Utility
Home Messaggi odierni FAQ Ricerca avanzata Lo staff del forum Regolamento Utenti Archivio
Pagina 1 di 4 1 2 3 ... ultimoultimo
Visualizzazione dei risultati da 1 a 10 su 38
  1. 25-11-2007, 23:16 #1
    picchiogol
    picchiogol non è in linea
    Utente di HTML.it
    Registrato dal
    Nov 2007
    Messaggi
    21

    gravi problemi al mio pc..per favore analizzate!!

    Preso il virus da msn....ma credo non solo...visto che mi si aprono in continuazione pagine indesiderate...niente porno..ma casinò, ecc...e addirittura anche e-bay!!
    di seguito il mio log (premetto che sono un neofita...quindi vi prego di spiegarmi passo passo cosa devo fare)....vi ringrazio anticipatamente:

    Logfile of HijackThis v1.99.1
    Scan saved at 22.07.46, on 26/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\VEXPLITE\viritsvc.exe
    C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Programmi\File comuni\Symantec Shared\Security Center\SymSCUI.exe
    C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Programmi\Java\jre1.5.0\bin\jusched.exe
    C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
    C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Programmi\iTunes\iTunesHelper.exe
    C:\Programmi\QuickTime\qttask.exe
    C:\Program Files\D-Link\DSL-200\dslstat.exe
    C:\Program Files\D-Link\DSL-200\dslagent.exe
    C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
    C:\WINDOWS\system32\cmosvc.exe
    C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Programmi\iPod\bin\iPodService.exe
    C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
    C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
    C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Programmi\WinZip\WZQKPICK.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_SICN0 3.EXE
    C:\Programmi\Internet Explorer\iexplore.exe
    C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Programmi\Internet Explorer\iexplore.exe
    C:\Programmi\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\explorer.exe
    C:\Programmi\Internet Explorer\iexplore.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\Documents and Settings\PAOLO CHESSA\Impostazioni locali\Temp\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://arianna.libero.it
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0\bin\jusched.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
    O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Task Alert] cmosvc.exe
    O4 - HKLM\..\Run: [NI.UGA6P_0001_N122M2210] "C:\DOCUME~1\PAOLOC~1\IMPOST~1\Temp\qrjatydi.e xe"
    O4 - HKLM\..\Run: [4349895a] rundll32.exe "C:\WINDOWS\system32\exnjxgiw.dll",b
    O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BestsellerAntivirus] C:\Programmi\BestsellerAntivirus\pgs.exe /min
    O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0 3.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=Q105&bd=pavili on&pf=laptop
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
    O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2B9932CB-0BDA-4EEC-9AA9-0B33BAB4E874}: NameServer = 193.12.150.2 212.247.152.2
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3326F2B5-FF60-43CB-BD87-AF7B0F2C37DB}: NameServer = 192.168.0.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{2B9932CB-0BDA-4EEC-9AA9-0B33BAB4E874}: NameServer = 193.12.150.2 212.247.152.2
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00862BF.dat
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\SHARED\HPQWMI.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
    Rispondi quotando Rispondi quotando
  2. 25-11-2007, 23:32 #2
    OYS
    OYS non è in linea
    Utente di HTML.it L'avatar di OYS
    Registrato dal
    Apr 2006
    Messaggi
    3,142
    1) Avvia hijackthis, premi do a system scan only poi selezioni le voci seguenti, e premi fi checked in basso a sinistra:


    O4 - HKLM\..\Run: [Task Alert] cmosvc.exe

    O4 - HKLM\..\Run: [NI.UGA6P_0001_N122M2210]C:\DOCUME~1\PAOLOC~1\IMPOST~1\Temp\qrjatydi.exe"

    O4 - HKLM\..\Run: [4349895a] rundll32.exe "C:\WINDOWS\system32\exnjxgiw.dll",b

    O4 - HKCU\..\Run: [BestsellerAntivirus] C:\Programmi\BestsellerAntivirus\pgs.exe /min

    O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00862BF.dat



    2) Scarica http://swandog46.geekstogo.com/avenger.zip

    clicca su input script manually e poi sulla lente di ingrandimento.
    nello spazio bianco inserisci con copia incolla tutta la parte in verde:


    files to delete:
    C:\WINDOWS\system32\__c00862BF.dat
    C:\WINDOWS\system32\cmosvc.exe
    C:\WINDOWS\system32\exnjxgiw.dll
    C:\DOCUME~1\PAOLOC~1\IMPOST~1\Temp\qrjatydi.exe

    folders to delete:
    C:\Programmi\BestsellerAntivirus\


    clicca su done.
    poi sul semaforo con luce verde
    due volte si, il pc si riavviera' e al ritorno posta il log di avenger (C:/avenger.txt).

