posto un log hijack this--ho sicuramente un malware

[ascaso]

Questo PC è sicuramente infetto..mi impedisce di navigare in internet e si sovrapongono diverse connessioni.
Se mi date un occhiata vi ringrazio, così elimino le voci incriminate e do inizio ad un opera di disinfezione.


Logfile of HijackThis v1.98.2
Scan saved at 23.02.41, on 03/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\sdkrx.exe
C:\WINDOWS\System32\services\msxmidi.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Microsoft Hardware\Mouse\point32.exe
C:\PROGRA~1\Save\Save.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system32\crwl.exe
C:\Programmi\ISTsvc\istsvc.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINDOWS\System32\kcouuf.exe
C:\Programmi\BullsEye Network\bin\bargains.exe
C:\Program Files\WindUpdates\WinUpdt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\PROGRA~1\WEATHE~1\Weather.exe
C:\WINDOWS\System32\rundll32.exe
C:\Documents and Settings\Ma\Dati applicazioni\riaa.exe
C:\WINDOWS\System32\rbwuxweb.exe
C:\Programmi\StreamCast\Morpheus\Morpheus.exe
C:\Program Files\WindUpdates\WinKA.exe
C:\Programmi\MightyFax\MFNTCTL.EXE
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\WINDOWS\System32\MOStat.exe
C:\WINDOWS\sllights.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Ma\Documenti\HijackThis1982.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\myfcr.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\myfcr.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\myfcr.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\myfcr.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\myfcr.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\myfcr.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\myfcr.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://searchmyrequest.com/hp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: run=C:\WINDOWS\System32\services\msxmidi.exe
O2 - BHO: twaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\Downloaded Program Files\bridge.dll
O2 - BHO: (no name) - {F5F0086E-C12D-DA23-939A-802FE220ADD3} - C:\WINDOWS\netrb.dll
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Programmi\ISTbar\istbar.dll
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [crwl.exe] C:\WINDOWS\system32\crwl.exe
O4 - HKLM\..\Run: [IST Service] C:\Programmi\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [wmvxgk] C:\WINDOWS\System32\kcouuf.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Programmi\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
O4 - HKLM\..\Run: [xpsystem] C:\WINDOWS\System32\services\msxmidi.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WeatherCast] C:\PROGRA~1\WEATHE~1\Weather.exe /q
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGCOMSERVICE_1048.dll,InstantAccess
O4 - HKCU\..\Run: [StartPage] C:\Documents and Settings\Ma\rundll32.exe
O4 - HKCU\..\Run: [Swrs] C:\Documents and Settings\Ma\Dati applicazioni\riaa.exe
O4 - HKCU\..\Run: [Ablyc] C:\WINDOWS\System32\rbwuxweb.exe
O4 - HKCU\..\Run: [Morpheus] "C:\Programmi\StreamCast\Morpheus\Morpheus.exe " -min
O4 - HKCU\..\Run: [xpsystem] C:\WINDOWS\System32\services\msxmidi.exe
O4 - Startup: T-Online Messenger.lnk = C:\t-online\Messenger\TOM.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MightyFAX Controller.lnk = C:\Programmi\MightyFax\MFNTCTL.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.xxxtoolbar.com
O16 - DPF: v2cab - http://searchmiracle.com/cab/v2cab.cab
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} - http://connect.online-dialer.com/cax.cab
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://195.225.177.13/551/online.chm::/on-line.exe
O16 - DPF: {15320607-1001-1831-1000-118599957123} - ms-its:mhtml:file://C:\path.mht!http://64.200.25.86/yvgvrjq/qgpgrlq/...::/painter.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...e1e2729109a237
O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - http://akamai.downloadv3.com/binarie...48_pack_XP.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwa...06_regular.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binarie...hv32_EN_XP.cab
O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} - http://akamai.downloadv3.com/binarie...ce_5_EN_XP.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://static.flingstone.com/cab/200...Inc/bridge.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {B94B4225-E02E-4D3F-BADB-026F1E2F3AD7} (HttpDownloader Control) - http://www.instantplugin.com/SexDownloader.cab

[pasKuz]

m,e lo sono analizzato ben bene

tranne C:\WINDOWS\system32\slserv.exe

( che è sospetto ma potrebbe essere normale)


elimina tutto cio che ti esce col punto esclamativo rosso

incollando in questa pagina
http://hijackthis.de/index.php?langselect=italian

il tuo log


cmq cn sto casino potresti anke formattare, ma intanti prova con la pulizia...buon lavoro e fammi sapere

[ascaso]

il fatto che il pc non è il mio..mi ci metto domani!!
Poi eliminati i flie con hijack this..devo eliminare qualcosa dal registro ed al computer propriamente?
Files corrispondenti alle voci di Hiijack?
Mi piacerebbe tanto imparare...

