NUOVA

[cbcb]

ciao a tutti sono nuova di qst forum.
ho un piccolo problema ..... facendo girare adaware rileva alcune chiavi di registro e un file malware che si chiama "ide21201.vxd"
lo elimino, ma quando riavvio lui riappare (magia?)
ho provato ad eliminarlo anche in modalità provvisoria, ma niente da fare.
sapete suggerirmi cosa fare?
grazie 1000

p.s. tra l'altro non riesco neanche a collegarmi ad internet da quel pc, da più di una settimana, per problemi con Libero adsl

[LUPO21]

fatti un giro nella sezione guide a pagina 8 e li trovi la guida per hijkthis e scarica il programma e fatti una scansione e poi postaci il log

[cbcb]

grazie,
scarico il programma, solo che non riuscirò a postare il log...... non riesco a collegarmi (adesso scrivo dal lavoro)

[Dylan666]

Copiati file log su un floppy\CD\Chiave USB e portatelo sul luogo di lavoro, poi scrivici da lì

[cbcb]

il problema c'è ancora. sotto copio i file di log di AdAware e di HijackThis sapete dirmi cosa posso fare?
grazie 1000 a tutti.

Ad-Aware SE Build 1.06r1
Logfile Created on:domenica 13 novembre 2005 20.51.41
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R47 24.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):5 total references
WindUpdates(TAC index:8):6 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


13-11-2005 20.51.41 - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 452
ThreadCreationTime : 13-11-2005 16.43.00
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 596
ThreadCreationTime : 13-11-2005 16.43.06
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 620
ThreadCreationTime : 13-11-2005 16.43.07
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 664
ThreadCreationTime : 13-11-2005 16.43.07
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Applicazione Servizi e Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Tutti i diritti riservati.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 676
ThreadCreationTime : 13-11-2005 16.43.07
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 828
ThreadCreationTime : 13-11-2005 16.43.08
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 876
ThreadCreationTime : 13-11-2005 16.43.08
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 916
ThreadCreationTime : 13-11-2005 16.43.08
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 980
ThreadCreationTime : 13-11-2005 16.43.08
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1036
ThreadCreationTime : 13-11-2005 16.43.09
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [ccevtmgr.exe]
FilePath : c:\Programmi\File comuni\Symantec Shared\
ProcessID : 1212
ThreadCreationTime : 13-11-2005 16.43.10
BasePriority : Normal
FileVersion : 1.03.4
ProductVersion : 1.03.4
ProductName : Event Manager
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:12 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1268
ThreadCreationTime : 13-11-2005 16.43.10
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Esplora risorse
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Tutti i diritti riservati.
OriginalFilename : EXPLORER.EXE

#:13 [nisum.exe]
FilePath : c:\Programmi\Norton Personal Firewall\
ProcessID : 1288
ThreadCreationTime : 13-11-2005 16.43.10
BasePriority : Normal
FileVersion : 6.02.1015
ProductVersion : 6.02.1015
ProductName : Norton Internet Security
CompanyName : Symantec Corporation
FileDescription : Norton Internet Security NISUM
InternalName : NISUM
LegalCopyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NISUM.exe

#:14 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1480
ThreadCreationTime : 13-11-2005 16.43.11
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:15 [ccpxysvc.exe]
FilePath : c:\Programmi\Norton Personal Firewall\
ProcessID : 1584
ThreadCreationTime : 13-11-2005 16.43.11
BasePriority : Normal
FileVersion : 6.02.1015
ProductVersion : 6.02.1015
ProductName : Norton Internet Security
CompanyName : Symantec Corporation
FileDescription : Norton Internet Security Proxy Service
InternalName : ccPxySvc
LegalCopyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccPxySvc.exe

