Help! Internet Connection

**Carmy_Na** · 20-01-2008, 03:37

Ciao a tutti! Purtroppo ho anch'io questo problema. Ho cercato di seguire le indicazioni date ad altri, ma temo di far danni, per cui, vi posto i miei logfile e attendo vostre istruzioni.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1.26.06, on 20/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Symantec\LiveUpdate\AluSchedulerSvc.e xe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\File comuni\Protexis\License Service\PSIService.exe
C:\Programmi\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\snmp.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\FILECO~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\SiteAdvisor\6253\SiteAdv.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\Explorer.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programmi\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programmi\File comuni\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FILECO~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programmi\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Mostra Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programmi\File comuni\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [SiteAdvisor] C:\Programmi\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programmi\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...a/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ControlInstaller Class) - https://www-secure.symantec.com/tech...l/SymAData.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1189824824218
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://marina90italy.spaces.live.com...d/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {CEDDF50D-9FA7-41A8-BCD0-6350D1ED2306} (SecurityManager Class) - http://aiuto.alice.it/ata/static/ins...ller_4-1-5.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BAFF3ADE-1FE1-42D6-A29A-55B94CAA9667}: NameServer = 85.37.17.9 85.38.28.75
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\AluSchedulerSvc.e xe
O23 - Service: Boonty Games - BOONTY - C:\Programmi\File comuni\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\LuComServer_3_4.E XE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Programmi\File comuni\Protexis\License Service\PSIService.exe
O23 - Service: Servizio SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Programmi\SiteAdvisor\6253\SAService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FILECO~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.e xe
--
End of file - 8795 bytes

