Ok!
Nel computer credo di avere due trojan, che mi danno problemi con messenger. Cioè, quando sono collegato mi apre a caso e ripetutamente più finestre per chattare con uno dei mie contatti.
Questo è il log di hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 18.43.29, on 02/08/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
G:\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Programmi\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\Explorer.exe
D:\wamp\apache\Apache.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
D:\wamp\apache\Apache.exe
C:\WINNT\system32\RunDll32.exe
C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINNT\system32\MSTMON_S.EXE
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
G:\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Google\Google Talk\googletalk.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\WINNT\system32\mdm.exe
C:\PROGRA~1\Alice\ALICEE~1\app\EnterNet.exe
G:\Mozilla Firefox\firefox.exe
D:\eMule\emule.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat
G:\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://gw.aliceadsl.it/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://gw.aliceadsl.it/home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINNT\NT\nrcs.exe
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,C:\WINNT\NT\nrcs.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar4.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [System-Config] msptmf32.com
O4 - HKLM\..\Run: [windlll] systemkk.exe
O4 - HKLM\..\Run: [Microsoft Synchronization Manager] brouteuse.exe
O4 - HKLM\..\Run: [dfasack] C:\WINNT\SYSTEM32\cbasd.exe
O4 - HKLM\..\Run: [fgwrwesbk] C:\WINNT\SYSTEM32\cxzca.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [qffecdas] C:\winnt\system32\feqfxx.exe
O4 - HKLM\..\Run: [DSAcass] C:\winnt\system32\cacasp.exe
O4 - HKLM\..\Run: [vccacA] sdaxzl.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Secure Microsoft Windows] integitor.exe
O4 - HKLM\..\Run: [desktop] C:\WINNT\system32\desktop.exe
O4 - HKLM\..\Run: [winlogins.exe] winlogins.exe
O4 - HKLM\..\Run: [Bdwqwqdss] C:\WINNT\SYSTEM32\asddp.exe
O4 - HKLM\..\Run: [DfqwSfS] ffsqsd.exe
O4 - HKLM\..\Run: [Microsoft Lmhosting Service] lmhosts.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [VirtualCloneDrive] "d:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [KONICA MINOLTA magicolor 2400W STD] C:\WINNT\system32\MSTMON_S.EXE STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Winamp Agent] C:\WINNT\system32\winamp.exe
O4 - HKLM\..\Run: [Microsoft (R) Windows Vista/NT Runtime Compatibility Service] C:\WINNT\NT\nrcs.exe
O4 - HKLM\..\Run: [WinampPlugin] winampa.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Zone Labs Client] "G:\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [System-Config] msptmf32.com
O4 - HKLM\..\RunServices: [windlll] systemkk.exe
O4 - HKLM\..\RunServices: [Microsoft Synchronization Manager] brouteuse.exe
O4 - HKLM\..\RunServices: [Microsoft Buffer App] msbuffer.exe
O4 - HKLM\..\RunServices: [vccacA] sdaxzl.exe
O4 - HKLM\..\RunServices: [Secure Microsoft Windows] integitor.exe
O4 - HKLM\..\RunServices: [winlogins.exe] winlogins.exe
O4 - HKLM\..\RunServices: [DfqwSfS] ffsqsd.exe
O4 - HKLM\..\RunServices: [Microsoft Lmhosting Service] lmhosts.exe
O4 - HKLM\..\RunServices: [WinampPlugin] winampa.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Programmi\Google\Google Talk\googletalk.exe" /autostart
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &MSN Search -
res://C:\Programmi\MSN Toolbar Suite\TB\02.05.0000.1082\it-it\msntb.dll/search.htm
O8 - Extra context menu item: &Windows Live Search -
res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Apri in nuova scheda in primo piano -
res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?fd1087e342fa4cffa8cbf4a88384df5f
O8 - Extra context menu item: Apri in nuova scheda in secondo piano -
res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?fd1087e342fa4cffa8cbf4a88384df5f
O9 - Extra button: Alice - {B1F591A8-CE2F-421D-B93D-76264191795E} -
http://gw.aliceadsl.it/alice (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: Microsoft WFC Forms Designer -
file://E:\VJ98\VJ98\wfcforms.cab
O16 - DPF: Visual Studio 6 Extensibility Libraries -
file://E:\VJ98\VJ98\vstudio6.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?LinkId= ... lcid=0x409
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) -
https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
http://us.dl1.yimg.com/download.yahoo.c ... urrent.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
http://webcam.gazzettino.it/script/AxisCamControl.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/msnme ... loader.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O21 - SSODL: printers - {C3D32599-9ABC-48A2-A356-7406C5DF2C67} - libwinets.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - G:\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: System Firewall (Firewall Application) - Unknown owner - C:\WINNT\system32\sysfirewall.exe" -service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Firebird Server (InterBaseServer) - Unknown owner - D:\Firebird\bin\ibserver.exe (file missing)
O23 - Service: Microsoft NetWork FireWall Services - Unknown owner - NetServices.exe (file missing)
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Windows Vista/NT Runtime Compatibility Service (ntrcs) - Unknown owner - C:\WINNT\NT\nrcs.exe (file missing)
O23 - Service: OracleDevSuiteHomeClientCache - Unknown owner - D:\DevSuiteHome\BIN\ONRSD.EXE
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINNT\System32\PSEXESVC.EXE (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Microsoft SSL (ssl) - Unknown owner - C:\WINNT\system32\ssl.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: wampapache - Unknown owner - D:\wamp\apache\Apache.exe" --ntservice (file missing)
O23 - Service: wampmysqld - Unknown owner - D:\wamp\MySQL\bin\mysqld-nt.exe
O23 - Service: Windows Product Activation (wpa) - Unknown owner - C:\WINNT\system32\wpa.exe (file missing)
Dopodiché ho lanciato l'antivirus, che mi ha trovato questi due file: photo67.zip
photo047.zip