Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

Eliminare Citofarera Help Me Please

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

Eliminare Citofarera Help Me Please

Postdi Osho74 » 28/08/06 17:03

Ciao, anche io mi sono beccato questo famigerato citofarera e sto provando ad eliminarlo, credevo di esserci già riuscito con spybot che insiste nel dirmi di aver fixato il problema, ma il problema continua a riproporsi.
vi posto il log file di hijackthis sperando che possiate aiutarmi:

Logfile of HijackThis v1.99.1
Scan saved at 17.50.25, on 28/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programmi\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Programmi\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Intrexx\bin\UpDoubletSvc30.exe
C:\Intrexx\bin\uplifeguard10.exe
C:\Intrexx\bin\upmailsvc20.exe
C:\Intrexx\bin\upreplicant11.exe
c:\xtreme\bin\win32\upsystemserver10.exe
C:\Intrexx\bin\uptracer10.exe
C:\WINDOWS\system32\fxssvc.exe
c:\xtreme\jre\win32\bin\javaw.exe
c:\xtreme\jre\win32\bin\javaw.exe
c:\xtreme\jre\win32\bin\javaw.exe
c:\xtreme\jre\win32\bin\javaw.exe
c:\xtreme\jre\win32\bin\javaw.exe
c:\xtreme\jre\win32\bin\javaw.exe
c:\xtreme\jre\win32\bin\javaw.exe
c:\xtreme\jre\win32\bin\javaw.exe
c:\xtreme\jre\win32\bin\javaw.exe
c:\xtreme\jre\win32\bin\javaw.exe
C:\Programmi\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmi\Dell\QuickSet\quickset.exe
C:\Programmi\Apoint\Apoint.exe
C:\Programmi\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmi\Dell\Media Experience\DMXLauncher.exe
C:\Intrexx\bin\upservercon30.exe
C:\Programmi\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Apoint\Apntex.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\vsnpstd.exe
C:\DOCUME~1\danieleb\IMPOST~1\Temp\s324.3.exe
C:\WINDOWS\system32\spoolsvc.exe
C:\Programmi\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programmi\Digital Line Detect\DLG.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Trend Micro\OfficeScan Client\pccntupd.exe
C:\Documents and Settings\danieleb\Dati applicazioni\ratorefaci\sysrtmvs.exe
C:\Programmi\Autodesk Civil 3D 2006\acad.exe
C:\DOCUME~1\danieleb\IMPOST~1\Temp\AdskCleanup.0001
C:\Programmi\File comuni\Autodesk Shared\WSCommCntr1.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\danieleb\Desktop\micro\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tiscali.it/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.254:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ComCap - {E1B2E864-8BFC-4072-AE11-924E0F8BBA96} - C:\WINDOWS\system32\comcap16.dll
O2 - BHO: Dredge - {EB870508-E2B7-4169-8120-760F69703776} - C:\WINDOWS\system32\kaboom.dll
O2 - BHO: Intense - {FB47056B-B34D-410E-819A-E8A51CC8E2EB} - C:\WINDOWS\System32\kaboom.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programmi\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmi\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Programmi\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [upservercon] C:\Intrexx\bin\upservercon30.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programmi\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HylaFSP] C:\WINDOWS\system32\HylaFSPReminder.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [IEAgent update check] C:\WINDOWS\system32\iewatch.exe
O4 - HKLM\..\Run: [rusto] "C:\DOCUME~1\danieleb\IMPOST~1\Temp\s324.3.exe"
O4 - HKLM\..\Run: [aouei] C:\Documents and Settings\danieleb\Dati applicazioni\ratorefaci\sysrtmvs.exe
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\system32\spoolsvc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart17.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart17.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferito portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.it
O15 - Trusted Zone: http://www.1987324.com
O15 - Trusted Zone: http://www.adslconnection.name
O15 - Trusted Zone: *.aflashcounter.com
O15 - Trusted Zone: extra.dbcaditaly.com
O15 - Trusted Zone: http://www.sgrunt.biz
O15 - Trusted Zone: http://www.softlab.name
O15 - Trusted Zone: http://www.xxx-content.name
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://www.softlab.name/conn.exe
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Programmi\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O20 - Winlogon Notify: IntelWireless - C:\Programmi\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: MySQL - Unknown owner - C:\Programmi\MySQL\MySQL.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmi\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programmi\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\Programmi\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: United Planet Doublet Service - United Planet - C:\Intrexx\bin\UpDoubletSvc30.exe
O23 - Service: United Planet Life Guard - United Planet - C:\Intrexx\bin\uplifeguard10.exe
O23 - Service: United Planet Mail Service - United Planet - C:\Intrexx\bin\upmailsvc20.exe
O23 - Service: United Planet Replication Service - United Planet - C:\Intrexx\bin\upreplicant11.exe
O23 - Service: United Planet System Server - Unknown owner - c:\xtreme\bin\win32\upsystemserver10.exe
O23 - Service: United Planet Tracer - United Planet - C:\Intrexx\bin\uptracer10.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe
Osho74
Newbie
 
Post: 2
Iscritto il: 28/08/06 16:58

Sponsor
 

Postdi andorra24 » 28/08/06 17:31

Ciao, come prima cosa segui le semplici indicazioni di questo link per eliminare il trojan bomka (kaboom.dll e iewatch.exe) :

http://www.greatis.com/security/ICQCHK. ... emover.htm

Poi scarica ATF Cleaner da qui:
http://www.atribune.org/ccount/click.php?id=1
(per eliminare file temporanei di windows e IE)
Avvia ATF cleaner, clicca sul menu "main" e poi seleziona la casella "Select All". Adesso clicca sul pulsante "Empty selected" e aspetta il messaggio "Done Cleaning!"

