PDA

Visualizza versione completa : ad.adserverplus.com


devindoc
22-01-2007, 17.57.34
Ho beccato qualche porcheria che non appena mi connetto ed apro il mio Firefox mi apre una finestra di explorer con URL ; http://ad.adserverplus.com con la pagina di un sito chiamato neetmetic.it che mi appare a vari intervalli di tempo.
Per altro ogni tanto si aprono altre finestre di vari tipo ma sempre con explorer e non con firefox che Ŕ il mio browser predefinito . Non mi riesce di debellare la bestiaccia. Accludo il log di Hijack sperando nella pazienza e nella maestria dei soliti angeli del forum...

Logfile of HijackThis v1.99.1
Scan saved at 18.07.28, on 22/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe
C:\Programmi\Spyware Doctor\sdhelp.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\PowerISO\PWRISOVM.EXE
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\TomTom HOME\TomTomHOME.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.908. 5008\GoogleToolbarNotifier.exe
C:\Programmi\Spyware Doctor\swdoctor.exe
C:\Programmi\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Giovanni\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MBpatch] C:\program files\Creative\MBsetup\RemoveKey.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programmi\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] C:\Programmi\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [five fork about that] C:\Documents and Settings\All Users\Dati applicazioni\ENC PROXY FIVE FORK\Less Software.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.908. 5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmi\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [P2kAutostart] F:\motorola\pk2commander\P2kAutostart.exe
O4 - HKCU\..\Run: C:\DOCUME~1\Giovanni\DATIAP~1\PLATFO~1\Funk real.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: oregon_station.lnk = C:\Programmi\Oregon Station\os.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocitÓ Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD3B9468-9CE3-40A1-B3FE-8F21B5901404}: NameServer = 85.37.17.11 151.99.125.1
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (file missing)
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programmi\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

[B]GRAZIE !!!!!!!!!!

crazy.cat
22-01-2007, 18.03.39
Hai nstallato messenger plus?

Cancella queste due schifezze
O4 - HKLM\..\Run: [five fork about that] C:\Documents and Settings\All Users\Dati applicazioni\ENC PROXY FIVE FORK\Less Software.exe
O4 - HKCU\..\Run: [boltidle] C:\DOCUME~1\Giovanni\DATIAP~1\PLATFO~1\Funk real.exe

devindoc
22-01-2007, 18.11.02
Ti ringrazio anzitutto per la tua risposta praticamente " real time ".
Non ho mai istallato messenger ne' messenger plus . Ho comunque cancellato le due porcherie e sono in religiosa attesa per vedere se la subdola finestra riappare.

devindoc
22-01-2007, 18.15.31
Ho chiuso Firefox e l'ho riaperto: La subdola riappare !!!!!!
Se non ti rompo dammi qualche altra dritta

crazy.cat
22-01-2007, 18.29.56
Hai cancellato la cache di firefox?

I due file ricompaiono nel log?

Scarica e scansiona con questo programma.
http://www.emsisoft.com/en/software/free/

devindoc
22-01-2007, 19.17.05
Scusa per il ritardo , ma tra scarico programma e scansione.... Comunque:

1) ho cancellato la cache
2) dei due files ne ricompare solo 1 :
O4 - HKCU\..\Run: [boltidle] ecc.
3) ho scansionato col programma da te consigliato e ti invio il log
Il programma mi chiede di eliminare gli oggetti selezionati o metterli in quarantena .
Che faccio ?


a-squared Free - Version 2.1

Impostazioni scansione:

Oggetti: Memoria, Tracce, Cookies, C:\WINDOWS\, C:\Programmi
Archivio scansioni: On
Scientifico: On
ADS Scan: On