    3) Riposta un nuovo log di HijackThis.
    Internet Assigned Numbers Authority
    Rispondi quotando Rispondi quotando
  3. 26-11-2007, 23:03 #3
    picchiogol
    picchiogol non è in linea
    Utente di HTML.it
    Registrato dal
    Nov 2007
    Messaggi
    21
    qusto il log di Avenger:

    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Service s\qtjtccpa

    *******************

    Script file located at: \??\C:\Documents and Settings\wisglmra.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:



    File C:\WINDOWS\system32\__c00862BF.dat not found!
    Deletion of file C:\WINDOWS\system32\__c00862BF.dat failed!

    Could not process line:
    C:\WINDOWS\system32\__c00862BF.dat
    Status: 0xc0000034

    File C:\WINDOWS\system32\cmosvc.exe deleted successfully.


    File C:\WINDOWS\system32\exnjxgiw.dll not found!
    Deletion of file C:\WINDOWS\system32\exnjxgiw.dll failed!

    Could not process line:
    C:\WINDOWS\system32\exnjxgiw.dll
    Status: 0xc0000034



    File C:\DOCUME~1\PAOLOC~1\IMPOST~1\Temp\qrjatydi.exe not found!
    Deletion of file C:\DOCUME~1\PAOLOC~1\IMPOST~1\Temp\qrjatydi.exe failed!

    Could not process line:
    C:\DOCUME~1\PAOLOC~1\IMPOST~1\Temp\qrjatydi.exe
    Status: 0xc0000034

    Folder C:\Programmi\BestsellerAntivirus deleted successfully.

    Completed script processing.

    *******************

    Finished! Terminate.
    Rispondi quotando Rispondi quotando
  4. 26-11-2007, 23:05 #4
    picchiogol
    picchiogol non è in linea
    Utente di HTML.it
    Registrato dal
    Nov 2007
    Messaggi
    21
    ...e questo il nuovo di hijackthis:

    Logfile of HijackThis v1.99.1
    Scan saved at 22.02.17, on 27/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\nasyrssg.exe
    C:\VEXPLITE\viritsvc.exe
    C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programmi\File comuni\Symantec Shared\Security Center\SymSCUI.exe
    C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Programmi\Java\jre1.5.0\bin\jusched.exe
    C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe
    C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
    C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Programmi\iTunes\iTunesHelper.exe
    C:\Programmi\QuickTime\qttask.exe
    C:\Program Files\D-Link\DSL-200\dslstat.exe
    C:\Program Files\D-Link\DSL-200\dslagent.exe
    C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
    C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
    C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
    C:\Programmi\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
    C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
    C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Programmi\WinZip\WZQKPICK.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_SICN0 3.EXE
    C:\Programmi\Internet Explorer\iexplore.exe
    C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\Documents and Settings\PAOLO CHESSA\Impostazioni locali\Temp\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://arianna.libero.it
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0\bin\jusched.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
    O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0 3.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=Q105&bd=pavili on&pf=laptop
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
    O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2B9932CB-0BDA-4EEC-9AA9-0B33BAB4E874}: NameServer = 193.12.150.2 212.247.152.2
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3326F2B5-FF60-43CB-BD87-AF7B0F2C37DB}: NameServer = 192.168.0.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{2B9932CB-0BDA-4EEC-9AA9-0B33BAB4E874}: NameServer = 193.12.150.2 212.247.152.2
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\WINDOWS\system32\__c008831A.dat
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: DomainService - - C:\WINDOWS\system32\nasyrssg.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\SHARED\HPQWMI.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
    Rispondi quotando Rispondi quotando
  5. 26-11-2007, 23:06 #5
    picchiogol
    picchiogol non è in linea
    Utente di HTML.it
    Registrato dal
    Nov 2007
    Messaggi
    21
    si continuano ad aprire pagine!!! .... ma per fortuna bestseller antivirus non c'è piu!! un passo anti...ma ancora qualche probleino a quanto pare
    Rispondi quotando Rispondi quotando
  6. 26-11-2007, 23:10 #6
    OYS
    OYS non è in linea
    Utente di HTML.it L'avatar di OYS
    Registrato dal
    Apr 2006
    Messaggi
    3,142
    In effetti nel log di hijackthis vedo che è rimasto ancora un servizio:


    O23 - Service: DomainService - - C:\WINDOWS\system32\nasyrssg.exe


    Per eliminarlo, start-->esegui--> ora copia incolla uno alla volta i seguenti comandi:


    sc stop DomainService     (invio)
    sc delete DomainService (invio)


