Utility
Home Messaggi odierni FAQ Ricerca avanzata Lo staff del forum Regolamento Utenti Archivio
Pagina 1 di 2 1 2 ultimoultimo
Visualizzazione dei risultati da 1 a 10 su 19
  1. 02-07-2008, 01:02 #1
    gianniruud
    gianniruud non è in linea
    Utente di HTML.it
    Registrato dal
    Jul 2008
    Messaggi
    16

    problema cn gli spyware

    ragazzi ho un problema di avvisi di spyware. il computer dice che è infetto di spyware. ho visto che avete già riolto problemi del genere.
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 0.57.21, on 02/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
    C:\Programmi\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\Power Translator 11\LogoMedia TranslateDotNet Server.exe
    C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Programmi\CyberLink\Shared files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
    C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
    C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programmi\Web Technologies\wcs.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe
    C:\Programmi\Search Settings\SearchSettings.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe
    C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIC AE.EXE
    C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
    C:\Programmi\Mozilla Firefox\firefox.exe
    C:\DOCUME~1\User\IMPOST~1\Temp\Rar$EX00.641\hijack this.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Programmi\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
    R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programmi\Search Settings\kb127\SearchSettings.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Programmi\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
    O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Programmi\Dealio\kb127\Dealio.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {9989F1F6-70DE-4244-AC9F-6672983681A0} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301. 7164\swg.dll
    O2 - BHO: (no name) - {B8301AF7-D00E-4EA4-87C1-5FF4644FBBA1} - (no file)
    O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programmi\Search Settings\kb127\SearchSettings.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programmi\AskSBar\bar\1.bin\ASKSBAR.DLL
    O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Programmi\Power Translator 11\Applications\LEC IE Translation Extension.dll
    O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
    O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programmi\AskSBar\bar\1.bin\ASKSBAR.DLL
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Programmi\Dealio\kb127\Dealio.dll
    O3 - Toolbar: Internet Service - {85BDD81D-31FD-4A6B-A73C-3955B128D2EC} - C:\Programmi\Web Technologies\iebr.dll
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [au] C:\Programmi\Dealio\DealioAU.exe
    O4 - HKLM\..\Run: [SearchSettings] "C:\Programmi\Search Settings\SearchSettings.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI CAE.EXE" /FU "C:\WINDOWS\TEMP\E_SF8.tmp" /EF "HKCU"
    O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Programmi\Web Technologies\wcs.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\User\Dati applicazioni\Dealio\kb127\res\DealioSearch.html
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programmi\Dealio\kb127\Dealio.dll
    O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programmi\Dealio\kb127\Dealio.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/.../GAME_UNO1.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4D294B69-A5A8-4814-98BF-535A5F1D2D9C}: NameServer = 193.70.152.15 193.70.152.25
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator 11\LogoMedia TranslateDotNet Server.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
    O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

    --
    End of file - 11215 bytes

    Cosa dovrei fare. Vi prego rispondete e grazie in anticipo.
    Rispondi quotando Rispondi quotando
  2. 02-07-2008, 07:49 #2
    hell's bells
    hell's bells non è in linea
    Utente di HTML.it L'avatar di hell's bells
    Registrato dal
    May 2008
    Messaggi
    1,660
    Scarica questo programma:

    Per scaricare Malwarebytes Malwarebytes
    1) lo installi
    2) lo aggiorni
    3) fai una scansione scegliendo la modalità completa
    4) elimina le ventuali minacce che rileva
    5) finita la scansione seleziona il tabellino log, apri il file di testo e postalo sul forum


    Se il rapporto è molto lungo, segui questa scaletta:

    1) andare sul sito http://www.savefile.com/
    2) clicca su Upload My file
    3) clicca su upload oppure registrarsi per avere più opzioni
    4) clicca su browser e scegli il file di log, txt ecc dal tuo computer
    5) compila i restanti campi e clicca su Upload File
    6) copia ed incolla sul forum il link per il download che trovi sotto la voce [If you want to link directly to the file: ]
    Rispondi quotando Rispondi quotando
  3. 02-07-2008, 11:11 #3
    gianniruud
    gianniruud non è in linea
    Utente di HTML.it
    Registrato dal
    Jul 2008
    Messaggi
    16

    problema cn gli spyware

    Malwarebytes' Anti-Malware 1.19
    Versione del database: 913
    Windows 5.1.2600 Service Pack 2

    11.09.02 02/07/2008
    mbam-log-7-2-2008 (11-09-02).txt

    Tipo di scansione: Scansione completa (C:\|D:\|E:\|)
    Elementi scansionati: 92448
    Tempo trascorso: 27 minute(s), 47 second(s)

    Processi delle memoria infetti: 1
    Moduli della memoria infetti: 0
    Chiavi di registro infette: 10
    Valori di registro infetti: 3
    Elementi dato del registro infetti: 0
    Cartelle infette: 8
    File infetti: 24

    Processi delle memoria infetti:
    C:\Programmi\Web Technologies\wcs.exe (Trojan.Zlob) -> Unloaded process successfully.