#:16 [navapsvc.exe]
FilePath : c:\Programmi\Norton AntiVirus\
ProcessID : 1628
ThreadCreationTime : 13-11-2005 16.43.11
BasePriority : Normal
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:17 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1660
ThreadCreationTime : 13-11-2005 16.43.11
BasePriority : Normal
FileVersion : 6.14.10.4403
ProductVersion : 6.14.10.4403
ProductName : NVIDIA Driver Helper Service, Version 44.03
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 44.03
InternalName : NVSVC
LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:18 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1748
ThreadCreationTime : 13-11-2005 16.43.11
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:19 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1804
ThreadCreationTime : 13-11-2005 16.43.11
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:20 [symwsc.exe]
FilePath : C:\Programmi\File comuni\Symantec Shared\Security Center\
ProcessID : 1892
ThreadCreationTime : 13-11-2005 16.43.11
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright (c) 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe

#:21 [hpsysdrv.exe]
FilePath : C:\windows\system\
ProcessID : 336
ThreadCreationTime : 13-11-2005 16.43.13
BasePriority : Normal
FileVersion : 1, 7, 0, 0
ProductVersion : 1, 7, 0, 0
ProductName : hpsysdrv
CompanyName : Hewlett-Packard Company
FileDescription : hpsysdrv
InternalName : hpsysdrv
LegalCopyright : Copyright © 1998
OriginalFilename : hpsysdrv.exe

#:22 [hphmon05.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 472
ThreadCreationTime : 13-11-2005 16.43.13
BasePriority : Normal
FileVersion : 5,0,84
ProductVersion : 5,0,84
ProductName : HP Photosmart
CompanyName : Hewlett-Packard
FileDescription : HPHmon05
InternalName : HPHmon05
LegalCopyright : Copyright (C) 2003
OriginalFilename : HPHmon05.exe

#:23 [schsvr.exe]
FilePath : C:\Programmi\File comuni\InterVideo\SchSvr\
ProcessID : 488
ThreadCreationTime : 13-11-2005 16.43.13
BasePriority : Normal
FileVersion : 3.0.79.139
ProductVersion : 3.0.79.139
ProductName : InterVideo(R) WinDVR
CompanyName : InterVideo Inc.
FileDescription : InterVideo Schedule Server
InternalName : SchSvr
LegalCopyright : Copyright (C) 2000-2002 InterVideo Inc.
OriginalFilename : SchSvr.EXE

#:24 [ccapp.exe]
FilePath : C:\Programmi\File comuni\Symantec Shared\
ProcessID : 508
ThreadCreationTime : 13-11-2005 16.43.14
BasePriority : Normal
FileVersion : 1.08.01
ProductVersion : 1.08.01
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
LegalCopyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:25 [shwicon2k.exe]
FilePath : C:\Programmi\Multimedia Card Reader\
ProcessID : 540
ThreadCreationTime : 13-11-2005 16.43.14
BasePriority : Idle
FileVersion : 1, 0, 0, 6
ProductVersion : 1, 0, 0, 6
ProductName : Alcor Micro Sunkist
CompanyName : Alcor Micro, Corp.
FileDescription : Sunkist
InternalName : Sunkist
LegalCopyright : Copyright c 2002 - 2004
OriginalFilename : Sunkist.exe

#:26 [ps2.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 568
ThreadCreationTime : 13-11-2005 16.43.14
BasePriority : Normal


#:27 [wkufind.exe]
FilePath : C:\Programmi\File comuni\Microsoft Shared\Works Shared\
ProcessID : 680
ThreadCreationTime : 13-11-2005 16.43.15
BasePriority : Normal
FileVersion : 7.00.0617.0
ProductVersion : 7.00.0617.0
ProductName : Update Detection Module
CompanyName : Microsoft® Corporation
FileDescription : Rilevamento aggiornamenti di Microsoft® Works
InternalName : WkUFind
LegalCopyright : Copyright © 1987-2002 Microsoft Corporation.
OriginalFilename : WkUFind.exe

#:28 [mm_tray.exe]
FilePath : C:\Programmi\Musicmatch\Musicmatch Jukebox\
ProcessID : 960
ThreadCreationTime : 13-11-2005 16.43.15
BasePriority : Normal
FileVersion : 9.00.0156
ProductVersion : 9.00.0156
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : mm_tray
InternalName : mm_tray
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : mm_tray.exe

