Ho un problema con una bella colonia di virus, che non mi fanno aggiornare l'antivirus, mi rallentano internet e non mi permettono persino di utilizzare Combofix! Come posso fare? Posto qui il mio log di HijackThis, ho provato a rimuovere delle voci, ma puntualmente si ricreano....! Grazie
Andrea
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10.56.59, on 16/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\Ati2evxx.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\system32\Ati2evxx.exe
C:\WINDOWS.0\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\system32\5.tmp
C:\WINDOWS.0\System32\reader_s.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\System32\reader_s.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS.0\fonts\services.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\WINDOWS.0\system32\wbem\wmiapsrv.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\Windows XP\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmi\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS.0\fonts\services.exe
F3 - REG:win.ini: run=C:\WINDOWS.0\fonts\services.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmi\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {cd310c49-38e2-4d2f-947f-ab7d7d0076d6} - homobose.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programmi\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [25601] C:\WINDOWS.0\system32\10.tmp.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS.0\system32\regedit.exe
O4 - HKLM\..\Run: [vufivukami] Rundll32.exe "wikufalu.dll",s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [sys64_nov] C:\WINDOWS.0\system32\sys64_nov.exe
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS.0\System32\reader_s.exe
O4 - HKLM\..\Run: [gadiyurew] Rundll32.exe "c:\windows.0\system32\lugarine.dll",a
O4 - HKLM\..\RunOnce: [áN@] áN@
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Windows XP\reader_s.exe
O4 - HKLM\..\Policies\Explorer\Run: [exec] C:\WINDOWS.0\fonts\services.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [Windows XP] C:\Documents and Settings\Windows XP\Windows XP.exe /i (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [sys64_nov] .\5.tmp (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\Windows XP\reader_s.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Windows XP] C:\Documents and Settings\Windows XP\Windows XP.exe /i (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251825464046
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS.0\SYSTEM32\avgrsstx.dll
O21 - SSODL: jihurahoz - {f68bfdc0-da84-4dcc-9eeb-6272c2fc75f1} - c:\windows.0\system32\kavunize.dll (file missing)
O21 - SSODL: sudufusup - {add7dac2-c981-4cc9-90c5-bba210cbe2cc} - c:\windows.0\system32\kavunize.dll (file missing)
O21 - SSODL: rosaziboy - {b8c2e931-0bd8-40f4-ad77-0e42c208d2db} - c:\windows.0\system32\tazigita.dll (file missing)
O21 - SSODL: homozopol - {102d62d8-b761-4d52-b3da-80eb4d62da2f} - c:\windows.0\system32\lugarine.dll
O22 - SharedTaskScheduler: gahurihor - {f68bfdc0-da84-4dcc-9eeb-6272c2fc75f1} - c:\windows.0\system32\kavunize.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {add7dac2-c981-4cc9-90c5-bba210cbe2cc} - c:\windows.0\system32\kavunize.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {b8c2e931-0bd8-40f4-ad77-0e42c208d2db} - c:\windows.0\system32\tazigita.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {102d62d8-b761-4d52-b3da-80eb4d62da2f} - c:\windows.0\system32\lugarine.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS.0\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
--
End of file - 7411 bytes
Andrea
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10.56.59, on 16/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\Ati2evxx.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\system32\Ati2evxx.exe
C:\WINDOWS.0\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\system32\5.tmp
C:\WINDOWS.0\System32\reader_s.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\System32\reader_s.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS.0\fonts\services.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\WINDOWS.0\system32\wbem\wmiapsrv.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\Windows XP\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmi\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS.0\fonts\services.exe
F3 - REG:win.ini: run=C:\WINDOWS.0\fonts\services.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmi\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {cd310c49-38e2-4d2f-947f-ab7d7d0076d6} - homobose.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programmi\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [25601] C:\WINDOWS.0\system32\10.tmp.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS.0\system32\regedit.exe
O4 - HKLM\..\Run: [vufivukami] Rundll32.exe "wikufalu.dll",s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [sys64_nov] C:\WINDOWS.0\system32\sys64_nov.exe
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS.0\System32\reader_s.exe
O4 - HKLM\..\Run: [gadiyurew] Rundll32.exe "c:\windows.0\system32\lugarine.dll",a
O4 - HKLM\..\RunOnce: [áN@] áN@
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Windows XP\reader_s.exe
O4 - HKLM\..\Policies\Explorer\Run: [exec] C:\WINDOWS.0\fonts\services.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [Windows XP] C:\Documents and Settings\Windows XP\Windows XP.exe /i (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [sys64_nov] .\5.tmp (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\Windows XP\reader_s.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Windows XP] C:\Documents and Settings\Windows XP\Windows XP.exe /i (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251825464046
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS.0\SYSTEM32\avgrsstx.dll
O21 - SSODL: jihurahoz - {f68bfdc0-da84-4dcc-9eeb-6272c2fc75f1} - c:\windows.0\system32\kavunize.dll (file missing)
O21 - SSODL: sudufusup - {add7dac2-c981-4cc9-90c5-bba210cbe2cc} - c:\windows.0\system32\kavunize.dll (file missing)
O21 - SSODL: rosaziboy - {b8c2e931-0bd8-40f4-ad77-0e42c208d2db} - c:\windows.0\system32\tazigita.dll (file missing)
O21 - SSODL: homozopol - {102d62d8-b761-4d52-b3da-80eb4d62da2f} - c:\windows.0\system32\lugarine.dll
O22 - SharedTaskScheduler: gahurihor - {f68bfdc0-da84-4dcc-9eeb-6272c2fc75f1} - c:\windows.0\system32\kavunize.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {add7dac2-c981-4cc9-90c5-bba210cbe2cc} - c:\windows.0\system32\kavunize.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {b8c2e931-0bd8-40f4-ad77-0e42c208d2db} - c:\windows.0\system32\tazigita.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {102d62d8-b761-4d52-b3da-80eb4d62da2f} - c:\windows.0\system32\lugarine.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS.0\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
--
End of file - 7411 bytes
