning....

    No infected files were found.


    VundoFix V6.6.2

    Checking Java version...

    Sun Java not detected
    Scan started at 14.08.46 21/11/2007

    Listing files found while scanning....

    No infected files were found.


    VundoFix V6.6.2

    Checking Java version...

    Sun Java not detected
    Scan started at 14.19.56 21/11/2007

    Listing files found while scanning....

    No infected files were found.

    il log di hijackthis è invece il codesto:

    Logfile of HijackThis v1.99.1
    Scan saved at 14.28.08, on 21/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    C:\Programmi\Eset\nod32kui.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\atwtusb.exe
    C:\Programmi\iTunes\iTunesHelper.exe
    C:\Programmi\BillP Studios\WinPatrol\winpatrol.exe
    C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\Skype\Phone\Skype.exe
    C:\Programmi\Nikon\NkView6\NkvMon.exe
    C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Programmi\Eset\nod32krn.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Programmi\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\Skype\Plugin Manager\skypePM.exe
    C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Programmi\MSN Messenger\usnsvc.exe
    C:\Programmi\Internet Explorer\iexplore.exe
    C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\Elisa\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Programmi\Hewlett-Packard\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Programmi\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
    O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
    O4 - HKLM\..\Run: [LocalCooling] "C:\Programmi\LocalCooling\localcooling.exe" -s
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [WinPatrol] C:\Programmi\BillP Studios\WinPatrol\winpatrol.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Global Startup: NkvMon.exe.lnk = C:\Programmi\Nikon\NkView6\NkvMon.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Programmi\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
    O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe
    Rispondi quotando Rispondi quotando
  7. 21-11-2007, 16:19 #7
    OYS
    OYS non è in linea
    Utente di HTML.it L'avatar di OYS
    Registrato dal
    Apr 2006
    Messaggi
    3,142

    Re: passo 1

    Originariamente inviato da moonba
    vundofix non ha trovato nessun file,il log è questo:
    Come non ha trovato nessun file? Ne ha trovati tre e li ha eliminati:


    C:\windows\system32\ihkmp.ini
    C:\windows\system32\ihkmp.ini2
    C:\windows\system32\pmkhi.dll
    Internet Assigned Numbers Authority
    Rispondi quotando Rispondi quotando
  8. 21-11-2007, 16:52 #8
    moonba
    moonba non è in linea
    Utente di HTML.it L'avatar di moonba
    Registrato dal
    Jun 2007
    Messaggi
    649

    passo 1

    si ieri sera gli ho fatto fare una prima scansione..ne ha triovati tre e li ha eliminati.
    verso le due di oggi gli ho rifatto fare un'altra scansione e ne ha trovati zero,forse il rapportino che ho incollato si riferisce alla scansione di ieri sera.cmq ora passo allo step 2 se mi riesce....
    Rispondi quotando Rispondi quotando
  9. 21-11-2007, 23:20 #9
    moonba
    moonba non è in linea
    Utente di HTML.it L'avatar di moonba
    Registrato dal
    Jun 2007
    Messaggi
    649

    passo 3

    ho eclissato il passo 2:
    ComboFix 07-11-19.3 - Elisa 2007-11-21 20.11.13.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.529 [GMT 1:00]
    Eseguito da: C:\Documents and Settings\Elisa\Desktop\ComboFix.exe
    * Creato nuovo punto di ripristino
    .

    ((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
    .

    C:\Documents and Settings\Elisa\Dati applicazioni\install_it[1].exe
    C:\WINDOWS\cookies.ini
    E:\Autorun.inf

    .
    ((((((((((((((((((((((((( Files Creati Da 2007-10-21 al 2007-11-21 )))))))))))))))))))))))))))))))))))
    .