#:29 [mmtask.exe]
FilePath : C:\Programmi\Musicmatch\Musicmatch Jukebox\
ProcessID : 1000
ThreadCreationTime : 13-11-2005 16.43.15
BasePriority : Normal
FileVersion : 9.0.0.1
ProductVersion : 9.0.0.1
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch Inc.
FileDescription : <Musicmatch System Tray Application>
InternalName : mmtask.exe
LegalCopyright : (c) Musicmatch Inc.. All rights reserved.
OriginalFilename : mmtask.exe

#:30 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1560
ThreadCreationTime : 13-11-2005 16.43.19
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:31 [hpwuschd2.exe]
FilePath : C:\Programmi\HP\HP Software Update\
ProcessID : 1616
ThreadCreationTime : 13-11-2005 16.43.19
BasePriority : Normal
FileVersion : 50.0.146.000
ProductVersion : 050.000.146.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : Hewlett-Packard Product Assistant
InternalName : hpwuSchd2
LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2004
OriginalFilename : hpwuSchd2.exe
Comments : Hewlett-Packard Product Assistant

#:32 [mediagateway.exe]
FilePath : C:\Program Files\Media Gateway\
ProcessID : 2088
ThreadCreationTime : 13-11-2005 16.43.20
BasePriority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 0
ProductName : Media Gateway
FileDescription : Media Gateway
LegalCopyright : Copyright 2005
OriginalFilename : MediaGateway.exe

#:33 [dslstat.exe]
FilePath : C:\Program Files\D-Link\DSL-200\
ProcessID : 2100
ThreadCreationTime : 13-11-2005 16.43.20
BasePriority : Normal
FileVersion : 4.1.0
ProductVersion : 4.1.0
ProductName : DSL Status
CompanyName : GlobespanVirata, Inc.
FileDescription : DSL Status Executable
InternalName : DslStatus
LegalCopyright : Copyright (C) 2002
OriginalFilename : dslstatus.exe

#:34 [dslagent.exe]
FilePath : C:\Program Files\D-Link\DSL-200\
ProcessID : 2120
ThreadCreationTime : 13-11-2005 16.43.20
BasePriority : Normal


#:35 [iexplore.exe]
FilePath : c:\progra~1\intern~1\
ProcessID : 2192
ThreadCreationTime : 13-11-2005 16.43.21
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. Tutti i diritti riservati.
OriginalFilename : IEXPLORE.EXE

#:36 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2220
ThreadCreationTime : 13-11-2005 16.43.22
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Modulo di esecuzione DLL come applicazioni
InternalName : rundll
LegalCopyright : © Microsoft Corporation. Tutti i diritti riservati.
OriginalFilename : RUNDLL.EXE

#:37 [iexplore.exe]
FilePath : C:\Programmi\Internet Explorer\
ProcessID : 2304
ThreadCreationTime : 13-11-2005 16.43.22
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. Tutti i diritti riservati.
OriginalFilename : IEXPLORE.EXE

#:38 [hpqtra08.exe]
FilePath : C:\Programmi\Hewlett-Packard\Digital Imaging\bin\
ProcessID : 2316
ThreadCreationTime : 13-11-2005 16.43.22
BasePriority : Normal
FileVersion : 5.35.0.035
ProductVersion : 005.035.000.035
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP Digital Imaging Monitor (CUE)
InternalName : HPQTRA00
LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2001
OriginalFilename : HPQTRA00.EXE
Comments : HP Digital Imaging Monitor (CUE)

#:39 [fsscrctl.exe]
FilePath : C:\WINDOWS\
ProcessID : 2428
ThreadCreationTime : 13-11-2005 16.43.24
BasePriority : Normal
FileVersion : 2, 1, 0, 46
ProductVersion : 2, 1, 0, 46
ProductName : Stardust Screen Saver Toolkit 2.1
CompanyName : Stardust Software
FileDescription : Screen Saver Control applet
InternalName : FSScrCtl
LegalCopyright : Copyright © 1998-1999 Stardust Software.
LegalTrademarks : Stardust and Screen Saver Toolkit are trademarks of Stardust Software.
OriginalFilename : FSSCRCTL.EXE
Comments : http://www.stardustsoftware.com

