Visualizzazione dei risultati da 1 a 10 su 10
  1. #1

    privacy protection e system alert

    Ciao a tutti, ho un virus o più di uno, non so!
    allora, mi compare di continuo un messagio "System alert" e conteporaneamente parte il browser di internet explorer con dei siti che mi consigliano di comprare un antivisurs(dai nomi inequivocabili).
    Poi, lo sfondo del desktop è cambiato, sfondo rosso con al centro la scritta "privacy protection".
    ho fatto gia delel scansioni e cercato di eliminare i file che smit...ha trovato...ma niente da fare! tutto torna come prima appena mi collego ad internet!
    ho fatto la scansione anche con hijickthis, ma non so che file cancellare, non vorrei cancellare dei file vitali!
    chi mi aiuta?
    vi posto le scansioni?
    ciaoo

  2. #2
    Utente bannato
    Registrato dal
    Jun 2007
    Messaggi
    3,899
    si, posta le scansioni...
    e instanto dai anche un'occhiata qui...:

    http://forum.html.it/forum/showthrea...readid=1114571

    vedi se risolvi intanto....altrimenti posta le scansioni....


  3. #3
    ciao e benvenuto.per prima cosa,fai queste operazioni:
    1)posta il log di hijackthis,per come farlo,vai sulla guida rimozione malware su in alto nel forum sicurezza e leggi attentamente il punto 4.
    2)scaricati virit da qui---> http://www.tgsoft.it/files/vnlt6195.exe
    clicca su esegui e avva l'insallazione.fara subito lo scan della memoria,poi devi mettere il disco che vuoi controllare e metti sopra su ricerca.
    attende e rimuove i virus automaticamente.quando ha finito,posta il log.devi cliccare sulla forma di quaderno nel menu alto di virit.
    @ste-95
    strano che kaspersky non l'ho hai messo in mezzo stavolta.dovrebe averti come sponsor.

  4. #4

    scansione smitfradfix

    questi sono le scansioni, in ordine Smitfraudfix, non mi fa vedere i risultati della scansione! l'ultima risale ad un paio di giorni fa. invece con hijackthis non ho problemi, l'ultima scansione l'ho fatta poche ore fa (la copio nel post successivo).
    SmitFraudFix v2.195

    Scan done at 21.21.52,09, 25/06/2007
    Run from C:\Documents and Settings\user\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Versione 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
    C:\Programmi\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\pctspk.exe
    C:\NORMAN\Nvc\BIN\ZLH.EXE
    C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Programmi\Ahead\InCD\InCD.exe
    C:\Programmi\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe
    C:\Programmi\Java\j2re1.4.2_06\bin\jusched.exe
    C:\programmi\verbatim store n go\verbatim store 'n' go.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
    C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S 2.EXE
    C:\Programmi\FlyNet\CnxDslTb.exe
    C:\Programmi\File comuni\Real\Update_OB\realsched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Programmi\QuickTime\qttask.exe
    C:\Programmi\iTunes\iTunesHelper.exe
    C:\Programmi\MSN Messenger\MsnMsgr.Exe
    C:\Programmi\Spyware Doctor\SDTrayApp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\Steganos 3\Steganos3.exe
    C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128 .5462\GoogleToolbarNotifier.exe
    C:\Programmi\Skype\Phone\Skype.exe
    C:\Programmi\Sitecom\Software Bluetooth\BTTray.exe
    C:\Programmi\CONITECH\CN405WLUSB54.exe
    C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
    C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
    C:\Programmi\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Programmi\WinZip\WZQKPICK.EXE
    C:\Programmi\Sitecom\Software Bluetooth\bin\btwdins.exe
    C:\Programmi\Ahead\InCD\InCDsrv.exe
    C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
    C:\Programmi\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Norman\NVC\BIN\Zanda.exe
    C:\Programmi\Retrospect\Retrospect 7.5\retrorun.exe
    C:\NORMAN\Nvc\BIN\NYMSE.EXE
    C:\NORMAN\Nvc\BIN\NIP.EXE
    C:\Programmi\Spyware Doctor\svcntaux.exe
    C:\Programmi\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\Skype\Plugin Manager\skypePM.exe
    C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
    C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
    C:\Programmi\iPod\bin\iPodService.exe
    C:\NORMAN\Nvc\BIN\nvcoas.exe
    C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
    C:\NORMAN\Nvc\BIN\nipsvc.exe
    C:\NORMAN\Nvc\BIN\NJEEVES.EXE
    C:\NORMAN\Nvc\BIN\cclaw.exe
    C:\DOCUME~1\user\IMPOST~1\Temp\start.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programmi\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\cmd.exe
    C:\Programmi\Internet Explorer\IEXPLORE.EXE

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    C:\WINDOWS\privacy_danger FOUND !
    C:\WINDOWS\xpupdate.exe FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\user


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\user\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\user\PREFER~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop

    C:\DOCUME~1\user\Desktop\Error Cleaner.url FOUND !
    C:\DOCUME~1\user\Desktop\Privacy Protector.url FOUND !
    C:\DOCUME~1\user\Desktop\Spyware?Malware Protection.url FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Programmi