    2007-11-20 20:15 <DIR> d-------- C:\VundoFix Backups
    2007-11-20 19:45 <DIR> d-------- C:\Programmi\File comuni\Corel
    2007-11-20 15:08 <DIR> d-------- C:\Documents and Settings\Elisa\Dati applicazioni\skypePM
    2007-11-20 15:08 32 --a------ C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
    2007-11-20 15:07 <DIR> d-------- C:\Documents and Settings\Elisa\Dati applicazioni\Skype
    2007-11-20 15:06 <DIR> d-------- C:\Programmi\Skype
    2007-11-20 15:06 <DIR> d-------- C:\Programmi\File comuni\Skype
    2007-11-20 15:06 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Skype
    2007-11-20 09:56 27,200 --a------ C:\WINDOWS\system32\Ks4XQW4k.exe
    2007-11-20 09:53 688,558 ---hs---- C:\WINDOWS\system32\dnpqkyvj.ini
    2007-11-19 09:55 677,141 ---hs---- C:\WINDOWS\system32\rhbctbtg.ini
    2007-11-17 18:57 <DIR> d-------- C:\Programmi\BillP Studios
    2007-11-17 18:57 <DIR> d-------- C:\Documents and Settings\Elisa\Dati applicazioni\WinPatrol
    2007-11-17 18:41 675,500 ---hs---- C:\WINDOWS\system32\jelqhvoy.ini
    2007-11-16 17:05 678,040 ---hs---- C:\WINDOWS\system32\cwtnuiwe.ini
    2007-11-15 22:07 <DIR> d-------- C:\Programmi\DTA Software
    2007-11-15 21:54 <DIR> d-------- C:\Programmi\Corel
    2007-11-15 21:54 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Corel
    2007-11-14 20:33 <DIR> d-------- C:\Programmi\Opera
    2007-10-30 11:24 <DIR> d-------- C:\Documents and Settings\Elisa\Dati applicazioni\Azureus
    2007-10-30 11:24 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Azureus
    2007-10-30 11:23 <DIR> d-------- C:\Programmi\Azureus
    2007-10-26 19:41 88 -rahs---- C:\WINDOWS\system32\EE40E958DF.sys
    2007-10-26 17:38 104 -r-hs---- C:\WINDOWS\system32\DF58E940EE.sys
    2007-10-26 17:21 <DIR> d-------- C:\Documents and Settings\Elisa\Dati applicazioni\Corel
    2007-10-26 17:21 5,642 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
    2007-10-26 17:17 <DIR> d-------- C:\Programmi\Corel(R) Painter(TM) IX TBYB IT
    2007-10-21 17:47 <DIR> d-------- C:\Documents and Settings\Elisa\Dati applicazioni\Apple Computer
    2007-10-21 17:46 <DIR> d-------- C:\Programmi\iTunes
    2007-10-21 17:46 <DIR> d-------- C:\Programmi\iPod
    2007-10-21 17:45 <DIR> d-------- C:\Programmi\QuickTime
    2007-10-21 17:44 <DIR> d-------- C:\Programmi\File comuni\Apple
    2007-10-21 17:44 <DIR> d-------- C:\Programmi\Apple Software Update
    2007-10-21 17:44 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Apple

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
    .
    2007-11-20 09:57 --------- d-----w C:\Programmi\AdunanzA
    2007-11-15 20:15 598 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
    2007-11-15 08:14 --------- d-----w C:\Programmi\Netscape
    2007-11-14 13:18 --------- d-----w C:\Programmi\File comuni\Adobe
    2007-10-30 17:46 --------- d-----w C:\Programmi\Google
    2007-10-30 10:54 --------- d--h--w C:\Programmi\InstallShield Installation Information
    2007-10-30 10:54 --------- d-----w C:\Programmi\InterVideo
    2007-10-30 10:51 --------- d-----w C:\Programmi\Nokia
    2007-10-30 10:48 --------- d-----w C:\Programmi\Sonic
    2007-10-21 16:46 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
    2007-10-19 16:35 --------- d-----w C:\Programmi\File comuni\Netscape Shared
    2007-10-19 16:34 78,992 ----atw C:\WINDOWS\N6Uninst.exe
    2007-10-19 16:28 --------- d-----w C:\Documents and Settings\Elisa\Dati applicazioni\Netscape
    2007-10-09 10:00 --------- d-----w C:\Programmi\PaintStar
    2007-10-09 09:52 --------- d-----w C:\Programmi\Macromedia
    2007-10-03 09:53 --------- d-----w C:\Documents and Settings\Elisa\Dati applicazioni\Ambient Design
    2007-10-03 09:50 --------- d-----w C:\Programmi\Ambient Design
    .

    ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* i valori vuoti & legittimi/default non sono visualizzati.

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 09:00]
    "msnmsgr"="C:\Programmi\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54]
    "Skype"="C:\Programmi\Skype\Phone\Skype.exe" [2007-11-12 15:48]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 11:15]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 11:15]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-19 11:15]
    "SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh. exe" [2006-06-16 17:22]
    "Cpqset"="C:\Programmi\Hewlett-Packard\Default Settings\cpqset.exe" [2006-07-13 14:02]
    "nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2007-05-02 19:15]
    "Adobe Version Cue CS2"="C:\Programmi\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 17:58]
    "atwtusb"="atwtusb.exe" [2005-09-21 17:08 C:\WINDOWS\system32\ATWTUSB.EXE]
    "LocalCooling"="C:\Programmi\LocalCooling\localcoo ling.exe" []
    "QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2007-06-29 05:24]
    "iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.e xe" [2007-09-26 13:42]
    "WinPatrol"="C:\Programmi\BillP Studios\WinPatrol\winpatrol.exe" [2007-08-06 18:06]
    "ISUSPM Startup"="C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30]
    "ISUSScheduler"="C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 09:00]

    C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
    NkvMon.exe.lnk - C:\Programmi\Nikon\NkView6\NkvMon.exe [2007-06-29 14:30:06]