Scansione avviata: 22/01/2007 18.57.16

C:\Documents and Settings\Giovanni\Documenti\\edonkey2000 downloads rilevati: Trace.Directory.eDonkey
C:\Documents and Settings\Giovanni\Cookies\giovanni@atdmt[1].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\Giovanni\Cookies\giovanni@bluestreak[1].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\Giovanni\Cookies\giovanni@cgi-bin[1].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\Giovanni\Cookies\giovanni@classmates[2].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\Giovanni\Cookies\giovanni@doubleclick[1].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\Giovanni\Cookies\giovanni@media.intelia[1].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\Giovanni\Cookies\giovanni@tradedoubler[2].txt rilevati: Trace.TrackingCookie
C:\Documents and Settings\Giovanni\Dati applicazioni\Mozilla\Firefox\Profiles\i2chvgrm.def ault\cookies.txt:65 rilevati: Trace.TrackingCookie
C:\Documents and Settings\Giovanni\Dati applicazioni\Mozilla\Firefox\Profiles\i2chvgrm.def ault\cookies.txt:66 rilevati: Trace.TrackingCookie
C:\Documents and Settings\Giovanni\Dati applicazioni\Mozilla\Firefox\Profiles\i2chvgrm.def ault\cookies.txt:67 rilevati: Trace.TrackingCookie
C:\Documents and Settings\Giovanni\Dati applicazioni\Mozilla\Firefox\Profiles\i2chvgrm.def ault\cookies.txt:70 rilevati: Trace.TrackingCookie
C:\Documents and Settings\Giovanni\Dati applicazioni\Mozilla\Firefox\Profiles\i2chvgrm.def ault\cookies.txt:71 rilevati: Trace.TrackingCookie
C:\Documents and Settings\Giovanni\Dati applicazioni\Mozilla\Firefox\Profiles\i2chvgrm.def ault\cookies.txt:72 rilevati: Trace.TrackingCookie
C:\Documents and Settings\Giovanni\Dati applicazioni\Mozilla\Firefox\Profiles\i2chvgrm.def ault\cookies.txt:74 rilevati: Trace.TrackingCookie
C:\Documents and Settings\Giovanni\Dati applicazioni\Mozilla\Firefox\Profiles\i2chvgrm.def ault\cookies.txt:75 rilevati: Trace.TrackingCookie
C:\Documents and Settings\Giovanni\Dati applicazioni\Mozilla\Firefox\Profiles\i2chvgrm.def ault\cookies.txt:96 rilevati: Trace.TrackingCookie
C:\Documents and Settings\Giovanni\Dati applicazioni\Mozilla\Firefox\Profiles\i2chvgrm.def ault\cookies.txt:97 rilevati: Trace.TrackingCookie
C:\Documents and Settings\Giovanni\Dati applicazioni\Mozilla\Firefox\Profiles\i2chvgrm.def ault\cookies.txt:132 rilevati: Trace.TrackingCookie
C:\Documents and Settings\Giovanni\Dati applicazioni\Mozilla\Firefox\Profiles\i2chvgrm.def ault\cookies.txt:164 rilevati: Trace.TrackingCookie
C:\Documents and Settings\Giovanni\Dati applicazioni\Mozilla\Firefox\Profiles\i2chvgrm.def ault\cookies.txt:169 rilevati: Trace.TrackingCookie
C:\Documents and Settings\Giovanni\Dati applicazioni\Mozilla\Firefox\Profiles\i2chvgrm.def ault\cookies.txt:170 rilevati: Trace.TrackingCookie
C:\Documents and Settings\Giovanni\Dati applicazioni\Mozilla\Firefox\Profiles\i2chvgrm.def ault\cookies.txt:171 rilevati: Trace.TrackingCookie
C:\Documents and Settings\Giovanni\Dati applicazioni\Mozilla\Firefox\Profiles\i2chvgrm.def ault\cookies.txt:172 rilevati: Trace.TrackingCookie
C:\Documents and Settings\Giovanni\Dati applicazioni\Mozilla\Firefox\Profiles\i2chvgrm.def ault\cookies.txt:183 rilevati: Trace.TrackingCookie
C:\Documents and Settings\Giovanni\Dati applicazioni\Mozilla\Firefox\Profiles\i2chvgrm.def ault\cookies.txt:224 rilevati: Trace.TrackingCookie