    Moduli della memoria infetti:
    (Nessun elemento malevolo rilevato)

    Chiavi di registro infette:
    HKEY_CLASSES_ROOT\CLSID\{85bdd81d-31fd-4a6b-a73c-3955b128d2ec} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\{7c4bcd17-bdba-4078-9d8c-8ca8b7eabe77} (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{9989f1f6-70de-4244-ac9f-6672983681a0} (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{b8301af7-d00e-4ea4-87c1-5ff4644fbba1} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\AntiSpyCheck 2.1 (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Web Technologies (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\IEBrowse Tool (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\IExplorer Bar (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\Warning Center (Trojan.Zlob) -> Quarantined and deleted successfully.

    Valori di registro infetti:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{85bdd81d-31fd-4a6b-a73c-3955b128d2ec} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{85bdd81d-31fd-4a6b-a73c-3955b128d2ec} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\Explorer\Run\some (Trojan.Zlob) -> Quarantined and deleted successfully.

    Elementi dato del registro infetti:
    (Nessun elemento malevolo rilevato)

    Cartelle infette:
    C:\Programmi\Web Technologies (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Programmi\WAV (Rogue.WindowsAntivirus2008) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Dati applicazioni\ADSL Software Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Dati applicazioni\ADSL Software Ltd\WinSpywareProtect (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Dati applicazioni\ADSL Software Ltd\WinSpywareProtect\BASE (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Dati applicazioni\ADSL Software Ltd\WinSpywareProtect\DELETED (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Dati applicazioni\ADSL Software Ltd\WinSpywareProtect\LOG (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Dati applicazioni\ADSL Software Ltd\WinSpywareProtect\SAVED (Rogue.Multiple) -> Quarantined and deleted successfully.

    File infetti:
    C:\Programmi\Web Technologies\iebr.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Programmi\Web Technologies\iebtmm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Programmi\Web Technologies\iebtu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Programmi\Web Technologies\iebu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Programmi\Web Technologies\myd.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Programmi\Web Technologies\mym.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Programmi\Web Technologies\myp.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Programmi\Web Technologies\myv.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Programmi\Web Technologies\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Programmi\Web Technologies\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Programmi\Web Technologies\wcs.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Programmi\Web Technologies\wcu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Dati applicazioni\Adsl Software Ltd\WinSpywareProtect\Winspywareprotect.exe (Rogue.Installer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Dati applicazioni\ADSL Software Ltd\WinSpywareProtect\LOG\20080630172803390.log (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Dati applicazioni\ADSL Software Ltd\WinSpywareProtect\LOG\20080630202558765.log (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Dati applicazioni\ADSL Software Ltd\WinSpywareProtect\LOG\20080630225534328.log (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Dati applicazioni\ADSL Software Ltd\WinSpywareProtect\LOG\20080701000752343.log (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Dati applicazioni\ADSL Software Ltd\WinSpywareProtect\LOG\20080701110544359.log (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Dati applicazioni\ADSL Software Ltd\WinSpywareProtect\LOG\20080701111507328.log (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Dati applicazioni\ADSL Software Ltd\WinSpywareProtect\LOG\20080701170829062.log (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Dati applicazioni\ADSL Software Ltd\WinSpywareProtect\LOG\20080701200543562.log (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Menu Avvio\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Menu Avvio\Online Spyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Preferiti\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.

    Va bene? Aspetto vostre risposte per il seguito. grazie mille.
    Rispondi quotando Rispondi quotando
  4. 02-07-2008, 11:22 #4
    hell's bells
    hell's bells non è in linea
    Utente di HTML.it L'avatar di hell's bells
    Registrato dal
    May 2008
    Messaggi
    1,660
    Vedo che la cura ha funzionato, mi riposti un hijackthis per controllo, poi fammi sapere se continuano gli avvisi del computer.
    Rispondi quotando Rispondi quotando
  5. 02-07-2008, 12:49 #5
    gianniruud
    gianniruud non è in linea
    Utente di HTML.it
    Registrato dal
    Jul 2008
    Messaggi
    16