    [hklm\software\microsoft\windows\currentversion\exp lorer\shellexecutehooks]
    "{2C80EAD3-74CD-4700-83A4-AA878CD1C03C}"= C:\WINDOWS\system32\opnopqr.dll [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma Loader.lnk]
    path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma Loader.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
    2004-12-14 01:12 483328 --a------ C:\Programmi\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    2005-12-16 11:57 94208 --a------ C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4000 Series]
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIB EE.EXE /FU C:\WINDOWS\TEMP\E_S3B6.tmp /EF HKLM

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
    2006-05-03 14:58 458752 --a------ C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    C:\Programmi\MSN Messenger\MsnMsgr.Exe /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
    2005-12-20 15:51 1187840 --a------ C:\WINDOWS\Sminst\Recguard.exe

    R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
    R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
    R2 SPF4;Sunbelt Personal Firewall 4;"C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe"
    S1 aiptektp;HyperPen;C:\WINDOWS\system32\DRIVERS\aipt ektp.sys
    S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
    S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

    *Newly Created Service* - CATCHME
    .
    Contenuto della cartella 'Scheduled Tasks'
    "2007-10-21 16:45:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Programmi\Apple Software Update\SoftwareUpdate.exe
    "2007-11-20 08:56:44 C:\WINDOWS\Tasks\At1.job"
    - C:\WINDOWS\system32\Ks4XQW4k.exe
    "2007-11-20 12:01:37 C:\WINDOWS\Tasks\At14.job"
    - C:\WINDOWS\system32\Ks4XQW4k.exe
    "2007-11-20 14:00:45 C:\WINDOWS\Tasks\At16.job"
    - C:\WINDOWS\system32\Ks4XQW4k.exe
    "2007-11-20 08:56:45 C:\WINDOWS\Tasks\At23.job"
    - C:\WINDOWS\system32\Ks4XQW4k.exe
    "2007-11-20 08:56:45 C:\WINDOWS\Tasks\At24.job"
    "2007-11-20 08:56:44 C:\WINDOWS\Tasks\At3.job"
    - C:\WINDOWS\system32\Ks4XQW4k.exe
    "2007-11-20 08:56:44 C:\WINDOWS\Tasks\At4.job"
    - C:\WINDOWS\system32\Ks4XQW4k.exe
    "2007-11-20 08:56:44 C:\WINDOWS\Tasks\At7.job"
    - C:\WINDOWS\system32\Ks4XQW4k.exe
    "2007-11-20 08:56:44 C:\WINDOWS\Tasks\At9.job"
    - C:\WINDOWS\system32\Ks4XQW4k.exe
    .
    ************************************************** ************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-21 20:15:24
    Windows 5.1.2600 Service Pack 2 NTFS

    scansione processi nascosti ...

    scansione entrate autostart nascoste ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = C:\Programmi\Hewlett-Packard\Default Settings\cpqset.exe??@?????????????L?@??????F????? ?g?@?????L?@

    Scansione files nascosti ...

    Scansione completata con successo
    Files nascosti: 0

    ************************************************** ************************
    .
    Ora fine scansione: 2007-11-21 20.16.57
    .
    --- E O F --
    Rispondi quotando Rispondi quotando
  10. 21-11-2007, 23:21 #10
    moonba
    moonba non è in linea
    Utente di HTML.it L'avatar di moonba
    Registrato dal
    Jun 2007
    Messaggi
    649

    passo 3

    Logfile of HijackThis v1.99.1
    Scan saved at 21.21.24, on 21/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    C:\Programmi\Eset\nod32kui.exe
    C:\WINDOWS\system32\atwtusb.exe
    C:\Programmi\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Programmi\BillP Studios\WinPatrol\winpatrol.exe
    C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\MSN Messenger\msnmsgr.exe
    C:\Programmi\Skype\Phone\Skype.exe
    C:\Programmi\Nikon\NkView6\NkvMon.exe
    C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Programmi\Eset\nod32krn.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Programmi\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Programmi\Skype\Plugin Manager\skypePM.exe
    C:\Programmi\Internet Explorer\iexplore.exe
    C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Documents and Settings\Elisa\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Programmi\Hewlett-Packard\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Programmi\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
    O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
    O4 - HKLM\..\Run: [LocalCooling] "C:\Programmi\LocalCooling\localcooling.exe" -s
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [WinPatrol] C:\Programmi\BillP Studios\WinPatrol\winpatrol.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Global Startup: NkvMon.exe.lnk = C:\Programmi\Nikon\NkView6\NkvMon.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmi\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Programmi\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
    O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe
    Rispondi quotando Rispondi quotando
« Discussione precedente | Prossima discussione »

Permessi di invio

  • Non puoi inserire discussioni
  • Non puoi inserire repliche
  • Non puoi inserire allegati
  • Non puoi modificare i tuoi messaggi
  •  

Regole del Forum

Powered by vBulletin® Version 4.2.1
Copyright © 2026 vBulletin Solutions, Inc. All rights reserved.