Virus msn

**evariste galois** · 06-08-2008, 22:20

Allora ragazzi io stavo parlando in msn con un contatto e ad un tratto sto messaggiando con un contatto e mi arriva una scritta in inglese e dopo mi compare un file io da coglione l' ho accettato e dopo un po che sono su msn mi spamma questo virus a tutti i contatti e mi si blocca msn ecco io ho fatto la scansione con l' antivirus ma "NESSUN RISCHIO PER LA SICUREZZA DEL TUO COMPUTER TROVATA"

poi ho fatto una scansione col programma HAJACK THIS ora vi posto i risultati trovati
mi potete dire se tra i risultati c'e' il virus??
ecco i risultati:

il messaggio con inclusi i risultati e' troppo lungo quindi ve ne mando un altro con solo i risultati

CIAO

**evariste galois** · 06-08-2008, 22:25

ecco i risultati:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.21.22, on 06/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Symantec\LiveUpdate\AluSchedulerSvc.e xe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\apps\ABoard\ABoard.exe
C:\Programmi\QuickTime\QTTask.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\apps\ABoard\AOSD.exe
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Java\jre1.6.0_01\bin\jucheck.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\PROGRA~1\FILECO~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Windows Live Toolbar\msn_sl.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/webhp?sourceid=...hl=it&ie=UTF-8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.search4top.net/0410/ie.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.d ll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programmi\File comuni\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: UrlHelper Class - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Programmi\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FILECO~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301. 7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll

vi mando un altro messaggio con il continuo della scansione perche' metterla tutta in un solo messaggio e' troppo lungo

**evariste galois** · 06-08-2008, 22:26

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.d ll
O3 - Toolbar: Mostra Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programmi\File comuni\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programmi\BearShare Applications\BearShare MediaBar\BSMediaBar.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe "
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.ex e"
O4 - HKLM\..\Run: [DetectorApp] C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] J:\Pulizia\VRIT\MONLITE.EXE
O4 - HKLM\..\Run: [FASTTRACKPassepartout] C:\WINDOWS\Passepartout.exe -A
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programmi\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Clip Service Manager] clipmg.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe
O4 - HKCU\..\Run: [FASTTRACKPassepartout] C:\WINDOWS\Passepartout.exe -A
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download by YouTube Robot - res://C:\Programmi\YouTubeRobot\RobotExt.ocx/LINK.HTM
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {16930DCA-0910-4C00-86FF-0C73872D4ABA} - javascript:window.location.href="http://www.scaricandomp3.com/link/" (file missing)
O9 - Extra 'Tools' menuitem: Scaricando MP3 - {16930DCA-0910-4C00-86FF-0C73872D4ABA} - javascript:window.location.href="http://www.scaricandomp3.com/link/" (file missing)
O9 - Extra button: Scaricando MP3 - {810B72CB-566A-409B-B6A3-31F720C16FAE} - C:\WINDOWS\system32\Scaricando MP3 (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {A2199168-22AC-44A3-BA5F-8A83E693FEBF} - javascript:window.location.href="http://www.cercasulweb.com/itmp3/" (file missing)
O9 - Extra 'Tools' menuitem: Cersa Sul Web - {A2199168-22AC-44A3-BA5F-8A83E693FEBF} - javascript:window.location.href="http://www.cercasulweb.com/itmp3/" (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ScaricaMP3 - {EF6D6AE3-2625-40D6-A5AB-920DFD2DAF8C} - D:\Documents and Settings\francesco\Dati applicazioni\ScaricaMP3.exe (file missing)
O9 - Extra button: Cersa Sul Web - {F4445FEB-6D20-47CB-9ACF-9D142A7F680A} - C:\WINDOWS\system32\Cersa Sul Web (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\it.htm
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/.../GAME_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-c13390a1eb5870c6.spaces.l...d/MsnPUpld.cab
O16 - DPF: {95B187DB-43C8-4AC7-AF7F-C93B79D21F1A} - http://www.nochedeocio.com/wwwsearch/MSCTX32.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3DEA1FF0-CA58-4295-93DC-9C901CB9E73E}: NameServer = 85.37.17.52 85.38.28.92
O17 - HKLM\System\CS1\Services\Tcpip\..\{3DEA1FF0-CA58-4295-93DC-9C901CB9E73E}: NameServer = 85.37.17.52 85.38.28.92
O17 - HKLM\System\CS3\Services\Tcpip\..\{3DEA1FF0-CA58-4295-93DC-9C901CB9E73E}: NameServer = 85.37.17.52 85.38.28.92
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\AluSchedulerSvc.e xe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\LuComServer_3_4.E XE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - /service, (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FILECO~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.e xe
O23 - Service: Virit eXplorer Lite (viritsvclite) - Unknown owner - J:\Pulizia\VRIT\viritsvc.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O24 - Desktop Component 0: (no name) - http://upload.wikimedia.org/wikipedi...AL_Ferrara.gif