#:40 [ntvdm.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2960
ThreadCreationTime : 13-11-2005 16.44.41
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : NTVDM.EXE
InternalName : NTVDM.EXE
LegalCopyright : © Microsoft Corporation. Tutti i diritti riservati.
OriginalFilename : NTVDM.EXE

#:41 [spybotsd.exe]
FilePath : C:\Programmi\Spybot - Search & Destroy\
ProcessID : 4012
ThreadCreationTime : 13-11-2005 19.33.27
BasePriority : Normal
FileVersion : 1, 3, 0, 12
ProductVersion : 1, 3, 0, 12
ProductName : SpyBot-S&D
CompanyName : Safer Networking Limited
FileDescription : Spybot - Search & Destroy
InternalName : SpybotSD
LegalCopyright : © 2000-2004 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten.
LegalTrademarks : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen.
OriginalFilename : SpyBotSD.exe
Comments : Software zum Entfernen von Spyware und ähnlichen Bedrohungen.

#:42 [megasol.exe]
FilePath : C:\Programmi\Palladium Interactive\Mega Solitaire\
ProcessID : 3892
ThreadCreationTime : 13-11-2005 19.34.24
BasePriority : Normal


#:43 [iexplore.exe]
FilePath : C:\Programmi\Internet Explorer\
ProcessID : 1264
ThreadCreationTime : 13-11-2005 19.50.54
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. Tutti i diritti riservati.
OriginalFilename : IEXPLORE.EXE

#:44 [msmsgs.exe]
FilePath : C:\Programmi\Messenger\
ProcessID : 976
ThreadCreationTime : 13-11-2005 19.51.08
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright (c) Microsoft Corporation 2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:45 [fxgaobot.exe]
FilePath : E:\ANTIVIRUS\REMOVE-TOOLS\
ProcessID : 2956
ThreadCreationTime : 13-11-2005 19.51.19
BasePriority : Normal
FileVersion : 1.0.4.0
ProductVersion : 1.0.4.0
ProductName : Symantec W32.HLLW.Gaobot FixTool
CompanyName : Symantec Corporation
LegalCopyright : Copyright 2004 Symantec Corporation
OriginalFilename : FxGaobot.exe

#:46 [ad-aware.exe]
FilePath : C:\Programmi\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2012
ThreadCreationTime : 13-11-2005 19.51.31
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

WindUpdates Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}

WindUpdates Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}
Value : AppID

WindUpdates Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{00ada225-ea6c-4fb3-82e8-68189201ccb9}

WindUpdates Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 4


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4



Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4

WindUpdates Object Recognized!
Type : File
Data : ide21201.vxd
TAC Rating : 8
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



Disk Scan Result for C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5

Disk Scan Result for C:\DOCUME~1\PROPRI~1\IMPOST~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 5



MRU List Object Recognized!
Location: : C:\Documents and Settings\Proprietario\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1211880472-4107410244-2055151705-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-1211880472-4107410244-2055151705-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-1211880472-4107410244-2055151705-1003\software\nvidia corporation\global\nview\windowmanagement
Description : nvidia nview cached application window positions



Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

WindUpdates Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8}

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 11

20.56.55 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00.05.14.641
Objects scanned:75594
Objects identified:6
Objects ignored:0
New critical objects:6

[cbcb]

