trojan.lootseek.av, msrpc srvsvc net api e problemi con gli allegati

**johnlong** · 29-09-2006, 19:19

ciao,
Norton mi continua ad avvisare per gli attacchi di questi due: trojan.lootseek.av e msrpc srvsvc net api. In più non posso più spedire allegati con l'e-mail, quando lo faccio ad esempio inviando un file Word da 200k arriva solo un piccolo file da 2k o simile. Non uso Outlook e il problema si verifica su più caselle diverse. I due problemi sono collegati?
ho fatto una scansione con "Panda" la posso postare? o posto il file di Hijackthis?

**LUCASS** · 29-09-2006, 19:20

Ciao

Posta entrambi sia Hijackthis che Panda

Grazie

**johnlong** · 30-09-2006, 00:07

ciao
ecco qua:

Logfile of HijackThis v1.99.1
Scan saved at 0.05.26, on 30/09/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\ewido anti-spyware 4.0\ewido.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.0.720. 3640\GoogleToolbarNotifier.exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.e xe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Programmi\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.0.720. 3640\GoogleToolbarNotifier.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A91DEB0D-AD0D-453E-9AC8-60178EC24212} (VPlayer Control) - http://www.bigad.com.au/player/vivid_ocx.jpeg
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.e xe

**johnlong** · 30-09-2006, 00:26

e panda:

Incident Statut Analyse

Adware:Adware/StartPage.ATU No Désinfecté C:\dc++\#005 Giochi-prog-cod\CoDeCrock_div3_xvid_dx50.zip[xvid.mpeg-4.video.codec.v.2.1 (xvid divx dx50).exe]
Adware:Adware/StartPage.ATU No Désinfecté C:\dc++\#005 Giochi-prog-cod\xvid.mpeg-4.video.codec.v.2.1 (xvid divx dx50).exe
Spyware:Cookie/Tradedoubler No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[.atdmt.com/]
Spyware:Cookie/2o7 No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[.2o7.net/]
Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[.weborama.fr/]
Spyware:Cookie/Statcounter No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[.statcounter.com/]
Spyware:Cookie/Com.com No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[.com.com/]
Spyware:Cookie/Tribalfusion No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Adtech No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[.adtech.de/]
Spyware:Cookie/Mediaplex No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[.mediaplex.com/]
Spyware:Cookie/QuestionMarket No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[.questionmarket.com/]
Spyware:Cookie/onestat.com No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[stat.onestat.com/]
Spyware:Cookie/Falkag No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[as1.falkag.de/]
Spyware:Cookie/cs.sexcounter No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Overture No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[.perf.overture.com/]
Spyware:Cookie/YieldManager No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/RealMedia No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Yadro No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[.yadro.ru/]
Spyware:Cookie/SpyLog No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[.spylog.com/]
Spyware:Cookie/HotLog No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[.hotlog.ru/]
Spyware:Cookie/Reliablestats No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Advertising No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[.advertising.com/]
Spyware:Cookie/Advertising No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[servedby.advertising.com/]
Spyware:Cookie/Advertising No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[.servedby.advertising.com/]
Spyware:Cookie/Advertising No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[.advertising.com/]
Spyware:Cookie/PointRoll No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[.ads.pointroll.com/]