Adesso veniamo al log di hijackthis. Apri hijackthis, premi su ''open the misc tools section'', poi premi ''open process manager'', individua (se presenti) le voci indicate sotto e premi ''kill process'':

C:\DOCUME~1\danieleb\IMPOST~1\Temp\s324.3.exe
C:\WINDOWS\system32\spoolsvc.exe (da NON confondere con il legittimo spoolsv.exe)
C:\Documents and Settings\danieleb\Dati applicazioni\ratorefaci\sysrtmvs.exe

Poi vai in basso e premi il tasto back e subito dopo il tasto scan. Metti la spunta nella casellina accanto alle voci indicate sotto e premi ''fix checked'' :

O2 - BHO: ComCap - {E1B2E864-8BFC-4072-AE11-924E0F8BBA96} - C:\WINDOWS\system32\comcap16.dll
O2 - BHO: Dredge - {EB870508-E2B7-4169-8120-760F69703776} - C:\WINDOWS\system32\kaboom.dll
O2 - BHO: Intense - {FB47056B-B34D-410E-819A-E8A51CC8E2EB} - C:\WINDOWS\System32\kaboom.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [IEAgent update check] C:\WINDOWS\system32\iewatch.exe
O4 - HKLM\..\Run: [rusto] "C:\DOCUME~1\danieleb\IMPOST~1\Temp\s324.3.exe"
O4 - HKLM\..\Run: [aouei] C:\Documents and Settings\danieleb\Dati applicazioni\ratorefaci\sysrtmvs.exe
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\system32\spoolsvc.exe
O15 - Trusted Zone: http://www.1987324.com
O15 - Trusted Zone: http://www.adslconnection.name
O15 - Trusted Zone: *.aflashcounter.com
O15 - Trusted Zone: extra.dbcaditaly.com
O15 - Trusted Zone: http://www.sgrunt.biz
O15 - Trusted Zone: http://www.softlab.name
O15 - Trusted Zone: http://www.xxx-content.name
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://www.softlab.name/conn.exe

Vai su start/risorse del computer/strumenti/opzioni cartella/visualizzazione e metti la spunta su visualizza cartelle file nascosti e togli la spunta da ''nascondi i file protetti di sistema''.

Scarica delete doctor da qua:
http://www.megalab.it/articoli.php?id=652
Con delete doctor elimina i seguenti files (se presenti) :
C:\DOCUME~1\danieleb\IMPOST~1\Temp\s324.3.exe
C:\WINDOWS\system32\spoolsvc.exe (da NON confondere con il legittimo spoolsv.exe)
C:\Documents and Settings\danieleb\Dati applicazioni\ratorefaci\sysrtmvs.exe (dopo elimina anche la cartella ratorefaci)
C:\WINDOWS\system32\comcap16.dll
C:\WINDOWS\system32\iewatch.exe
C:\WINDOWS\system32\kaboom.dll
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Tutto Risolto

Postdi Osho74 » 29/08/06 13:50

Vi ringrazio davvero, ora sembra funzionare tutto... :D
Osho74
Newbie
 
Post: 2
Iscritto il: 28/08/06 16:58

Re: Tutto Risolto

Postdi andorra24 » 29/08/06 15:51

Osho74 ha scritto:Vi ringrazio davvero, ora sembra funzionare tutto... :D

Molto bene. ;)
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi predappi » 21/09/06 02:42

Ringrazio anch'io di cuore Andorra24 ;) ;) SEI UN GRANDE!!!! SEGUENDO LE TUE INDICAZIONI HO MANDATO A FAN CULO (SCUSA IL TERMINE MA QUANDO CE VO' CE VO') QUEL VIRUS DI *** (E RISCUSA PER L'ESPRESSIONE COLORITA) DENOMINATO CITOFARERA.
ERA VERAMENTE INSOPPORTABILE!!!!!!
GGGGGGGGRRRRRRRRRRRRAAAAAAAAAAAAAAAZZZZZZZZZZZZIIIIIIIIIIIEEEEEEEEEEEEEEEEEEEEEE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
predappi
Newbie
 