Logfile of HijackThis v1.99.1
Scan saved at 21.15.13, on 13/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Programmi\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\Programmi\Norton Personal Firewall\ccPxySvc.exe
c:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Programmi\File comuni\InterVideo\SchSvr\SchSvr.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\system32\ps2.exe
C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programmi\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Programmi\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Media Gateway\MediaGateway.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\FSScrCtl.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Programmi\Palladium Interactive\Mega Solitaire\MEGASOL.EXE
C:\Programmi\Internet Explorer\iexplore.exe
E:\ANTIVIRUS\REMOVE-TOOLS\FXGAOBOT.EXE
E:\SCAN\SCANGUI.EXE
E:\SCAN\scan.exe
C:\Programmi\Messenger\msmsgs.exe
C:\DOCUME~1\PROPRI~1\IMPOST~1\Temp\Directory temporanea 4 per hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-it9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6325987F-BAD0-01D4-4635-EDCEEB9826A7} - C:\DOCUME~1\PROPRI~1\DATIAP~1\TIMEDU~1\Log dupe.exe
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Programmi\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programmi\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Programmi\File comuni\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Sunkist2k] C:\Programmi\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MMTray] C:\Programmi\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Programmi\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [partthatsettingsvc] C:\Documents and Settings\All Users\Dati applicazioni\SendSafePartThat\OozeDent.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Programmi\Registry Cleaner Trial\RegClean.exe"
O4 - HKCU\..\Run: [DvdFord] C:\DOCUME~1\PROPRI~1\DATIAP~1\BASEAU~1\Active eggs bib.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe
O4 - Startup: Start CODEHUNT.lnk = C:\REDHUNT\ap.bat
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.1_07\bin\npjpi141_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.1_07\bin\npjpi141_07.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsup ... SupCtl.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/m ... Loader.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 8042089218
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/180solu ... ge-c32.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Programmi\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Programmi\Norton Personal Firewall\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe

[microguru]

Ciao cbcb! che bello averti qui! (per tutti, cbcb è una mia cara amica di chat Lycos alla quale ho consigliato di iscriversi qui per risolvere il suo problema con il pc). Ma... era un log o la divina commedia, quella che hsi postato prima?? heheheh Purtroppo io non me ne intendo troppo di virussazzi & affini, perciò lascio al branco di esperti la soluzione al tuo caso Mi raccomando ragazzi, trattatemela bene!

[cbcb]

mio guru grazie smakkete

[Tiseria]

C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe

Questo è il Trojan.Win32.MediaGateway.A

Installa Virit è un ottimo anti-malware.
Riavvia in modalità provvisoria ed esegui Virit explore lite per la rimozione.

O4 - HKCU\..\Run: [DvdFord] C:\DOCUME~1\PROPRI~1\DATIAP~1\BASEAU~1\Active eggs bib.exe

O4 - HKLM\..\Run: [partthatsettingsvc] C:\Documents and Settings\All Users\Dati applicazioni\SendSafePartThat\OozeDent.exe

Queste sono delle varianti del Trojan.Win32.Swizzor o Adware.Lop.
Genera file con nomi casuali.

Ciao

[cbcb]

GRAZIE............ stasera lo disintegro

[Dylan666]

C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe

[...]

O4 - HKCU\..\Run: [DvdFord] C:\DOCUME~1\PROPRI~1\DATIAP~1\BASEAU~1\Active eggs bib.exe

O4 - HKLM\..\Run: [partthatsettingsvc] C:\Documents and Settings\All Users\Dati applicazioni\SendSafePartThat\OozeDent.exe

Leva quelle chiavi e relativi file e lascia stare VirIt

Se non le conosci leva pure queste:

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/m ... Loader.dll

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/180solu ... ge-c32.cab

O4 - HKLM\..\Run: [partthatsettingsvc] C:\Documents and Settings\All Users\Dati applicazioni\SendSafePartThat\OozeDent.exe

Vove inutile, levala:
O3 - Toolbar: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)

Vediamo se basta.
Una volta tolti quelli rifai il log e mettilo qui e vedi se le voci gialle ti sono famialiari:
http://hijackthis.de/index.php?langselect=italian

[Tiseria]

C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe

[...]

O4 - HKCU\..\Run: [DvdFord] C:\DOCUME~1\PROPRI~1\DATIAP~1\BASEAU~1\Active eggs bib.exe

O4 - HKLM\..\Run: [partthatsettingsvc] C:\Documents and Settings\All Users\Dati applicazioni\SendSafePartThat\OozeDent.exe

Leva quelle chiavi e relativi file e lascia stare VirIt

Puoi fare a meno di ripetere le mie cose...

Segui le mie indicazioni di fixare e installare Virit.

[Dylan666]

Le ho ripetute solo perchè le chiavi che dicevi sono quelle da eliminare. Levandole con HijackThis (insieme alle altre che ho indicato) si può evitare l'installazione di altro software.