C:\Documents and Settings\Giovanni\Dati applicazioni\Mozilla\Firefox\Profiles\i2chvgrm.def ault\cookies.txt:226 rilevati: Trace.TrackingCookie
C:\Documents and Settings\Giovanni\Dati applicazioni\Mozilla\Firefox\Profiles\i2chvgrm.def ault\cookies.txt:236 rilevati: Trace.TrackingCookie
C:\Documents and Settings\Giovanni\Dati applicazioni\Mozilla\Firefox\Profiles\i2chvgrm.def ault\cookies.txt:249 rilevati: Trace.TrackingCookie
C:\Documents and Settings\Giovanni\Dati applicazioni\Mozilla\Firefox\Profiles\i2chvgrm.def ault\cookies.txt:250 rilevati: Trace.TrackingCookie
C:\Documents and Settings\Giovanni\Dati applicazioni\Mozilla\Firefox\Profiles\i2chvgrm.def ault\cookies.txt:290 rilevati: Trace.TrackingCookie
C:\Documents and Settings\Giovanni\Dati applicazioni\Mozilla\Firefox\Profiles\i2chvgrm.def ault\cookies.txt:311 rilevati: Trace.TrackingCookie
C:\Documents and Settings\Giovanni\Dati applicazioni\Mozilla\Firefox\Profiles\i2chvgrm.def ault\cookies.txt:312 rilevati: Trace.TrackingCookie
C:\Documents and Settings\Giovanni\Dati applicazioni\Mozilla\Firefox\Profiles\i2chvgrm.def ault\cookies.txt:317 rilevati: Trace.TrackingCookie
C:\Documents and Settings\Giovanni\Dati applicazioni\Mozilla\Firefox\Profiles\i2chvgrm.def ault\cookies.txt:327 rilevati: Trace.TrackingCookie
C:\Documents and Settings\Giovanni\Dati applicazioni\Mozilla\Firefox\Profiles\i2chvgrm.def ault\cookies.txt:329 rilevati: Trace.TrackingCookie
C:\Documents and Settings\Giovanni\Dati applicazioni\Mozilla\Firefox\Profiles\i2chvgrm.def ault\cookies.txt:330 rilevati: Trace.TrackingCookie
C:\Documents and Settings\Giovanni\Dati applicazioni\Mozilla\Firefox\Profiles\i2chvgrm.def ault\cookies.txt:403 rilevati: Trace.TrackingCookie
C:\Documents and Settings\Giovanni\Dati applicazioni\Mozilla\Firefox\Profiles\i2chvgrm.def ault\cookies.txt:431 rilevati: Trace.TrackingCookie
C:\Documents and Settings\Giovanni\Dati applicazioni\Mozilla\Firefox\Profiles\i2chvgrm.def ault\cookies.txt:442 rilevati: Trace.TrackingCookie
C:\Documents and Settings\Giovanni\Dati applicazioni\Mozilla\Firefox\Profiles\i2chvgrm.def ault\cookies.txt:553 rilevati: Trace.TrackingCookie
C:\Documents and Settings\Giovanni\Dati applicazioni\Mozilla\Firefox\Profiles\i2chvgrm.def ault\cookies.txt:557 rilevati: Trace.TrackingCookie
C:\Documents and Settings\Giovanni\Dati applicazioni\Mozilla\Firefox\Profiles\i2chvgrm.def ault\cookies.txt:580 rilevati: Trace.TrackingCookie
C:\Documents and Settings\Giovanni\Dati applicazioni\Mozilla\Firefox\Profiles\i2chvgrm.def ault\cookies.txt:618 rilevati: Trace.TrackingCookie
C:\Documents and Settings\Giovanni\Dati applicazioni\Mozilla\Firefox\Profiles\i2chvgrm.def ault\cookies.txt:619 rilevati: Trace.TrackingCookie
C:\Documents and Settings\Giovanni\Dati applicazioni\Mozilla\Firefox\Profiles\i2chvgrm.def ault\cookies.txt:620 rilevati: Trace.TrackingCookie
C:\Documents and Settings\Giovanni\Dati applicazioni\Mozilla\Firefox\Profiles\i2chvgrm.def ault\cookies.txt:685 rilevati: Trace.TrackingCookie
C:\Documents and Settings\Giovanni\Dati applicazioni\Mozilla\Firefox\Profiles\i2chvgrm.def ault\cookies.txt:686 rilevati: Trace.TrackingCookie
C:\Documents and Settings\Giovanni\Dati applicazioni\Mozilla\Firefox\Profiles\i2chvgrm.def ault\cookies.txt:710 rilevati: Trace.TrackingCookie
C:\Programmi\Motorola Phone Tools\MPT_TEST_Info.exe rilevati: Adware.Win32.Maxifiles.j