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

    HKLM\SOFTWARE\WinHound.com FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="file:///C:/DOCUME~1/user/IMPOST~1/Temp/msohtml1/01/clip_image001.jpg"
    "SubscribedURL"="file:///C:/DOCUME~1/user/IMPOST~1/Temp/msohtml1/01/clip_image001.jpg"
    "FriendlyName"=""

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Pagina iniziale corrente"

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Rustock



    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: CONITECH IEEE 802.11g Wireless Network USB Adapter - Miniport dell'Utilità di pianificazione pacchetti
    DNS Server Search Order: 192.168.2.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{6E4CEF07-BF8D-40B0-A0F0-FDBDC1196944}: DhcpNameServer=192.168.2.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{6E4CEF07-BF8D-40B0-A0F0-FDBDC1196944}: DhcpNameServer=192.168.2.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{6E4CEF07-BF8D-40B0-A0F0-FDBDC1196944}: DhcpNameServer=192.168.2.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End

  5. #5

    scansione hijackthis (prima parte)

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 13.31.13, on 28/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
    C:\Programmi\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\Sitecom\Software Bluetooth\bin\btwdins.exe
    C:\Programmi\Ahead\InCD\InCDsrv.exe
    C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
    C:\Norman\NVC\BIN\Zanda.exe
    C:\Programmi\Retrospect\Retrospect 7.5\retrorun.exe
    C:\Programmi\Spyware Doctor\svcntaux.exe
    C:\Programmi\Spyware Doctor\swdsvc.exe
    C:\Programmi\Spyware Doctor\SDTrayApp.exe
    C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
    C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
    C:\NORMAN\Nvc\BIN\NJEEVES.EXE
    C:\NORMAN\Nvc\BIN\nvcoas.exe
    C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
    C:\NORMAN\Nvc\BIN\nipsvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\NORMAN\Nvc\BIN\ZLH.EXE
    C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkUFind.exe
    C:\NORMAN\Nvc\BIN\NYMSE.EXE
    C:\NORMAN\Nvc\BIN\NIP.EXE
    C:\Programmi\Ahead\InCD\InCD.exe
    C:\NORMAN\Nvc\BIN\cclaw.exe
    C:\Programmi\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe
    C:\Programmi\Java\j2re1.4.2_06\bin\jusched.exe
    C:\programmi\verbatim store n go\verbatim store 'n' go.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
    C:\Programmi\Microsoft AntiSpyware\gcasDtServ.exe
    C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
    C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S 2.EXE
    C:\Programmi\FlyNet\CnxDslTb.exe
    C:\Programmi\File comuni\Real\Update_OB\realsched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Programmi\MSN Messenger\MsnMsgr.Exe
    C:\Programmi\QuickTime\qttask.exe
    C:\Programmi\iTunes\iTunesHelper.exe
    C:\Programmi\Steganos 3\Steganos3.exe
    C:\Programmi\iPod\bin\iPodService.exe
    C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128 .5462\GoogleToolbarNotifier.exe
    C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Programmi\Sitecom\Software Bluetooth\BTTray.exe
    C:\Programmi\CONITECH\CN405WLUSB54.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\WinZip\WZQKPICK.EXE
    C:\Programmi\Yahoo!\Messenger\ymsgr_tray.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programmi\Internet Explorer\iexplore.exe
    C:\Programmi\Spyware Doctor\swdoctor.exe
    C:\Programmi\Internet Explorer\iexplore.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\Documents and Settings\user\Impostazioni locali\Temp\HiJackThis_v2.exe
    C:\Documents and Settings\user\Desktop\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gomyron.com/NjU2NA==/2/3560/homepage/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = 192.168.2.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.d ll
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {26182CEA-6E4D-48F3-A886-34AE25B30D88} - C:\WINDOWS\system32\gmpj.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSVPS System - {A1770FD6-A7CB-44DA-AD2C-692D2A2B521B} - C:\WINDOWS\vpsnetwork.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.d ll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [OdTray.exe] "C:\Programmi\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Verbatim Store 'n' G] c:\programmi\verbatim store n go\verbatim store 'n' go.exe sys_auto_run C:\Programmi\Verbatim Store N Go
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [kie72alp] C:\WINDOWS\system32\kie72alp.exe
    O4 - HKLM\..\Run: [MNI.UWFX5T_0001_LP1710] "C:\Documents and Settings\user\Impostazioni locali\Temporary Internet Files\Content.IE5\YFA7ETQR\WinFixer2005ScannerInst allITA[1].exe"
    O4 - HKLM\..\Run: [VF0070 STISvc] RunDLL32.exe V0070Pin.dll,RunDLL32EP 513
    O4 - HKLM\..\Run: [gcasServ] "C:\Programmi\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S 2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
    O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\FlyNet\CnxDslTb.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SDTray] "C:\Programmi\Spyware Doctor\SDTrayApp.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Steganos3] C:\Programmi\Steganos 3\Steganos3.exe /booting
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programmi\Yahoo!\Messenger\YahooMessenger. exe" -quiet
    O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128 .5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: CN405WLUSB54 Utility LAN wireless.lnk = ?
    O4 - Global Startup: LG SyncManager.lnk = C:\Programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\Sitecom\Software Bluetooth\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesit.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesit.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Sitecom\Software Bluetooth\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Sitecom\Software Bluetooth\btsendto_ie.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll

  6. #6

    scansione hijackthis (seconda parte)

    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/re...s/MSNPUpld.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1144849011346
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/z...ylomloader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
    O21 - SSODL: vpssup - {86D47F4E-7882-486D-89CB-85CD0FE7DD3D} - C:\WINDOWS\vpssup.dll
    O21 - SSODL: expro - {71705237-7158-4D3E-85A4-B23349C9F942} - C:\WINDOWS\expro.dll
    O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\Sitecom\Software Bluetooth\bin\btwdins.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Programmi\Ahead\InCD\InCDsrv.exe
    O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe
    O23 - Service: Norman NJeeves - Unknown owner - C:\NORMAN\Nvc\BIN\NJEEVES.EXE
    O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\NVC\BIN\Zanda.exe
    O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
    O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
    O23 - Service: Odyssey Client (odClientService) - Funk Software, Inc. - C:\Programmi\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
    O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\Programmi\Retrospect\Retrospect 7.5\retrorun.exe
    O23 - Service: Retrospect Helper - EMC Corporation - C:\Programmi\Retrospect\Retrospect 7.5\rthlpsvc.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Programmi\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\swdsvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\Sptisrv.exe

    --
    End of file - 17269 bytes


    questo è tutto!

    Sono grave?
    Ciaoo

  7. #7
    procedi con virit che ho messo sopra.

  8. #8

    Grazie!

    Grazie per il benvenuto!
    sto facendo la scansione con virit! Attendo pazientemente sperando ceh virus e mal di testa spariscano contemporaneamente! Sono tre quattro giorni che...
    Il quaderno che dici ha un punto interrogativo sopra?
    Grazie anche per l'aiuto!

  9. #9

    scansione virit

    posto la scansione di virit!


    VirIT eXplorer Lite Log

    [SCANSIONE DELLA MEMORIA]
    OK
    --------------------------------------------------------
    28/06/2007 - 17:36:41

    [SCANSIONE DEL REGISTRO]
    {07B18EA9-A523-4961-B6BB-170DE4475CCA} Infetto da BHO.MyWebSearch.B
    * * * RIMOSSO * * *
    {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} Infetto da BHO.Softomate.D
    * * * RIMOSSO * * *
    {f250d521-225d-4d6b-8829-e064f944e180} Infetto da BHO.Agent.BM
    * * * RIMOSSO * * *

    [C:]
    MASTER BOOT RECORD: OK
    BOOT SECTOR: OK

    C:\Documents and Settings\user\Dati applicazioni\Microsoft\Internet Explorer\Quick Launch\exsplorer.lnk Infetto da Trojan.Win32.Agent.SP
    * * * RIMOSSO * * *
    C:\Documents and Settings\user\Menu Avvio\exsplorer.lnk Infetto da Trojan.Win32.Agent.SP
    * * * RIMOSSO * * *
    C:\Documents and Settings\user\Preferiti\exsplorer.lnk Infetto da Trojan.Win32.Agent.SP
    * * * RIMOSSO * * *
    C:\Programmi\Microsoft AntiSpyware\Quarantine\4DDE01E2-DC9D-4F13-AF4D-3C334D\694C8FEF-17A0-47EA-951F-6B0E92 Infetto da Trojan.Win32.Hotbar.Y
    Contattare il Supporto Tecnico TG Soft
    C:\WINDOWS\system32\fwaa.dll Infetto da BHO.Agent.BM
    * * * RIMOSSO * * *

    Chiavi Registro infette: 3.
    Files Infetti: 5.
    Files Sospetti: 0.
    Files Analizzati: 95641.
    Files Totali: 95641.
    Chiavi Registro rimosse: 3.
    Virus Rimossi: 4.

  10. #10

    quanti virus ho???

    ok. in tutto, tra chiavi di registro e file infetti, virit ne ha trovati 8. però ne sono stati rimossi solo 7! giusto?

    sytem alert continua a darmi avvisi! ho voglia di azzannare il monitor del pc...
    però c'è un miglioramento, il browser di internet explorer continua ad aprirsi quando vuole lui...ma almeno la pagina è bianca (prima c'erano proposte di antivirus da comprare..capirai..così ne becco un'altra dozzina!)

    Che faccio? (me sparo mi sembra una battuta troppo facile)

Permessi di invio

  • Non puoi inserire discussioni
  • Non puoi inserire repliche
  • Non puoi inserire allegati
  • Non puoi modificare i tuoi messaggi
  •  
Powered by vBulletin® Version 4.2.1
Copyright © 2026 vBulletin Solutions, Inc. All rights reserved.