[amvinfe]

Fate attenzione a prendere come certo il risultato della scansione su
http://hijackthis.de/index.php?langselect=italian
è giorni che viene ripetuto. Se controlli bene il risultato del suo scan ti accorgerai di quale contraddizione sia il suo responso, ad es. :
C:\Programmi\BullsEye Network\bin\bargains.exe processi in esecuzione. (bargains.exe)Processo sconosciuto.

Più sotto nel registro:

O4 - HKLM\..\Run: [BullsEye Network] C:\Programmi\BullsEye Network\bin\bargains.exe L'applicazione BullsEye Network è stata identificata: bargains. Hit rate: 32,74 % (risultato) Da eliminare!

E non è l'unica!

Scaricati
sphjfix
CWShredder 1.59.1
AdAware


Metti all'interno di una nuova cartella il file dezippato di SpHjfix e lancialo. Riavvia il pc e ripeti l'operazione.
Riavvia in modalità provvisoria apri AdAware e lancia la scansione, elimina tutti i valori infetti che ti ha trovato.
Sempre dalla provvisoria apri CWShredder e clicca su Fix.
Riavvia in modalità normale, con tutte le finestre chiuse apri HijackThis clicca su scan metti la spunta al fianco di queste voci, clicca su Fix checked.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\myfcr.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\myfcr.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about :blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\myfcr.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\myfcr.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\myfcr.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\myfcr.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\myfcr.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about :blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://searchmyrequest.com/hp.php
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: run=C:\WINDOWS\System32\services\msxmidi
.exe
O2 - BHO: twaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\Downloaded Program Files\bridge.dll
O2 - BHO: (no name) - {F5F0086E-C12D-DA23-939A-802FE220ADD3} - C:\WINDOWS\netrb.dll
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Programmi\ISTbar\istbar.dll
O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [crwl.exe] C:\WINDOWS\system32\crwl.exe
O4 - HKLM\..\Run: [IST Service] C:\Programmi\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [wmvxgk] C:\WINDOWS\System32\kcouuf.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Programmi\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
O4 - HKLM\..\Run: [xpsystem] C:\WINDOWS\System32\services\msxmidi.exe
O4 - HKCU\..\Run: [WeatherCast] C:\PROGRA~1\WEATHE~1\Weather.exe /q
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGCOMSERVICE_1048.dll,InstantAccess
O4 - HKCU\..\Run: [StartPage] C:\Documents and Settings\Ma\rundll32.exe
O4 - HKCU\..\Run: [Swrs] C:\Documents and Settings\Ma\Dati applicazioni\riaa.exe
O4 - HKCU\..\Run: [Ablyc] C:\WINDOWS\System32\rbwuxweb.exe
O4 - HKCU\..\Run: [xpsystem] C:\WINDOWS\System32\services\msxmidi.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.xxxtoolbar.com
O16 - DPF: v2cab - http://searchmiracle.com/cab/v2cab.cab
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} - http://connect.online-dialer.com/cax.cab
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://195.225.177.13/551/online.chm::/on-line.exe
O16 - DPF: {15320607-1001-1831-1000-118599957123} - ms-its:mhtml:file://C:\path.mht!http://64.200.25.86/yvgvrjq/qgpgrlq...m::/painter.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...9109a23
7
O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - http://akamai.downloadv3.com/binari...048_pack_XP.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softw...006_regular.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binari...thv32_EN_XP.cab
O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} - http://akamai.downloadv3.com/binari...ice_5_EN_XP.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://static.flingstone.com/cab/20...TInc/bridge.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {B94B4225-E02E-4D3F-BADB-026F1E2F3AD7} (HttpDownloader Control) - http://www.instantplugin.com/SexDownloader.cab

Sempre dalla provvisoria cerca ed elimina se presenti:

C:\WINDOWS\System32\services\msxmidi.exe <==il file
C:\WINDOWS\twaintec.dll<==il file
C:\WINDOWS\Downloaded Program Files\bridge.dll <==il file
C:\Programmi\ISTbar \istbar.dll <==la cartella
C:\WINDOWS\system32\crwl.exe<==il file
C:\Programmi\ISTsvc \istsvc.exe<==la cartella
C:\WINDOWS\System32\kcouuf.exe <==il file
C:\Programmi\BullsEye Network \bin\bargains.exe<==la cartella
C:\Program Files\WindUpdates \WinUpdt.exe<==la cartella
C:\Documents and Settings\Ma\Dati applicazioni\riaa.exe <==il file
C:\WINDOWS\System32\rbwuxweb.exe <==il file

Apri sempre dalla provvisoria CWShredder e clicca su Fix
Riavvia in modalità normale, posta un nuovo log di HijackThis
Installa un antivirus e fai una scansione del disco.