    problema cn gli spyware.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12.47.49, on 02/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
    C:\Programmi\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\Power Translator 11\LogoMedia TranslateDotNet Server.exe
    C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Programmi\CyberLink\Shared files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe
    C:\Programmi\Search Settings\SearchSettings.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe
    C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIC AE.EXE
    C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
    C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
    C:\Programmi\Windows Live\Messenger\msnmsgr.exe
    C:\Programmi\Windows Live\Messenger\usnsvc.exe
    C:\Programmi\Mozilla Firefox\firefox.exe
    C:\DOCUME~1\User\IMPOST~1\Temp\Rar$EX00.641\hijack this.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Programmi\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
    R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programmi\Search Settings\kb127\SearchSettings.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Programmi\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
    O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Programmi\Dealio\kb127\Dealio.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301. 7164\swg.dll
    O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programmi\Search Settings\kb127\SearchSettings.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programmi\AskSBar\bar\1.bin\ASKSBAR.DLL
    O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Programmi\Power Translator 11\Applications\LEC IE Translation Extension.dll
    O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
    O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programmi\AskSBar\bar\1.bin\ASKSBAR.DLL
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Programmi\Dealio\kb127\Dealio.dll
    O3 - Toolbar: (no name) - {85BDD81D-31FD-4A6B-A73C-3955B128D2EC} - (no file)
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [au] C:\Programmi\Dealio\DealioAU.exe
    O4 - HKLM\..\Run: [SearchSettings] "C:\Programmi\Search Settings\SearchSettings.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI CAE.EXE" /FU "C:\WINDOWS\TEMP\E_SF8.tmp" /EF "HKCU"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\User\Dati applicazioni\Dealio\kb127\res\DealioSearch.html
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programmi\Dealio\kb127\Dealio.dll
    O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programmi\Dealio\kb127\Dealio.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/.../GAME_UNO1.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4D294B69-A5A8-4814-98BF-535A5F1D2D9C}: NameServer = 193.70.152.15 193.70.152.25
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator 11\LogoMedia TranslateDotNet Server.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
    O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

    --
    End of file - 11008 bytes

    Questo è il nuovo log. poi ti faccio sapere anche se escono gli avvisi. grazie.
    Rispondi quotando Rispondi quotando
  6. 02-07-2008, 13:06 #6
    hell's bells
    hell's bells non è in linea
    Utente di HTML.it L'avatar di hell's bells
    Registrato dal
    May 2008
    Messaggi
    1,660
    Controlla questi 3 files su questo sito http://www.virustotal.com/it/

    C:\Programmi\Dealio\DealioAU.exe

    C:\Programmi\Dealio\kb127\Dealio.dll

    C:\Programmi\Search Settings\SearchSettings.exe

    quando sei sul sito fai "sfoglia" selezioni il file, poi fai "upload" e poi "invia file" attendi che la scansione sia terminata e copiati il link della pagina del report.

    Posta i link della pagina del report.
    Rispondi quotando Rispondi quotando
  7. 02-07-2008, 13:49 #7
    gianniruud
    gianniruud non è in linea
    Utente di HTML.it
    Registrato dal
    Jul 2008
    Messaggi
    16

    problema cn gli spyware

    http://www.virustotal.com/it/analisi...6eeb1f0ee4936d
    questo è del primo file.
    http://www.virustotal.com/it/analisi...4f924de5ef3158 questo è del secondo file.
    http://www.virustotal.com/it/reanali...b465063fde99ed questo è del terzo file.
    Grazie e comunque sembra che gli avvisis non escono più.
    Rispondi quotando Rispondi quotando
  8. 02-07-2008, 13:55 #8
    hell's bells
    hell's bells non è in linea
    Utente di HTML.it L'avatar di hell's bells
    Registrato dal
    May 2008
    Messaggi
    1,660
    I files sono puliti, in ogni caso ci sono degli elementi da rimuovere con hijackthis, vorrei solo prima verificare con calma e con chi ne sà molto piu' di me (Deifobe ) le voci da rimuovere e la voce SearchSettings.exe. Quindi attendi ulteriori istruzioni per finire la pulizia.

    In ultimo ti risulta di avere volontariamente installato il programma searchsettings?
    Rispondi quotando Rispondi quotando
  9. 02-07-2008, 14:15 #9
    gianniruud
    gianniruud non è in linea
    Utente di HTML.it
    Registrato dal
    Jul 2008
    Messaggi
    16

    problema cn gli spyware

    quindi aspetto tue notizie per finire la pulizia? comunque non penso di aver installato io quel programma. ma a volte mi esce in basso una lente di ingrandimento con quel nome.
    Rispondi quotando Rispondi quotando
  10. 02-07-2008, 14:24 #10
    hell's bells
    hell's bells non è in linea
    Utente di HTML.it L'avatar di hell's bells
    Registrato dal
    May 2008
    Messaggi
    1,660
    Controlla da pannelo di controllo in "installare applicazioni" se è presente e non l'hai installato tu lo rimuoviamo, per il resto attendi che ti vengano postate le pulizie finali, nel mentre usa il pc e vediamo se tutte le voci rimosse da malwarebytes hanno ripulito del tutto il sistema.
    Rispondi quotando Rispondi quotando
« Discussione precedente | Prossima discussione »

Permessi di invio

  • Non puoi inserire discussioni
  • Non puoi inserire repliche
  • Non puoi inserire allegati
  • Non puoi modificare i tuoi messaggi
  •  

Regole del Forum

Powered by vBulletin® Version 4.2.1
Copyright © 2025 vBulletin Solutions, Inc. All rights reserved.