    Poi fai qualche scansione con qualche antispyware.
    Internet Assigned Numbers Authority
    Rispondi quotando Rispondi quotando
  7. 27-11-2007, 00:06 #7
    picchiogol
    picchiogol non è in linea
    Utente di HTML.it
    Registrato dal
    Nov 2007
    Messaggi
    21
    Grazie OYS per l'attenzione....ho effettuato i comandi che dici...sto facendo scan con Spybot....
    Pensi che su msn è tutto risolto?....o ancora invio file virus???...grazie
    Rispondi quotando Rispondi quotando
  8. 27-11-2007, 00:15 #8
    OYS
    OYS non è in linea
    Utente di HTML.it L'avatar di OYS
    Registrato dal
    Apr 2006
    Messaggi
    3,142
    Fai una scansione anche con MsnFix, poi dovresti essere ok.
    Internet Assigned Numbers Authority
    Rispondi quotando Rispondi quotando
  9. 27-11-2007, 15:11 #9
    picchiogol
    picchiogol non è in linea
    Utente di HTML.it
    Registrato dal
    Nov 2007
    Messaggi
    21
    Oys...ho fatto la scansione con msnfix come mi hai suggerito...ecco il responso:

    MSNFix 1.589

    C:\Documents and Settings\PAOLO CHESSA\Desktop\file satellite\MSNFix
    Fix effettuato il 28/11/2007 - 14.03.32,62 By PAOLO CHESSA
    modalità normale

    ************************ Cercare i files presenti

    ... C:\DOCUME~1\PAOLOC~1\IMPOST~1\Temp\??.exe
    ... C:\DOCUME~1\PAOLOC~1\IMPOST~1\Temp\image??.zip
    ... C:\DOCUME~1\PAOLOC~1\IMPOST~1\Temp\removalfile.bat

    ************************ MSNCHK ***** /!\ beta test /!\



    ************************ Ricerca le cartelle presenti

    Nessuna cartella trovata




    ************************ Eliminazione dei files

    .. OK ... C:\DOCUME~1\PAOLOC~1\IMPOST~1\Temp\??.exe
    .. OK ... C:\DOCUME~1\PAOLOC~1\IMPOST~1\Temp\image??.zip
    .. OK ... C:\DOCUME~1\PAOLOC~1\IMPOST~1\Temp\removalfile.bat



    ************************ Pulizia del Registro



    ************************ Files sospetti

    /!\ questi files necessitano di un parere esperto prima di qualsiasi intervento

    [C:\PROGRA~1\Install_Messenger.exe] 273DF67A4331E077680ED076C4FA846D
    [C:\PROGRA~1\vlc-0.8.4a-win32.exe] DD366EA17A7AB7C706AEFCC4A068CCA7
    [C:\PROGRA~1\wrar342i.exe] E2231639B965AC13883FDE4A68FE0C0F
    [C:\PROGRA~1\zg602std.exe] F84F7BD08A3DF9D098D32C1A01874A95

    ==> Vi saremo grati se vorrete inviare il file C:\DOCUME~1\PAOLOC~1\Desktop\Upload_Me.zip su http://upload.changelog.fr



    I files e le chiavi di registro eliminati sono stati salvati nel file 28112007_14.05.0387.zip


    ------------------------------------------------------------------------
    Auteur : !aur3n7 Contact: http://changelog.fr
    ------------------------------------------------------------------------

    --------------------------------------------- END ---------------------------------------------



    Che devo fare???? pensi sia tutto ok?
    Rispondi quotando Rispondi quotando
  10. 27-11-2007, 15:22 #10
    OYS
    OYS non è in linea
    Utente di HTML.it L'avatar di OYS
    Registrato dal
    Apr 2006
    Messaggi
    3,142
    Hai una nuova variante del virus.
    Vai qui: http://upload.changelog.fr
    Pseudo metti il tuo nome (nick) od anche il mio se non vuoi mettere il tuo
    In URL metti http://forum.html.it/forum/showthrea...readid=1188833
    In Observation metti "New Variant"
    Clicca Browse e seleziona il file C:\DOCUME~1\PAOLOC~1\Desktop\Upload_Me.zip ed invialo.
    Loro lo analizzeranno e integreranno un aggiornamento con la nuova variante.
    Percui domani fai una nuova scansione e riposta il log.
    Internet Assigned Numbers Authority
    Rispondi quotando Rispondi quotando
« Discussione precedente | Prossima discussione »

Permessi di invio

  • Non puoi inserire discussioni
  • Non puoi inserire repliche
  • Non puoi inserire allegati
  • Non puoi modificare i tuoi messaggi
  •  

Regole del Forum

Powered by vBulletin® Version 4.2.1
Copyright © 2026 vBulletin Solutions, Inc. All rights reserved.