Find AWF report by noahdfear ©2006 Version 1.40

bak folders found
~~~~~~~~~~~

Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 78BA-998B

Directory di C:\PROGRA~1\QUICKT~1\BAK

25/10/2006 18.58 282.624 qttask.exe
1 File 282.624 byte
2 Directory 10.865.860.608 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 78BA-998B

Directory di C:\PROGRA~1\WINDOW~2\BAK

02/11/2006 21.56 204.288 WMPNSCFG.exe
1 File 204.288 byte
2 Directory 10.865.860.608 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 78BA-998B

Directory di C:\WINDOWS\SYSTEM32\BAK

19/08/2004 13.00 15.360 ctfmon.exe
1 File 15.360 byte
2 Directory 10.865.856.512 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 78BA-998B

Directory di C:\PROGRA~1\ALICET~1\SMARTB~1\BAK

21/04/2006 14.41 438.359 MotiveSB.exe
1 File 438.359 byte
3 Directory 10.865.856.512 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 78BA-998B

Directory di C:\PROGRA~1\FILECO~1\SYMANT~1\BAK

0 File 0 byte
2 Directory 10.865.856.512 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 78BA-998B

Directory di C:\PROGRA~1\SITEAD~1\6253\BAK

18/11/2006 13.46 35.928 SiteAdv.exe
1 File 35.928 byte
2 Directory 10.865.856.512 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 78BA-998B

Directory di C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\BAK

16/02/2005 15.15 81.920 issch.exe
16/02/2005 15.15 221.184 ISUSPM.exe
2 File 303.104 byte
2 Directory 10.865.856.512 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 78BA-998B

Directory di C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK

25/09/2007 00.11 132.496 jusched.exe
1 File 132.496 byte
2 Directory 10.865.856.512 byte disponibili

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

282624 1 Sep 2006 "C:\Programmi\QuickTime\qttask.exe"
282624 25 Oct 2006 "C:\Programmi\QuickTime\bak\qttask.exe"
14348 3 Jan 2008 "C:\Programmi\Windows Media Player\WMPNSCFG.exe"
204288 2 Nov 2006 "C:\Programmi\Windows Media Player\bak\WMPNSCFG.exe"
15360 19 Aug 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 19 Aug 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
14348 3 Jan 2008 "C:\Programmi\Alice ti aiuta\SmartBridge\MotiveSB.exe"
438359 21 Apr 2006 "C:\Programmi\Alice ti aiuta\SmartBridge\bak\MotiveSB.exe"
480 28 Dec 2007 "C:\Programmi\Alice ti aiuta\SmartBridge\log\httpclient.log"
0 14 Jan 2008 "C:\Programmi\Alice ti aiuta\SmartBridge\bak\log\httpclient.log"
14348 3 Jan 2008 "C:\Programmi\SiteAdvisor\6253\SiteAdv.exe"
35928 18 Nov 2006 "C:\Programmi\SiteAdvisor\6253\bak\SiteAdv.exe "
14348 3 Jan 2008 "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe"
81920 16 Feb 2005 "C:\Programmi\File comuni\InstallShield\UpdateService\bak\issch.exe"
14348 3 Jan 2008 "C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe"
221184 16 Feb 2005 "C:\Programmi\File comuni\InstallShield\UpdateService\bak\ISUSPM.exe"
132496 12 Jul 2007 "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe "
14348 3 Jan 2008 "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe "
132496 25 Sep 2007 "C:\Programmi\Java\jre1.6.0_03\bin\bak\jusched.exe "

end of report

Grazie! :-)

**Anakonda** · 20-01-2008, 20:18

Prova in questo modo

In particolare dovete dapprima eliminare gli .exe infetti scrivendo, ad esempio:

Files o registry values to delete:
[percorso]per questo dovete eliminare alcune voci tipiche di questo dialer scrivendo:

Registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | crtfmon

Files to delete:
C:\WINDOWS\system32\perfc000.dat Adesso, non ci resta, sempre tramite lo stesso script di Avenger, che ripristinare i file .exe nella loro posizioni, associati alle applicazioni corrette. Per farlo dobbiamo prima specificare dove andare a prendere il file giusto. Immediatamente sotto al testo scritto prima, quindi, e sempre seguendo la scansione di AWF, indicate, stavolta con la directory BAK inclusa, il percorso da cui prendere il file, preceduto da "Files to move:"

Files to move:
C:\WINDOWS\SYSTEM32\BAK\hkcmd.exe
e aggiungiamo, con il tag detto "Pipe" cioè "|", il percorso dove il file dovrà andare, cioè

Files to move:
C:\WINDOWS\SYSTEM32\BAK\hkcmd.exe | C:\WINDOWS\SYSTEM32\hkcmd.exe
In questo modo, tutti i file .exe corrotti verranno dapprima cancellati, e poi sostituiti in modo corretto. Ricordate che dovete spostare con questo meccanismo tutti i file .exe citati da FindAWF sotto la voce Duplicate files of bak directory contents

Se non ti è chiaro qualche passaggio...
http://www.alground.com/site/modules...&cod_virus=260

siamo sempre qui

**Deifobe** · 21-01-2008, 01:10

Scarica Scarica Avenger
Eseguilo e seleziona l'opzione "Input Script Manually".
Clicca sulla lente d'ingrandimento e all'interno della finestra "Wiew/edit script", nel box bianco, copia/incolla:

files to delete:
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Alice ti aiuta\SmartBridge\MotiveSB.exe
C:\Programmi\Alice ti aiuta\SmartBridge\log\httpclient.log
C:\Programmi\SiteAdvisor\6253\SiteAdv.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe

files to move:
C:\Programmi\QuickTime\bak\qttask.exe | C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Windows Media Player\bak\WMPNSCFG.exe | C:\Programmi\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\bak\ctfmon.exe | C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Alice ti aiuta\SmartBridge\bak\MotiveSB.exe | C:\Programmi\Alice ti aiuta\SmartBridge\MotiveSB.exe
C:\Programmi\Alice ti aiuta\SmartBridge\bak\log\httpclient.log | C:\Programmi\Alice ti aiuta\SmartBridge\log\httpclient.log
C:\Programmi\SiteAdvisor\6253\bak\SiteAdv.exe | C:\Programmi\SiteAdvisor\6253\SiteAdv.exe
C:\Programmi\File comuni\InstallShield\UpdateService\bak\issch.exe | C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\File comuni\InstallShield\UpdateService\bak\ISUSPM.exe | C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe
C:\Programmi\Java\jre1.6.0_03\bin\bak\jusched.exe | C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe

Clicca sul pulsante "Done", poi sul semaforo verde.
Rispondi 2 volte Yes.
Il pc dovrebbe riavviarsi da solo, altrimenti riavvialo tu.
Posta il report rilasciato caricandolo su Sendmefile e postando il link ottenuto

**Carmy_Na** · 22-01-2008, 20:33

VVoVe: Incredibile!
...per la quarta volta tento di rispondervi...

perché questo dannato dialer mi disconnette di continuo!

In breve:
ho eseguito quanto indicato da Deifobe, ma temo che forse avrei dovuto rifare il LogFile, visto che è potuto essere cambiato dall'ultima volta... :master:

perché lo script che ne è uscito diceva che era impossibile trovare dei files, compreso l'avenger.txt

Che mi dite?... rifaccio tutto da capo?

Resto in linea per la risposta... sperando di non disconnettermi ancora...

Grazie per l'aiuto!

**Carmy_Na** · 22-01-2008, 20:37

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.34.42, on 22/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Symantec\LiveUpdate\AluSchedulerSvc.e xe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\File comuni\Protexis\License Service\PSIService.exe
C:\Programmi\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\snmp.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\SiteAdvisor\6253\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programmi\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programmi\File comuni\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FILECO~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programmi\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Mostra Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programmi\File comuni\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [SiteAdvisor] C:\Programmi\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programmi\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...a/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ControlInstaller Class) - https://www-secure.symantec.com/tech...l/SymAData.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1189824824218
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://marina90italy.spaces.live.com...d/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {CEDDF50D-9FA7-41A8-BCD0-6350D1ED2306} (SecurityManager Class) - http://aiuto.alice.it/ata/static/ins...ller_4-1-5.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...11/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BAFF3ADE-1FE1-42D6-A29A-55B94CAA9667}: NameServer = 85.37.17.9 85.38.28.75
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\AluSchedulerSvc.e xe
O23 - Service: Boonty Games - BOONTY - C:\Programmi\File comuni\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\LuComServer_3_4.E XE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Programmi\File comuni\Protexis\License Service\PSIService.exe
O23 - Service: Servizio SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Programmi\SiteAdvisor\6253\SAService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FILECO~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.e xe

--
End of file - 8897 bytes

**Deifobe** · 22-01-2008, 20:37

non ripetere lo script!
posta il rapporto di avenger (in c:\avenger)

puoi anche postare il lof di Find AWF se vuoi, si..

**Carmy_Na** · 22-01-2008, 20:49

Find AWF report by noahdfear ©2006
Version 1.40

bak folders found
~~~~~~~~~~~

Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 78BA-998B

Directory di C:\PROGRA~1\QUICKT~1\BAK

25/10/2006 18.58 282.624 qttask.exe
1 File 282.624 byte
2 Directory 13.575.184.384 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 78BA-998B

Directory di C:\PROGRA~1\WINDOW~2\BAK

02/11/2006 21.56 204.288 WMPNSCFG.exe
1 File 204.288 byte
2 Directory 13.575.184.384 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 78BA-998B

Directory di C:\WINDOWS\SYSTEM32\BAK

19/08/2004 13.00 15.360 ctfmon.exe
1 File 15.360 byte
2 Directory 13.575.180.288 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 78BA-998B

Directory di C:\PROGRA~1\ALICET~1\SMARTB~1\BAK

21/04/2006 14.41 438.359 MotiveSB.exe
1 File 438.359 byte
3 Directory 13.575.180.288 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 78BA-998B

Directory di C:\PROGRA~1\FILECO~1\SYMANT~1\BAK

0 File 0 byte
2 Directory 13.575.180.288 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 78BA-998B

Directory di C:\PROGRA~1\SITEAD~1\6253\BAK

18/11/2006 13.46 35.928 SiteAdv.exe
1 File 35.928 byte
2 Directory 13.575.180.288 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 78BA-998B

Directory di C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\BAK

16/02/2005 15.15 81.920 issch.exe
16/02/2005 15.15 221.184 ISUSPM.exe
2 File 303.104 byte
2 Directory 13.575.180.288 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 78BA-998B

Directory di C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK

25/09/2007 00.11 132.496 jusched.exe
1 File 132.496 byte
2 Directory 13.575.180.288 byte disponibili

