Ecco di seguito il log di Hijacks
I virus segnalati da AVG si chiamano rispettivamente:
Troian horse Downloader.Agent.7E
Troian horse Backdoor.small.3BI
StartupList report, 26/01/2005, 18.34.38
StartupList version: 1.52
Started from : G:\Documents and Settings\Peppe\Desktop\Hihacks\startuplist\StartupList.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
G:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
G:\Programmi\Symantec\Norton Ghost 2003\GhostStartService.exe
G:\Programmi\Kerio\Personal Firewall 4\kpf4ss.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\System32\svchost.exe
G:\Programmi\TightVNC\WinVNC.exe
G:\WINDOWS\soundman.exe
G:\WINDOWS\System32\carpserv.exe
G:\Programmi\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
G:\WINDOWS\System32\ctfmon.exe
G:\Programmi\Messenger\msmsgs.exe
G:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe
G:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
G:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe
G:\Programmi\Internet Explorer\iexplore.exe
G:\Documents and Settings\Peppe\Desktop\Hihacks\startuplist\StartupList.exe
G:\Documents and Settings\Peppe\Desktop\Hihacks\startuplist\StartupList.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Common Startup:
[G:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica]
BTTray.lnk = ?
Microsoft Office.lnk = G:\Programmi\Microsoft Office\Office\OSA9.EXE
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = G:\WINDOWS\system32\userinit.exe
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
NeroCheck = G:\WINDOWS\system32\NeroCheck.exe
CDWCheckRubrica = C:\SEAT\CDItalia\Chkrub_cdi
SoundMan = soundman.exe
CARPService = carpserv.exe
GhostStartTrayApp = G:\Programmi\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
AVG7_CC = G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
AVG7_EMC = G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
WinVNC = "G:\Programmi\TightVNC\WinVNC.exe" -servicehelper
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE = G:\WINDOWS\System32\ctfmon.exe
MSMSGS = "G:\Programmi\Messenger\msmsgs.exe" /background
--------------------------------------------------
Shell & screensaver key from G:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=G:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - G:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - G:\WINDOWS\winby32.dll - {5B86A516-4121-F602-C428-DD7BCCE4EE39}
--------------------------------------------------
Enumerating Download Program Files:
[{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}]
InProcServer32 = G:\WINDOWS\Downloaded Program Files\AdStatServX.dll
CODEBASE =
http://static.windupdates.com/cab/CDTIn ... ge-c46.cab
[WUWebControl Class]
InProcServer32 = G:\WINDOWS\System32\wuweb.dll
CODEBASE =
http://v5.windowsupdate.microsoft.com/v ... 6386361203
[Anonymizer Anti-Spyware Scanner]
InProcServer32 = G:\WINDOWS\Downloaded Program Files\WebAAS.dll
CODEBASE =
http://download.zonelabs.com/bin/promot ... WebAAS.cab
[Shockwave Flash Object]
InProcServer32 = G:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE =
http://download.macromedia.com/pub/shoc ... wflash.cab
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: G:\WINDOWS\system32\SHELL32.dll
CDBurn: G:\WINDOWS\system32\SHELL32.dll
WebCheck: G:\WINDOWS\System32\webcheck.dll
SysTray: G:\WINDOWS\System32\stobject.dll
--------------------------------------------------
End of report, 5.431 bytes
Report generated in 0,047 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only