aris73 ha scritto:posta un log di Hijackthis
http://www.merijn.org/files/hijackthis.zipmetti il programma in un cartella dedicata in c:\programmi\Hijackthis
lancia e clicca il tasto"do a system scan and save a log file.
otterrai un file di testo che dovrai postare
Grazie, Aris, ti posto due log, uno fatto prima della scansione acon l'antivirus (25 ottobre) e uno eseguito dopo tale scansione (26 ottobre). Ciao (li trascrivo di seguito perché sembra non sia consentito l'invio in allegato di file .log).
LOG 25 ottobre
Logfile of HijackThis v1.99.1
Scan saved at 21.22.17, on 25/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Lexmark 2200 Series\lxbvbmgr.exe
C:\Programmi\Lexmark 2200 Series\lxbvbmon.exe
C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\MemInfo\meminfo.exe
C:\Programmi\Memento\Memento.exe
E:\Documenti\SOFTWARE\!!!TE LI SEGNALO!!!\hijack this\estratto\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.wordart.it
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.GOOGLE.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.wordart.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.wordart.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.wordart.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.wordart.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.GOOGLE.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://www.GOOGLE.it
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wordart - The Universal Portal
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Programmi\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Ordina_Menu] C:\WINDOWS\command\Regdelw.exe /q /n "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder"
O4 - HKCU\..\Run: [DIRECTX] REGEDIT /S C:\WINDOWS\system32\DirectX\Dinput\DIRECTX.REG
O4 - HKCU\..\Run: [ORDINA_MENU2] C:\WINDOWS\command\Regdelw.exe /q /n "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder"
O4 - Startup: MemInfo.lnk = C:\Programmi\MemInfo\meminfo.exe
O4 - Startup: Memento.lnk = C:\Programmi\Memento\Memento.exe
O4 - Global Startup: MemInfo.lnk = C:\Programmi\MemInfo\meminfo.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} -
http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
LOG 26 ottobre
Logfile of HijackThis v1.99.1
Scan saved at 11.10.16, on 26/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Lexmark 2200 Series\lxbvbmgr.exe
C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Programmi\Lexmark 2200 Series\lxbvbmon.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\MemInfo\meminfo.exe
C:\Programmi\Memento\Memento.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.wordart.it
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.GOOGLE.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.wordart.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.wordart.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.wordart.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.wordart.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.GOOGLE.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://www.GOOGLE.it
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wordart - The Universal Portal
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Programmi\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Ordina_Menu] C:\WINDOWS\command\Regdelw.exe /q /n "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder"
O4 - HKCU\..\Run: [DIRECTX] REGEDIT /S C:\WINDOWS\system32\DirectX\Dinput\DIRECTX.REG
O4 - HKCU\..\Run: [ORDINA_MENU2] C:\WINDOWS\command\Regdelw.exe /q /n "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder"
O4 - Startup: MemInfo.lnk = C:\Programmi\MemInfo\meminfo.exe
O4 - Startup: Memento.lnk = C:\Programmi\Memento\Memento.exe
O4 - Global Startup: MemInfo.lnk = C:\Programmi\MemInfo\meminfo.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} -
http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe