local internet

**fuso1** · 21-12-2007, 22:54

raga da un po si e apparsa sta connessione chiamata cosi ogni volta mi fa disconnettere per collegarsi a un num a pagamento... e poi devo aspettare un po prima di ricollegarmi

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.47.02, on 21/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\acs.exe
C:\Programmi\a-squared Anti-Dialer\a2service.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\CPUCooL\CooLSrv.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.e xe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\System32\bcmwltry.exe
c:\programmi\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\WLTRAY.exe
C:\Programmi\Atheros\ACU.exe
C:\Programmi\Launch Manager\LaunchAp.exe
C:\Programmi\Launch Manager\PowerKey.exe
C:\Programmi\Launch Manager\HotkeyApp.exe
C:\Programmi\Launch Manager\OSDCtrl.exe
C:\Programmi\Launch Manager\Wbutton.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\a-squared Anti-Dialer\a2adguard.exe
C:\Programmi\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Ray Adams\ATI Tray Tools\atitray.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Francesco\Documenti\emule\eMule.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Documents and Settings\Francesco\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/webhp?sourceid=...hl=it&ie=UTF-8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programmi\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4D91-8333-CF10577473F7} - C:\Documents and Settings\Francesco\Google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.615. 5858\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY
O4 - HKLM\..\Run: [ACU] C:\Programmi\Atheros\ACU.exe -nogui
O4 - HKLM\..\Run: [LaunchAp] "C:\Programmi\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Programmi\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Programmi\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Programmi\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Programmi\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Programmi\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [a-squared] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe"
O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "C:\Programmi\SpeedBit Video Accelerator\VideoAccelerator.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Programmi\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: MSN Pictures Displayer.lnk = C:\Programmi\MSN Pictures Displayer\MSN Pictures Displayer.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/.../GAME_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-b0d99ece900dfee5.spaces.l...d/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA62974E-CF86-443B-A6F4-1A15BDF80CD4}: NameServer = 213.230.130.222 213.230.155.94
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Dialer\a2service.exe
O23 - Service: Servizio di configurazione Atheros (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Programmi\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - C:\Programmi\CPUCooL\CooLSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\programmi\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.e xe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 12161 bytes

**OYS** · 22-12-2007, 20:07

Log pulito.

Scarica FindAWF, avvialo, scrivi 1, premi invio e al termine posta il log.

**fuso1** · 23-12-2007, 18:50

Find AWF report by noahdfear ©2006

bak folders found
~~~~~~~~~~~

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

end of report

**OYS** · 23-12-2007, 19:32

Scarica SmitFraudFix. Avvialo scrivi 2, quando ti fa una domanda premi y e poi posta il log.

**fuso1** · 25-12-2007, 03:48

SmitFraudFix v2.274

Scan done at 2.37.42,15, 25/12/2007
Run from C:\Documents and Settings\Francesco\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Versione 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\iexplorer.exe Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix.exe by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 213.230.128.222
DNS Server Search Order: 213.230.129.94

HKLM\SYSTEM\CCS\Services\Tcpip\..\{EA62974E-CF86-443B-A6F4-1A15BDF80CD4}: NameServer=213.230.128.222 213.230.129.94
HKLM\SYSTEM\CS1\Services\Tcpip\..\{EA62974E-CF86-443B-A6F4-1A15BDF80CD4}: NameServer=213.230.128.222 213.230.129.94

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

**OYS** · 25-12-2007, 11:06

Ha trovato il dns corrotto, e dovrebbe averlo eliminato. Va meglio?

**fuso1** · 25-12-2007, 23:39

no si ricrea sempre

**OYS** · 26-12-2007, 11:15

Fai una scansione con systemscan.
Una volta eseguita la scansione, zippa il file report.txt che c'è nella cartella C:\suspectfile e caricalo su www.savefile.com e scrivi il link che uscirà.

**fuso1** · 29-12-2007, 22:40

ok fatto però il link che mi hai dato non andava qui dovrebbe farti scaricare il file http://www.zshare.net/download/6009179b85fae9/

**OYS** · 30-12-2007, 00:14

Fai start-->cerca, tutti i file e le cartelle, scrivi BAK e posta cosa trova.

Discussione: local internet

Strumenti discussione

Ricerca discussione

Visualizza

local internet

Permessi di invio