Scansionati

Files: 43450
Tracce: 94530
Cookies: 1174
Processi: 39

Rilevato

Files: 1
Tracce: 1
Cookies: 48
Processi: 0
Chiavi registro: 0

Fine scansione: 22/01/2007 19.17.46
Tempo scansione: 0.20.30

crazy.cat
22-01-2007, 19.45.45
2) dei due files ne ricompare solo 1 :
O4 - HKCU\..\Run: [boltidle] ecc.

Ti direi di caricare quel file sul sito www.virustotal.com e farlo analizzare per vedere di cosa si tratta

3) Questa lasciala stare
C:\Documents and Settings\Giovanni\Documenti\\edonkey2000 downloads rilevati: Trace.Directory.eDonkey

Ti serve proprio questo programma????
C:\Programmi\Motorola Phone Tools\MPT_TEST_Info.exe rilevati: Adware.Win32.Maxifiles.j

Il resto sono tutti dei cookies che puoi anche eliminare.

devindoc
22-01-2007, 20.06.00
Fatto. Eliminato il file e fatto esaminare il file : un solo antivirus ( bit defender ) me lo atichetta per un trojan.
Mi scuso ma devo andare al lavoro . Grazie infinite e ti faro' sapere , domani pomeriggio , l'esito della tua pazienza.
Grazie mille

devindoc
23-01-2007, 13.47.34
Come da promessa , eccomi qui' ! Credo che siamo riusciti nell'impresa : la maligna finestra non appare piu'!!!!(almeno dopo due ore di navigazione ).
Un ringraziamento particolare a crazy.cat per la sua pazienza e disponibilitÓ e per avermi insegnato qualche altro programma ed avermi indicato come procedere.

gionny24
01-02-2007, 14.53.28
ciao ragazzi io sono nuovo vorrei anche io una mano di aiuto per eliminare quelle male....e finestre di explorer che si aprono da sole allego il file creato con hijackthis perfavore aiutatemi :wall:

Logfile of HijackThis v1.99.1
Scan saved at 14.46.09, on 01/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\MarkAny\ContentSafer\MAAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE
C:\Programmi\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programmi\Wireless Device\Wireless Mouse\MouseAp.exe
C:\Programmi\Magic Keyboard\MagicKey.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\Magic Keyboard\V3D.exe
C:\Programmi\Magic Keyboard\OSD.EXE
D:\EMULE\emule.exe
C:\Programmi\Ahead\nero startsmart\nerostartsmart.exe
C:\Programmi\Ahead\nero\nero.exe
C:\WINDOWS\system32\imapi.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\gianni\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Encarta Web Companion Oggetto helper - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [jugstrayvgawave] C:\Documents and Settings\All Users\Dati applicazioni\lovebeepjugstray\DogWma.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SMSTray] D:\LETTORE-MP3\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Programmi\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKCU\..\Run: [LoveOwns] C:\DOCUME~1\gianni\DATIAP~1\SCRHEC~1\defy dvd chic.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [E06IXLRD_710703] "C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE" -m
O4 - Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Enable Wireless Mouse Driver.lnk = C:\Programmi\Wireless Device\Wireless Mouse\MouseAp.exe
O4 - Global Startup: Magic Keyboard.lnk = C:\Programmi\Magic Keyboard\MagicKey.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://giovannisergi.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{733FB07D-2A21-44DB-B646-271DA0BF719F}: NameServer = 85.37.17.51 85.38.28.97
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe

grazie aspetto vostre notizie

Perusar
01-02-2007, 15.09.40
A me puzzano queste due:

O4 - HKLM\..\Run: [jugstrayvgawave] C:\Documents and Settings\All Users\Dati applicazioni\lovebeepjugstray\DogWma.exe

O4 - HKCU\..\Run: [LoveOwns] C:\DOCUME~1\gianni\DATIAP~1\SCRHEC~1\defy dvd chic.exe

mentre questa

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

non so cosa sia...

Se vuoi saperne di pi¨ puoi scansionare i singoli files su Virustotal come ha detto anche crazycat sopra ;)

crazy.cat
01-02-2007, 15.41.49
i primi due che ti detto perusar sono sicuramente da buttare via.

L'altro Ŕ buono

Name: WPDShServiceObj
Filename: WPDShServiceObj.dll
Command: C:\WINDOWS\system32\WPDShServiceObj.dll
Description: Windows Portable Device Shell Service Object
File Location: %System%
Startup Type: This startup entry is started automatically via the following Windows Registry keys:

una scansione completa con a2 squared o superantispyware non fa mai male.

gionny24
02-02-2007, 12.58.43
grazie mille ho eliminato quei due file che mi avete consigliato...
questa Ŕ la situazione attuale:
Logfile of HijackThis v1.99.1
Scan saved at 12.53.42, on 02/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\MarkAny\ContentSafer\MAAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programmi\Wireless Device\Wireless Mouse\MouseAp.exe
C:\Programmi\Magic Keyboard\MagicKey.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\Magic Keyboard\V3D.exe
C:\Programmi\Magic Keyboard\OSD.EXE
D:\EMULE\emule.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\gianni\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Encarta Web Companion Oggetto helper - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SMSTray] D:\LETTORE-MP3\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Programmi\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [E06IXLRD_710703] "C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE" -m
O4 - Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Enable Wireless Mouse Driver.lnk = C:\Programmi\Wireless Device\Wireless Mouse\MouseAp.exe
O4 - Global Startup: Magic Keyboard.lnk = C:\Programmi\Magic Keyboard\MagicKey.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://giovannisergi.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{733FB07D-2A21-44DB-B646-271DA0BF719F}: NameServer = 85.37.17.51 85.38.28.97
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe

sto effettuando ache la scansione con antiSpyware......
vi diro i risultati tra poco