**johnlong** · 30-09-2006, 00:27

Spyware:Cookie/Falkag No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/Falkag No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Maxserving No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[.maxserving.com/]
Spyware:Cookie/FastClick No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[.fastclick.net/]
Spyware:Cookie/Casalemedia No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[.casalemedia.com/]
Spyware:Cookie/BurstNet No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[.burstnet.com/]
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[.xiti.com/]
Spyware:Cookie/QkSrv No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[.qksrv.net/]
Spyware:Cookie/Apmebf No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[.apmebf.com/]
Spyware:Cookie/QkSrv No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[.qksrv.net/]
Spyware:Cookie/Apmebf No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[.apmebf.com/]
Spyware:Cookie/Linksynergy No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[.linksynergy.com/]
Spyware:Cookie/Server.iad.Liveperson No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[server.iad.liveperson.net/hc/34292599]
Spyware:Cookie/Server.iad.Liveperson No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/WUpd No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[.revenue.net/]
Spyware:Cookie/DomainSponsor No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/WebtrendsLive No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Hbmediapro No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/WebtrendsLive No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[statse.webtrendslive.com/S151687]
Spyware:Cookie/Hitslink No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[counter.hitslink.com/]
Spyware:Cookie/Hitbox No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[.hitbox.com/]
Spyware:Cookie/Tickle No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[.tickle.com/]
Spyware:Cookie/Atwola No Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[.atwola.com/]
Spyware:Cookie/RealMediaNo Désinfecté C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\emv2mo84.def ault\cookies.txt[.realmedia.com/]
Dialer:dialer.gycNo Désinfecté C:\Documents and Settings\Administrator\Documenti\exsplorer.lnk
Adware:Adware/SpySheriff No Désinfecté C:\Documents and Settings\Administrator\Impostazioni locali\Temp\2.qtdfmp
Spyware:Cookie/Advnt No Désinfecté C:\Documents and Settings\Administrator\Impostazioni locali\Temp\Cookies\administrator@www.advnt01[1].txt
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Administrator\Impostazioni locali\Temp\Cookies\administrator@xiti[1].txt
Outil indésirable:Application/Psshutdown.A No Désinfecté C:\Documents and Settings\Administrator\Impostazioni locali\Temp\shutdown.exe
Outil indésirable:Application/Pskill.H No Désinfecté C:\Documents and Settings\Administrator\Impostazioni locali\Temp\upd.exe
Virus Eventuel. No Désinfecté C:\Documents and Settings\All Users\Documenti\setup.exe
Adware:adware/azesearch No Désinfecté C:\Documents and Settings\All Users\Menu Avvio\PopUp Blocker.url
Adware:adware/cws.searchmeup No Désinfecté C:\Documents and Settings\All Users\Menu Avvio\Spyware Remover.url
Spyware:Cookie/YieldManager No Désinfecté C:\WINDOWS\system32\config\systemprofile\Cookies\s ystem@ad.yieldmanager[2].txt
Spyware:Cookie/Hbmediapro No Désinfecté C:\WINDOWS\system32\config\systemprofile\Cookies\s ystem@adopt.hbmediapro[2].txt
Spyware:Cookie/Advnt No Désinfecté C:\WINDOWS\system32\config\systemprofile\Cookies\s ystem@www.advnt01[1].txt

**LUCASS** · 30-09-2006, 01:01

Ciao,
Svuota il contenuto della cartella segnata in rosso(non eliminare la cartella)
C:\WINDOWS\system32\config\systemprofile\Cookies <---------

Elimina i files segnati in rosso(se presenti)
C:\Documents and Settings\All Users\Documenti\setup.exe <---------
C:\Documents and Settings\All Users\Menu Avvio\PopUp Blocker.url <---------
C:\Documents and Settings\All Users\Menu Avvio\Spyware Remover.url <---------

Scarica ed installa Ccleaner
http://download.ccleaner.com/ccsetup133.exe
Una volta installato clicca su Opzioni>Avanzate
Togli la spunta dalla casella "Cancella file in windows temp solo se + vecchi di 48 ore"
Chiudi tutti i programmi riapri Cclener e clicca su "Avvia Ccleaner"
Attendi la fine della pulizia

Scarica l'archivio sul desktop
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Decomprimi l'archivio,apri la cartella SmitfraudFix
Esegui il file smitfraudfix.cmd
Ti si apre una finestra dos
Dove lampeggia il cursore digita 2 e dai un invio
Alla domanda Do you want to clean the registry?
Digita Y e dai un invio
Alla successiva domanda Replace infected file?
Digita Y e dai un invio

Attendi la fine della scansione e riavvia il pc
Gentilmente posta il contenuto del file C:\rapport.txt

**johnlong** · 30-09-2006, 02:20

Ciao,
grazie anzitutto per la veloce risposta. Ho fatto come hai detto ma al momento della domanda "Do you want to clean the registry?" parte la pulitura disco di Windows e si blocca. Vedo sul task manager che l'applicazione prende il 100% di cpu e così rimane anche quando il prog. sembra aver finito e mostra il rapporto che ti posto qui sotto.
La seconda domanda non la fa. Ho anche riavviato ma ha fatto la stessa cosa.

SmitFraudFix v2.102

Scan done at 2.04.25,57, 30/09/2006
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\Smitfr audFix
OS: Microsoft Windows XP [Versione 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

**johnlong** · 30-09-2006, 11:56

Allora,
ho risolto il blocco della pulitura disco cancellando una chiave di registro seguendo la procedura di microsoft. Ora funziona ma il smitfraudfix continua a non fare la seconda domanda. Da Norton
trojan.lootseek.av non è più comparso, per ora, ma msrpc srvsvc net api invece si.

Soprattutto continuo a non poter allegare file alle e-mail il che è un bel problema.

ciao

**johnlong** · 30-09-2006, 12:29

per questo problema dell'email faccio un altro post che magari è una cosa indipendente...

**johnlong** · 30-09-2006, 13:06

Ora mi compare pure questo:

MS ASN1 Integer Overflow TCP

VVoVe:

Discussione: trojan.lootseek.av, msrpc srvsvc net api e problemi con gli allegati

Strumenti discussione

Ricerca discussione

Visualizza

trojan.lootseek.av, msrpc srvsvc net api e problemi con gli allegati

Ancora problemi

MS ASN1 Integer Overflow TCP

Permessi di invio