[ascaso]

Stasera faccio tutto..grazie

[ascaso]

ecco poso il log...
Logfile of HijackThis v1.98.2
Scan saved at 21.02.59, on 06/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\downlo~1\8to90yq\jf7fv5v9.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\System32\rundll32.exe
C:\Programmi\StreamCast\Morpheus\Morpheu
s.exe
C:\Programmi\MightyFax\MFNTCTL.EXE
C:\t-online\Messenger\TOM.exe
C:\WINDOWS\System32\xmforgert.exe
C:\Documents and Settings\Ma\Documenti\hjt\HijackThis1982
.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - Startup: T-Online Messenger.lnk = C:\t-online\Messenger\TOM.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net

[amvinfe]

sei sicuro d'aver eliminato SOLO quelli che ti ho indicato???
Comunque...
dalla modalità provvisoria elimina

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net

Riavvia e posta un nuovo log.

[ascaso]

Ho eliinato i file descritti...
Penso di aver eliminato solo i file che mi hai indicato e non credo di aver eliminato per sbaglio file importanti.
In linea di massia che succede se si va toccare qualcosa che non va?
Il sistema operativo sembrava funzionare perfettamente e la rumenta era sparita.
Ho postato la stessa cosa su una nuova discussione amè stata una svista (nuovo al posto di rispondi).
Se non fosse necessario posterei il meno posibile ed userei il motore di ricerca dei forum.
Mi sembra di capire che dalla scansione Hijack This si deve cercare di isolare le voci sospette facendo attenzione a non toccare altro; poi bisogna eliminare i file relativi, se ci sono dal disco C.
Ti ringrazio un altra volta..qua nel Tigullio orami è il 3 PC
che disinfetto grazie al forum e non neanche il mio!!!

[amvinfe]

non ti preoccupare per il doppio post, ma a volte non viene fatto in buona fede come invece è capitato a te

Se rimuovi chiavi del registro per sbaglio, chiavi associate ad eseguibili di programmi, poco male al successivo riavvio si ricreano. Se elimini invece il file dal disco beh allora al successivo riavvio è facile che ti appaia una finestra che ti chiede che fine mai ha fatto quel file, oltre al non più corretto funzionamento del software a lui associato

[ascaso]

Si immaginavo il discorso dei files comunque appunto sono contento perchè comincio a distinguere le "cose brutte"...

posto il mio log di HJthis..(Dal mio PC!!!)non mi sembra ci sia gran che...le scrivo accanto ai percorsi in maiuscolo le voci che non mi convincono

Logfile of HijackThis v1.97.7
Scan saved at 7.55.11, on 07/09/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe NON LA CONOSCO
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE NON MI SEMBRA IL PERCORSO GIUSTO
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE NON LA CONOSCO
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmi\ATI Technologies\Pannello di controllo ATI\atiptaxx.exe
C:\Programmi\Real\RealPlayer\RealPlay.exe
C:\program files\altnet\points manager\points manager.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Winamp\winampa.exe
C:\WINDOWS\System32\rundll32.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\hp center\137903\Program\BackWeb-137903.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Norton AntiVirus\SAVScan.exe
C:\PROGRA~2\Altnet\DOWNLO~1\asm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\Messenger\msmsgs.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Proprietario\Desktop\HijackThis\HijackThi s.exe

DA QUA IN GIU' SPAZZEREI QUALCOSA MA non tanto

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://divx.ariete.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_ 3_19_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Programmi\File comuni\justDo\Jd2002.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_ 3_19_0.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmi\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [RealTray] C:\Programmi\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [updmgr] C:\Programmi\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmi\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Startup: Registration-Studio 7 SE.lnk = C:\Programmi\Pinnacle\Studio\Register\RegTool.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GStartup.lnk = C:\Programmi\File comuni\GMT\GMT.exe
O4 - Global Startup: hp center.lnk = C:\Programmi\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Programmi\File comuni\justDo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: Flash Catcher (HKLM)
O9 - Extra 'Tools' menuitem: Flash Catcher (HKLM)
O9 - Extra button: Organizzatore ricerche (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{04B4B9E9-7F4D-420C-99F0-FAC90F587B99}: NameServer = 195.31.96.214 151.99.125.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{04B4B9E9-7F4D-420C-99F0-FAC90F587B99}: NameServer = 195.31.96.214 151.99.125.1


CIAO GRAZIE