--
End of file - 14670 bytes

**Deifobe** · 06-08-2008, 23:20

Esegui Hijackthis, clicca sul tasto "Do a system scan only", spunta le seguenti voci e clicca su "fix Checked"

O4 - HKLM\..\Run: [Clip Service Manager] clipmg.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [FASTTRACKPassepartout] C:\WINDOWS\Passepartout.exe -A
O9 - Extra button: (no name) - {16930DCA-0910-4C00-86FF-0C73872D4ABA} - java-script:window.location.href="http://www.scaricandomp3.com/link/" (file missing)
O9 - Extra 'Tools' menuitem: Scaricando MP3 - {16930DCA-0910-4C00-86FF-0C73872D4ABA} - java-script:window.location.href="http://www.scaricandomp3.com/link/" (file missing)
O9 - Extra button: Scaricando MP3 - {810B72CB-566A-409B-B6A3-31F720C16FAE} - C:\WINDOWS\system32\Scaricando MP3 (file missing)
O9 - Extra button: (no name) - {A2199168-22AC-44A3-BA5F-8A83E693FEBF} - java-script:window.location.href="http://www.cercasulweb.com/itmp3/" (file missing)
O9 - Extra 'Tools' menuitem: Cersa Sul Web - {A2199168-22AC-44A3-BA5F-8A83E693FEBF} - java-script:window.location.href="http://www.cercasulweb.com/itmp3/" (file missing)
O9 - Extra button: ScaricaMP3 - {EF6D6AE3-2625-40D6-A5AB-920DFD2DAF8C} - D:\Documents and Settings\francesco\Dati applicazioni\ScaricaMP3.exe (file missing)
O9 - Extra button: Cersa Sul Web - {F4445FEB-6D20-47CB-9ACF-9D142A7F680A} - C:\WINDOWS\system32\Cersa Sul Web (file missing)
O16 - DPF: {95B187DB-43C8-4AC7-AF7F-C93B79D21F1A} - http://www.nochedeocio.com/wwwsearch/MSCTX32.cab
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - /service, (file missing)

questa è tua? se no, fixala:
O24 - Desktop Component 0: (no name) - http://upload.wikimedia.org/wikiped...PAL_Ferrara.gif

poi, scarica MSNFix
Scompatta MSNFix in una tua cartella creata in c:\programmi.
Inizialmente devi rispondere con I e invio - R (ricerca) e invio. Se rileva l'infezione, dovrai digitare anche A, R, e Q per terminarlo (ad ogni comando, dai l'invio). Alla fine della scansione troverai un file di testo e un file zip (quest'ultimo dovrai eliminarlo).
Posta il file di testo.

edit: Elimina i files:
C:\WINDOWS\Passepartout.exe
e trova ed elimina anche il file clipmg.exe .

scarica Registry Search Tool, eseguilo e cerca
FASTTRACK
netvision
Passepartout.

Posta i risultati.

usa la funzione cerca di windows e dimmi se e dove trova i files FASTTRACK, netvision e Passepartout.

Poi,.. una cosa che non capisco... usi virit?
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] J:\Pulizia\VRIT\MONLITE.EXE
il nome VRIT alla catella glielo hai dato tu?

**evariste galois** · 06-08-2008, 23:22

Originariamente inviato da Deifobe
Esegui Hijackthis, clicca sul tasto "Do a system scan only", spunta le seguenti voci e clicca su "fix Checked"

questa è tua? se no, fixala:
O24 - Desktop Component 0: (no name) - http://upload.wikimedia.org/wikiped...PAL_Ferrara.gif

poi, scarica MSNFix
Scompatta MSNFix in una tua cartella creata in c:\programmi.
Inizialmente devi rispondere con I e invio - R (ricerca) e invio. Se rileva l'infezione, dovrai digitare anche A, R, e Q per terminarlo (ad ogni comando, dai l'invio). Alla fine della scansione troverai un file di testo e un file zip (quest'ultimo dovrai eliminarlo).
Posta il file di testo.

grazie 1000 per l' informazione ora provo
comunque forza spal

**Deifobe** · 06-08-2008, 23:32

ok. tra qualche minuto ti inserisco un'altra nota (modifico il post).. così ti lascio tutte le ricerche da fare

ciao

**evariste galois** · 06-08-2008, 23:48

Originariamente inviato da Deifobe
Poi,.. una cosa che non capisco... usi virit?
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] J:\Pulizia\VRIT\MONLITE.EXE
il nome VRIT alla catella glielo hai dato tu?

VIRT come antivirus?

**Deifobe** · 07-08-2008, 22:36

si si, VirIt .. solo che a te la cartella di installazione si chiama VRIT...
mi sa che l'hai chiamata tu così...

**evariste galois** · 11-08-2008, 02:06

Originariamente inviato da Deifobe
si si, VirIt .. solo che a te la cartella di installazione si chiama VRIT...
mi sa che l'hai chiamata tu così...

A podarsi comunque io come antivirus uso norton

Discussione: Virus msn

Strumenti discussione

Ricerca discussione

Visualizza

Virus msn

Permessi di invio