crazy.cat ha scritto:Visto il genere di sito hacker ho rimosso il link.
E' sparito l'allegato quando stavo per scaricarlo???
Copia il testo del file log nella discussione senza allegare il file.
vabbene. riporto subito.
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
L:\APPLZ OS-SECURITY\ANTIVIRUS\Avast 4\ashMaiSv.exe
L:\APPLZ OS-SECURITY\ANTIVIRUS\Avast 4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
L:\BROWSERS\Firefox\firefox.exe
L:\DIVX-DVD\K-Lite Codec Pack\filters\divxsm.exe
L:\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = <Empty>
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://***.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.libero.it
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - L:\ALTRI\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: VCS3IESupport Class - {B9D6B3C2-09AD-464A-8162-8C55114C808A} - L:\APPLZ AUDIO EDITING\AV VCS 3.0 Gold\Vcs3RT.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - L:\DOWNLO~1\STARDO~1\SDIEInt.dll
O4 - HKLM\..\Run: [avast!] "L:\APPLZ OS-SECURITY\ANTIVIRUS\Avast 4\ashDisp.exe"
O4 - HKCU\..\Run: [Spamihilator] "L:\APPLZ OS-SECURITY\NOSPAM\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [BrowserSentinel2] "L:\APPLZ OS-SECURITY\REGISTRY AND OS UTILITY\Browser Sentinel 2, hijack, spyware, adware, trojan, viruses, keyloggers protection for IT professionals\BrowserSentinel.exe" -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Accoda in Star Downloader - L:\DOWNLOAD MANAGER\Star Downloader\sdieenq.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link to &MidpX - C:\Programmi\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
O8 - Extra context menu item: Salva oggetto con Star Downloader - L:\DOWNLOAD MANAGER\Star Downloader\sdie.htm
O8 - Extra context menu item: Salva tutti gli oggetti con Star Downloader - L:\DOWNLOAD MANAGER\Star Downloader\leechie.htm
O8 - Extra context menu item: Save Flash -
res://L:\ALTRI\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: Sothink SWF Catcher - C:\Programmi\File comuni\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programmi\File comuni\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programmi\File comuni\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - L:\ALTRI\Flash Saving Plugin\FlashSButton.dll (HKCU)
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - L:\APPLZ DESIGNER\Flash Decompiler\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - L:\APPLZ DESIGNER\Flash Decompiler\iebt.dll (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.libero.it
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -
http://messenger.zone.msn.com/binary/So ... b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0847B5C0-83AB-4DAD-94DD-01D777C1FB3A}: NameServer = 85.37.17.9 85.38.28.75
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\Skype4COM.dll
O20 - Winlogon Notify: WBSrv - L:\ALTRI\WindowBlinds\wbsrv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - L:\APPLZ OS-SECURITY\ANTIVIRUS\Avast 4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - L:\APPLZ OS-SECURITY\ANTIVIRUS\Avast 4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - L:\APPLZ OS-SECURITY\ANTIVIRUS\Avast 4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - L:\APPLZ OS-SECURITY\ANTIVIRUS\Avast 4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe