Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

virus serwab?!?

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

Postdi zuru » 04/08/06 09:51

Andorra grazie mille per l'aiuto,
ti volevo chiedere,ma i files infetti che Kasp ha trovato li devo eliminare? questa mattina me ne ha trovati altri: oltre a smss.exe e nvsvds.exe, anche setup.exe (in system32/spool/drivers) e molti in Sistem volume information/restore... etc e sempre Kasp mi avverte dei continui attacchi in rete. Assodato che tra un po'disconnetto internet e faccio girare tutti i programmi che m'hai dato e l'antivirus, c'è altro che dovrei fare?
scusa se mi dilungo, ma non saprei a chi chiedere!
Buona giornata! 8)
zuru
Newbie
 
Post: 5
Iscritto il: 03/08/06 23:11

Sponsor
 

Postdi andorra24 » 04/08/06 10:05

zuru ha scritto:Andorra grazie mille per l'aiuto,
ti volevo chiedere,ma i files infetti che Kasp ha trovato li devo eliminare? questa mattina me ne ha trovati altri: oltre a smss.exe e nvsvds.exe, anche setup.exe (in system32/spool/drivers) e molti in Sistem volume information/restore... etc e sempre Kasp mi avverte dei continui attacchi in rete. Assodato che tra un po'disconnetto internet e faccio girare tutti i programmi che m'hai dato e l'antivirus, c'è altro che dovrei fare?
scusa se mi dilungo, ma non saprei a chi chiedere!
Buona giornata! 8)

I files infetti che kaspersky ti ha trovato puoi eliminarli. Inoltre, dato che hai delle infezioni nella cartella restore, ti consiglio di disattivare il ripristino di sistema e quando il tuo pc sara' del tutto pulito potrai riattivarlo.
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi zuru » 04/08/06 10:17

andorra24 ha scritto:
zuru ha scritto:Andorra grazie mille per l'aiuto,
ti volevo chiedere,ma i files infetti che Kasp ha trovato li devo eliminare? questa mattina me ne ha trovati altri: oltre a smss.exe e nvsvds.exe, anche setup.exe (in system32/spool/drivers) e molti in Sistem volume information/restore... etc e sempre Kasp mi avverte dei continui attacchi in rete. Assodato che tra un po'disconnetto internet e faccio girare tutti i programmi che m'hai dato e l'antivirus, c'è altro che dovrei fare?
scusa se mi dilungo, ma non saprei a chi chiedere!
Buona giornata! 8)

I files infetti che kaspersky ti ha trovato puoi eliminarli. Inoltre, dato che hai delle infezioni nella cartella restore, ti consiglio di disattivare il ripristino di sistema e quando il tuo pc sara' del tutto pulito potrai riattivarlo.


GRAZIE MILLEEE!!! :lol: :lol: :lol:
sin troppo gentile! ;)
zuru
Newbie
 
Post: 5
Iscritto il: 03/08/06 23:11

Postdi andorra24 » 04/08/06 10:36

zuru ha scritto:GRAZIE MILLEEE!!! :lol: :lol: :lol:
sin troppo gentile! ;)

Prego :)
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi raw5 » 08/08/06 14:39

Vi Prego aiutatemi ho anche io lo stesso problema che cosa devo fare!!!
il mio log è:

Logfile of HijackThis v1.99.1
Scan saved at 15.29.15, on 08/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\WMonitor\WLanCfgAB.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\ATI-CPanel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Cloanto\Software Manager\softmngr.exe
C:\Programmi\108Mbps Wireless LAN Adapter\WLANPRO.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Gilby\Desktop\HijackThis.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\Programmi\ewido anti-spyware 4.0\ewido.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [WLanCfgAB.exe] C:\Programmi\WMonitor\WLanCfgAB.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize313.exe"
O4 - HKLM\..\Run: [inszkrip] C:\WINDOWS\inszkrip.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\system32\gah95on6.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe
O4 - HKLM\..\Run: [Á³#  L"h'þ9Óœð3rÅWC:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\rjohjj.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IST Service] C:\Programmi\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] C:\WINDOWS\system32\CivCity Rom.exe
O4 - HKLM\..\Run: [!ewido] "C:\Programmi\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [CloantoSoftwareManager] "C:\Programmi\File comuni\Cloanto\Software Manager\softmngr.exe" /s
O4 - Global Startup: 108Mbps Wireless LAN Adapter Configuration Utility.lnk = C:\Programmi\108Mbps Wireless LAN Adapter\WLANPRO.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Cerca con Google - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Image Converter 2 ??? - C:\Programmi\Sony\Image Converter 2\menu.htm
O8 - Extra context menu item: Link a ritroso - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Downl ... dge-c7.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares ... egular.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF616966-690E-497E-B73B-A6FE40F1E8B0}: NameServer = 62.211.69.150
O17 - HKLM\System\CCS\Services\Tcpip\..\{C60F2D0C-4D2C-428F-BB57-A42197FBF049}: NameServer = 62.211.69.150,212.48.4.15
O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\cuusapi.dll
O20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\cguinf32.dll
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\cguinf32.dll
O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\cguinf32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
raw5
Newbie
 
Post: 7
Iscritto il: 08/08/06 14:32

Postdi raw5 » 08/08/06 14:53

Vi prego aiutatemi il mio computer sta impazzendo!!!
raw5
Newbie
 
Post: 7
Iscritto il: 08/08/06 14:32

Postdi andorra24 » 08/08/06 15:00

Ciao, hai molte infezioni nel pc. Come primissima cosa devi lanciare questo tool di rimozione dell'adware look2me:
http://www.atribune.org/content/view/28/

Poi metti la spunta nella casellina accanto alle seguenti voci e premi fix checked:

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize313.exe"
O4 - HKLM\..\Run: [inszkrip] C:\WINDOWS\inszkrip.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\system32\gah95on6.exe
O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe
O4 - HKLM\..\Run: [Á³# L"h'þ9Óœð3rÅWC:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\rjohjj.exe
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] C:\WINDOWS\system32\CivCity Rom.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Downl ... dge-c7.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares ... egular.cab
O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\cuusapi.dll
O20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\cguinf32.dll
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\cguinf32.dll
O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\cguinf32.dll

Vai nel Pannello di controllo/installazione applicazioni e se trovi un certo Internet Optimizer, un certo Media Pass e un certo ISTsvc disinstallali subito.

Vai su start/risorse del computer/strumenti/opzioni cartella/visualizzazione e metti la spunta su visualizza cartelle file nascosti e togli la spunta da ''nascondi i file protetti di sistema''.

Scarica killbox da qui: http://www.bleepingcomputer.com/files/killbox.php
con killbox assicurati che vengano eliminati dal tuo pc i seguenti files( se presenti) :
C:\Program Files\Internet Optimizer\optimize313.exe (dopo aver eliminato il file exe elimina anche la cartella Internet Optimizer)
C:\WINDOWS\inszkrip.exe
C:\WINDOWS\system32\gah95on6.exe
C:\Program Files\Media Pass\MediaPassK.exe (dopo aver eliminato il file exe elimina anche la cartella Media Pass)
C:\Programmi\ISTsvc\istsvc.exe
C:\WINDOWS\rjohjj.exe
C:\WINDOWS\system32\CivCity Rom.exe
C:\WINDOWS\system32\cuusapi.dll
C:\WINDOWS\system32\cguinf32.dll
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi Luke57 » 08/08/06 15:09

Ciao, carica questo tool per look 2me da qui:
http://www.atribune.org/ccount/click.php?id=7

QUOTE
* Chiudere tutti i programmi prima di continuare.
* Cliccare su Look2Me-Destroyer.exe per eseguirlo.
* Mettere la spunta a "next to Run this program as a task"
* Riceverete un messaggio messaggio che Look2Me-Destroyer si chiuderà e riaprirà in 1 minuto. CliccateOK
* Quando Look2Me-Destroyer si riapre, Clicca sul bottone "Scan for L2M " , le icone del desktop scompariranno, questo è normale.
* Una volta fatta la scansione, cliccare su "Remove L2M".
* Riceverete il messaggio scansione effettuata, cliccare OK.
* Quando completato, vedrete messaggio: " Done removing infected files! Look2Me-Destroyer will now shutdown your computer", cliccare OK.
* Al riavvio, postare sul forum, se richiesto il contenuto di Look2Me-Destroyer.txt ed un log HiJackThis nuovo .

Poi scarica e fai girare questi altri tools nel computer:
http://securityresponse.symantec.com/av ... x180Sh.exe

http://securityresponse.symantec.com/av ... Istbar.exe

da pannello di controllo, installazioni/applicazioni, disistalla 180 solutions (se c’è) e altre applicazioni sospette non installate da te, tipo Internet Optimizer.

Apri hiajckthis, premi “do a system scan only”, cerchi e spunti (se ci sono ancora):
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize313.exe"
O4 - HKLM\..\Run: [inszkrip] C:\WINDOWS\inszkrip.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\system32\gah95on6.exe
O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe
O4 - HKLM\..\Run: [Á ³# L"h'þ9Óœð3rÅ WC:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\rjohjj.exe
O4 - HKLM\..\Run: [IST Service] C:\Programmi\ISTsvc\istsvc.exe
premi fix checked

Riavvia in modalità provvisoria
(Avviare il computer.Subito dopo il calcolo della RAM e prima che inizi a caricarsi Windows, iniziare a premere ripetutamente il tasto F8 sulla tastiera. Continuare a farlo fino a visualizzare il menu Opzioni avanzate di Windows. Usando i tasti freccia sulla tastiera, scorrere le opzioni e selezionare il menu Modalità Provvisoria, quindi premere Invio)

Rendi visibili file e cartelle nascosti:
da gestione del computer>strumenti>Opzioni Cartella
Seleziona Visualizza
Spunta "mostra file e cartelle nascoste"
Togli la spunta da "nascondi file di sistema protetti"
Click OK

Cerca ed elimina i seguenti file e cartelle(se ci sono ancora)

C:\Program Files\Internet Optimizer---- > la cartella
C:\WINDOWS\inszkrip.exe
C:\WINDOWS\system32\gah95on6.exe
C:\Program Files\Media Pass---- > la cartella
C:\WINDOWS\rjohjj.exe
WC:\Programmi\ISTsvc---- > la cartella

Elimina poi tutti i file temporanei di windows temp e tmp (da start>cerca>tutti i file e cartelle, copi e incolli: *.temp;*.tmp, ed elimini tutti quelli trovati)

sulle opzioni Internet cancella la cache di IE ( sull’opzione elimina file temporanei spunta anche “elimina il contenuto non in linea”, i cookies, cronologia)

svuota il cestino.

Fai una scansione con antivirus aggiornato

Riavvia in md.normale e posta nuovo log
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi raw5 » 08/08/06 15:49

ok ora dovrebbe andare meglio grazie 1000000000
raw5
Newbie
 
Post: 7
Iscritto il: 08/08/06 14:32

Postdi raw5 » 08/08/06 15:54

Ce ne fossero come voi con tutti questi bastardi in rete!!!!!
raw5
Newbie
 
Post: 7
Iscritto il: 08/08/06 14:32

Postdi raw5 » 08/08/06 16:12

Prima di riavviare era tutto perfetto adesso mi è rispuntato il sito Amaena.com Il log è cambiato:

Logfile of HijackThis v1.99.1
Scan saved at 17.11.56, on 08/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\Programmi\WMonitor\WLanCfgAB.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\ATI-CPanel\atiptaxx.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\kybrdff_8.exe
C:\dfndrff_8.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Cloanto\Software Manager\softmngr.exe
C:\Programmi\108Mbps Wireless LAN Adapter\WLANPRO.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Documents and Settings\Gilby\Desktop\HijackThis.exe
C:\Programmi\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [WLanCfgAB.exe] C:\Programmi\WMonitor\WLanCfgAB.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IST Service] C:\Programmi\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_8.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_8.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [CloantoSoftwareManager] "C:\Programmi\File comuni\Cloanto\Software Manager\softmngr.exe" /s
O4 - Global Startup: 108Mbps Wireless LAN Adapter Configuration Utility.lnk = C:\Programmi\108Mbps Wireless LAN Adapter\WLANPRO.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Cerca con Google - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Image Converter 2 ??? - C:\Programmi\Sony\Image Converter 2\menu.htm
O8 - Extra context menu item: Link a ritroso - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF616966-690E-497E-B73B-A6FE40F1E8B0}: NameServer = 62.211.69.150
O17 - HKLM\System\CCS\Services\Tcpip\..\{C60F2D0C-4D2C-428F-BB57-A42197FBF049}: NameServer = 62.211.69.150,212.48.4.15
O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\fHultrep.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe








Che devo Fare???
raw5
Newbie
 
Post: 7
Iscritto il: 08/08/06 14:32

Postdi andorra24 » 08/08/06 16:23

Apri hijackthis, premi su ''open the misc tools section'', poi premi ''open process manager'', individua le voci indicate sotto e premi ''kill process'':

C:\kybrdff_8.exe
C:\dfndrff_8.exe

Poi vai in basso e premi il tasto back e subito dopo il tasto scan. Metti la spunta nella casellina accanto alle voci indicate sotto e premi ''fix checked'' :

O4 - HKLM\..\Run: [IST Service] C:\Programmi\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_8.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_8.exe
O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\fHultrep.dll

Rilancia nuovamente il tool di rimozione per l'adware look2me del post precedente.

Fai una scansione con superantispyware:
http://www.superantispyware.com/downloa ... PYWAREFREE

elimina (se ancora presenti) questi files:
C:\Programmi\ISTsvc\istsvc.exe (e poi elimina la sua cartella)
C:\kybrdff_8.exe
C:\dfndrff_8.exe
C:\WINDOWS\system32\fHultrep.dll
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi raw5 » 08/08/06 16:41

Ora va bene ma perchè ogni volta che riavvio ritorna?
raw5
Newbie
 
Post: 7
Iscritto il: 08/08/06 14:32

Postdi raw5 » 08/08/06 16:51

Poi sembra che abbia tolto tutto invece quando faccio il super anti spyware mi spuntano altri adware tipo: Avenue media/internet optimizer(che ho tolto), IST Che ho tolto anche perchè????
raw5
Newbie
 
Post: 7
Iscritto il: 08/08/06 14:32

Postdi andorra24 » 08/08/06 16:59

raw5 ha scritto:Poi sembra che abbia tolto tutto invece quando faccio il super anti spyware mi spuntano altri adware tipo: Avenue media/internet optimizer(che ho tolto), IST Che ho tolto anche perchè????

Si, purtroppo avevi una grossa quantita' di spyware et similia nel pc. Ripulisci i residui rimasti con superantispyware che e' un valido programma.
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi bugle » 16/08/06 17:36

Ragazzi ho formattato già 3 volte il mio computer in 2 giorni e costantemente, appena mi collego prendo qualche virus, nonostante abbia l'avast! che adesso mi segnala la presenza di cavalli di troia ogni 5 secondi!!!
In più sulla barra di internet explorer mi è comparsa la ToolBar888....
Perfavore, se sapete come posso fare a risolvere questo problema...AIUTATEMI!!!
Questo è il log di HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 18.31.47, on 16/08/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Programmi\Avast4\aswUpdSv.exe
C:\Programmi\Avast4\ashServ.exe
C:\WINDOWS\update\updmgr.exe
C:\Programmi\Avast4\ashMaiSv.exe
C:\Programmi\Avast4\ashWebSv.exe
C:\WINDOWS\System32\firewall.exe
c:\ddsmart.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\Carla\IMPOST~1\Temp\Rar$EX0g.130\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Programmi\ToolBar888\MyToolBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Programmi\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Microsoft (R) Windows Update Manager] C:\WINDOWS\update\updmgr.exe
O4 - HKLM\..\Run: [Windows Network Firewall] C:\WINDOWS\System32\firewall.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5743921218
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C422A2A-E270-4EDC-8D9A-051FCE647591}: NameServer = 85.37.17.51 85.38.28.97
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Windows Update Manager (UpdateManager) - Unknown owner - C:\WINDOWS\update\updmgr.exe

HELP ME PLEASE!!!!
bugle
Newbie
 
Post: 2
Iscritto il: 16/08/06 17:28

Postdi andorra24 » 16/08/06 17:54

Ciao, come prima cosa guarda nel Pannello di controllo/installazione applicazioni se c'e' una voce ToolBar888 e disinstallala subito.

Adesso veniamo al log di hijackthis. Apri hijackthis, premi su ''open the misc tools section'', poi premi ''open process manager'', individua le voci indicate sotto e premi ''kill process'':

C:\WINDOWS\update\updmgr.exe
C:\WINDOWS\System32\firewall.exe
c:\ddsmart.exe

Poi vai in basso e premi il tasto back e subito dopo il tasto scan. Metti la spunta nella casellina accanto alle voci indicate sotto e premi ''fix checked'' :

O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Programmi\ToolBar888\MyToolBar.dll
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Programmi\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [Microsoft (R) Windows Update Manager] C:\WINDOWS\update\updmgr.exe
O4 - HKLM\..\Run: [Windows Network Firewall] C:\WINDOWS\System32\firewall.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O23 - Service: Windows Update Manager (UpdateManager) - Unknown owner - C:\WINDOWS\update\updmgr.exe

Vai su start/risorse del computer/strumenti/opzioni cartella/visualizzazione e metti la spunta su ''visualizza cartelle e file nascosti'' e togli la spunta da ''nascondi i file protetti di sistema (consigliato)''.

Scarica killbox da qui:
http://www.bleepingcomputer.com/files/killbox.php
con killbox assicurati di eliminare i seguenti files:
C:\WINDOWS\System32\firewall.exe
c:\ddsmart.exe
C:\WINDOWS\update\updmgr.exe (dopo aver eliminato il file exe elimina anche la cartella update)
C:\Programmi\ToolBar888\MyToolBar.dll (dopo aver eliminato il file .dll elimina anche la cartella ToolBar888).
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi bugle » 16/08/06 19:25

Grazie mille Andorra!!!
Sembra sia tutto risolto, perfortuna, altrimenti avrei dovuto riformattare!!!
Cmq per ora penso di non collegarmi ad internet per un pò perchè nonostante l'avast! appena mi connetto becco tutti i virus della rete!!!
Grazie ancora!! :) ;)
bugle
Newbie
 
Post: 2
Iscritto il: 16/08/06 17:28

Postdi andorra24 » 16/08/06 20:03

bugle ha scritto:Grazie mille Andorra!!!
Sembra sia tutto risolto, perfortuna, altrimenti avrei dovuto riformattare!!!
Cmq per ora penso di non collegarmi ad internet per un pò perchè nonostante l'avast! appena mi connetto becco tutti i virus della rete!!!
Grazie ancora!! :) ;)

Prego. ;)
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

serwab

Postdi giova » 17/08/06 11:30

prima di tutto ciao a tutti. in secondo luogo spero possiate darmi una mano con serwab,infatti sono stato infettato, aiuto