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

282624 1 Sep 2006 "C:\Programmi\QuickTime\qttask.exe"
282624 25 Oct 2006 "C:\Programmi\QuickTime\bak\qttask.exe"
14348 3 Jan 2008 "C:\Programmi\Windows Media Player\WMPNSCFG.exe"
204288 2 Nov 2006 "C:\Programmi\Windows Media Player\bak\WMPNSCFG.exe"
15360 19 Aug 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 19 Aug 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
14348 3 Jan 2008 "C:\Programmi\Alice ti aiuta\SmartBridge\MotiveSB.exe"
438359 21 Apr 2006 "C:\Programmi\Alice ti aiuta\SmartBridge\bak\MotiveSB.exe"
480 28 Dec 2007 "C:\Programmi\Alice ti aiuta\SmartBridge\log\httpclient.log"
0 14 Jan 2008 "C:\Programmi\Alice ti aiuta\SmartBridge\bak\log\httpclient.log"
14348 3 Jan 2008 "C:\Programmi\SiteAdvisor\6253\SiteAdv.exe"
35928 18 Nov 2006 "C:\Programmi\SiteAdvisor\6253\bak\SiteAdv.exe "
14348 3 Jan 2008 "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe"
81920 16 Feb 2005 "C:\Programmi\File comuni\InstallShield\UpdateService\bak\issch.exe"
14348 3 Jan 2008 "C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe"
221184 16 Feb 2005 "C:\Programmi\File comuni\InstallShield\UpdateService\bak\ISUSPM.exe"
132496 12 Jul 2007 "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe "
14348 3 Jan 2008 "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe "
132496 25 Sep 2007 "C:\Programmi\Java\jre1.6.0_03\bin\bak\jusched.exe "

end of report

...spero di non aver combinato guai... :master:
ciao! a dopo...

**Carmy_Na** · 22-01-2008, 20:56

Originariamente inviato da Deifobe
non ripetere lo script!
posta il rapporto di avenger (in c:\avenger)

...lì ho trovato solo il backup zippato
e nell'estralo ed eseguirlo, m'è uscita questa scritta:

(cosa avrò combinato?...) :master:

**Deifobe** · 22-01-2008, 21:27

Riprova a lanciare lo script fatto sopra (devi eseguirlo una volta). Avenger non è stato proprio eseguito..
Prendi nota dei passaggi da fare.
Riguardo il log, dovrai prendere quello in formato txt.
Non preoccuparti per il messaggio.

**Carmy_Na** · 22-01-2008, 21:50

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Service s\mcdinokh

*******************

Script file located at: \??\C:\Program Files\jhpecutb.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Programmi\QuickTime\qttask.exe deleted successfully.
File C:\Programmi\Windows Media Player\WMPNSCFG.exe deleted successfully.
File C:\WINDOWS\system32\ctfmon.exe deleted successfully.
File C:\Programmi\Alice ti aiuta\SmartBridge\MotiveSB.exe deleted successfully.
File C:\Programmi\Alice ti aiuta\SmartBridge\log\httpclient.log deleted successfully.
File C:\Programmi\SiteAdvisor\6253\SiteAdv.exe deleted successfully.
File C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe deleted successfully.
File C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe deleted successfully.
File C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe deleted successfully.
File move operation C:\Programmi\QuickTime\bak\qttask.exe|C:\Programmi \QuickTime\qttask.exe completed successfully.
File move operation C:\Programmi\Windows Media Player\bak\WMPNSCFG.exe|C:\Programmi\Windows Media Player\WMPNSCFG.exe completed successfully.
File move operation C:\WINDOWS\system32\bak\ctfmon.exe|C:\WINDOWS\syst em32\ctfmon.exe completed successfully.
File move operation C:\Programmi\Alice ti aiuta\SmartBridge\bak\MotiveSB.exe|C:\Programmi\Al ice ti aiuta\SmartBridge\MotiveSB.exe completed successfully.
File move operation C:\Programmi\Alice ti aiuta\SmartBridge\bak\log\httpclient.log|C:\Progra mmi\Alice ti aiuta\SmartBridge\log\httpclient.log completed successfully.
File move operation C:\Programmi\SiteAdvisor\6253\bak\SiteAdv.exe|C:\P rogrammi\SiteAdvisor\6253\SiteAdv.exe completed successfully.
File move operation C:\Programmi\File comuni\InstallShield\UpdateService\bak\issch.exe|C :\Programmi\File comuni\InstallShield\UpdateService\issch.exe completed successfully.
File move operation C:\Programmi\File comuni\InstallShield\UpdateService\bak\ISUSPM.exe| C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe completed successfully.
File move operation C:\Programmi\Java\jre1.6.0_03\bin\bak\jusched.exe| C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe completed successfully.

Completed script processing.

*******************

Finished! Terminate.

ecco! spero che così vada bene... :master:

Discussione: Help! Internet Connection

Strumenti discussione

Ricerca discussione

Visualizza

Help! Internet Connection

Permessi di invio