Logfile of HijackThis v1.99.1
Scan saved at 11.58.35, on 17/08/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\R2lvdmFubmkgQ3Jpc3RpbmE\command.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Network Monitor\netmon.exe
F:\Programmi\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
F:\Programmi\Digital Imaging\bin\hpotdd01.exe
C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
F:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
F:\Programmi\lg_fwupdate\fwupdate.exe
C:\WINDOWS\sndmano.exe
C:\WINDOWS\System32\XCSyncML.exe
C:\Programmi\FlyNet\CnxDslTb.exe
C:\WINDOWS\volume.exe
C:\WINDOWS\System32\csrs.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\thiselt.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\System32\YSTEM3~1\chkdsk.exe
C:\PROGRA~1\FILECO~1\fqqf\fqqfm.exe
C:\Programmi\??stem32\?serinit.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
F:\Programmi\SetPoint\SetPoint.exe
C:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\timed.exe
C:\PROGRA~1\FILECO~1\fqqf\fqqfa.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\File comuni\{1C47D828-0775-1040-1003-030310080027}\Update.exe
C:\WINDOWS\System32\rundll32.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Giovanni\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {BF7EBBD7-0369-5CE7-11E0-51C0AF2400E7} - C:\WINDOWS\System32\pufeewwj.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Programmi\TheSearchAccelerator\UCMTSAIE.dll
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Programmi\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DeviceDiscovery] F:\Programmi\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] F:\Programmi\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Timer] C:\WINDOWS\timed.exe /i
O4 - HKLM\..\Run: [WinHound] C:\Programmi\WinHound\WinHound.exe
O4 - HKLM\..\Run: [dflnl.exe] C:\WINDOWS\System32\dflnl.exe
O4 - HKLM\..\Run: [RemoteControl] "F:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LGODDFU] F:\Programmi\lg_fwupdate\fwupdate.exe
O4 - HKLM\..\Run: [hgqhp.exe] C:\WINDOWS\System32\hgqhp.exe
O4 - HKLM\..\Run: [SoundMano] C:\WINDOWS\sndmano.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [XCSyncML] C:\WINDOWS\System32\XCSyncML.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\FlyNet\CnxDslTb.exe"
O4 - HKLM\..\Run: [VolControl] C:\WINDOWS\volume.exe -i
O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINDOWS\System32\csrs.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_11.exe
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_11.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmff_11.exe
O4 - HKLM\..\Run: [rtb1fdaa] RUNDLL32.EXE w001944c.dll,n 0031fda70000000a001944c
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Rmoe] "C:\WINDOWS\System32\YSTEM3~1\chkdsk.exe" -vt tzt
O4 - HKCU\..\Run: [fqqf] C:\PROGRA~1\FILECO~1\fqqf\fqqfm.exe
O4 - HKCU\..\Run: [Bjzoc] C:\Programmi\??stem32\?serinit.exe
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Programmi\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = F:\Programmi\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O15 - Trusted Zone: http://www.amaena.com
O15 - Trusted Zone: http://www.archiviosex.net
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: http://www.linkautomatici.com
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: http://www.otherchance.com
O15 - Trusted Zone: http://www.redfunny.com
O15 - Trusted Zone: http://www.skymasters.biz
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted Zone: http://www.winantivirus.com
O15 - Trusted Zone: http://www.winantiviruspro.com
O15 - Trusted Zone: http://download.cdn.winsoftware.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B809234A-92CF-42EA-BB7D-58D3ABC1F6CC}: NameServer = 85.255.116.102,85.255.112.199
O18 - Protocol: bw+0 - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Programmi\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {D20A1CA6-EB26-4B54-B1BF-0A7BA6692FAC} - F:\Programmi\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\R2lvdmFubmkgQ3Jpc3RpbmE\command.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Programmi\Network Monitor\netmon.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - F:\Programmi\ScsiAccess.exe
giova
Newbie
 
Post: 4
Iscritto il: 17/08/06 10:33

PrecedenteProssimo

Torna a Sicurezza e Privacy


Topic correlati a "virus serwab?!?":


Chi c’è in linea

Visitano il forum: Nessuno e 14 ospiti