Post: 1
Iscritto il: 21/09/06 02:36

Postdi andorra24 » 21/09/06 08:02

predappi ha scritto:Ringrazio anch'io di cuore Andorra24 ;) ;) SEI UNa GRANDE!!!! SEGUENDO LE TUE INDICAZIONI HO MANDATO A FAN CULO (SCUSA IL TERMINE MA QUANDO CE VO' CE VO') QUEL VIRUS DI *** (E RISCUSA PER L'ESPRESSIONE COLORITA) DENOMINATO CITOFARERA.
ERA VERAMENTE INSOPPORTABILE!!!!!!
GGGGGGGGRRRRRRRRRRRRAAAAAAAAAAAAAAAZZZZZZZZZZZZIIIIIIIIIIIEEEEEEEEEEEEEEEEEEEEEE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Bene, mi fa piacere. :)
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Iexplore

Postdi zsuperfrengo » 29/09/06 18:00

Ciao, sta vota ci sono caduto io nella trappola! Questo è il mio log, ma ora che devo fare? Vi prego aiutatemi!!!
Logfile of HijackThis v1.99.0
Scan saved at 18.51.20, on 29/09/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
E:\Programmi\Avast\aswUpdSv.exe
E:\Programmi\Avast\ashServ.exe
E:\Programmi\IN-CD\InCD.exe
C:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe
C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Libero\Adsl\dslagent.exe
E:\Programmi\bl\MsgPlus.exe
C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
E:\PROGRA~1\Avast\ashDisp.exe
E:\Programmi\Nikkon\NkvMon.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
E:\Programmi\Avast\ashWebSv.exe
E:\Programmi\Avast\ashMaiSv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\cidaemon.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\DottErrico\Impostazioni locali\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Libero
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - E:\PROGRA~1\DOWNLO~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [InCD] E:\Programmi\IN-CD\InCD.exe
O4 - HKLM\..\Run: [msnappau] "C:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe"
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\DOTTER~1\IMPOST~1\Temp\200591195044_mcinfo.exe /insfin
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Libero\Adsl\dslagent.exe
O4 - HKLM\..\Run: [MessengerPlus3] "E:\Programmi\bl\MsgPlus.exe"
O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOCUME~1\DOTTER~1\IMPOST~1\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail
O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\DottErrico\Dati applicazioni\sgrunt\IE4321.exe
O4 - HKLM\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [dflnl.exe] C:\WINDOWS\System32\dflnl.exe
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [nkzxc.exe] C:\WINDOWS\System32\nkzxc.exe
O4 - HKCU\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkvMon.exe.lnk = E:\Programmi\Nikkon\NkvMon.exe
O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Salva oggetto con Star Downloader - E:\Programmi\downloader\Star Downloader\sdie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.libero.it
O15 - Trusted Zone: http://www.archiviosex.net
O15 - Trusted Zone: *.energy-factor.com
O15 - Trusted Zone: *.hardcorefantasyland.com
O15 - Trusted Zone: *.hardfootballbabes.com
O15 - Trusted Zone: http://www.redfunny.com
O15 - Trusted Zone: http://www.skymasters.biz
O16 - DPF: {41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} (HHCtrl Object) - http://195.225.176.5/d/axehkqu/nnvkjxu/ ... hhctrl.ocx
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} - http://www.tbcode.com/ist/softwares/v4. ... cracks.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Smart Viewer 7) - http://207.169.197.2/viewer/activeXView ... viewer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{12435B6E-9C03-45B0-9C42-1AA13DC3AA66}: NameServer = 85.255.115.45,85.255.112.144
O17 - HKLM\System\CCS\Services\Tcpip\..\{90CC1438-717A-4CB1-A295-031B9C0CF2CB}: NameServer = 85.255.115.45 85.255.112.144
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD23F3A8-9FD0-46BD-87AF-3A0AE611BB88}: NameServer = 85.255.115.45,85.255.112.144
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.45 85.255.112.144
O17 - HKLM\System\CS1\Services\Tcpip\..\{12435B6E-9C03-45B0-9C42-1AA13DC3AA66}: NameServer = 85.255.115.45,85.255.112.144
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.45 85.255.112.144
O17 - HKLM\System\CS2\Services\Tcpip\..\{12435B6E-9C03-45B0-9C42-1AA13DC3AA66}: NameServer = 85.255.115.45,85.255.112.144
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.45 85.255.112.144
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service - Unknown - E:\Programmi\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown - E:\Programmi\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Programmi\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Programmi\Avast\ashWebSv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)
zsuperfrengo
Newbie
 
Post: 2
Iscritto il: 29/09/06 17:54

Postdi andorra24 » 29/09/06 19:23

Fai una scansione con killsgrunt:
http://www.francydelorenzi.it/component ... ecatid,105

Con hijackthis spunta le seguenti voci e dopo esserti disconnesso da internet ed aver chiuso tutti i programmi aperti premi fix checked:

O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\DottErrico\Dati applicazioni\sgrunt\IE4321.exe
O4 - HKLM\..\Run: [dflnl.exe] C:\WINDOWS\System32\dflnl.exe
O4 - HKLM\..\Run: [nkzxc.exe] C:\WINDOWS\System32\nkzxc.exe
O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
O15 - Trusted Zone: http://www.archiviosex.net
O15 - Trusted Zone: *.energy-factor.com
O15 - Trusted Zone: *.hardcorefantasyland.com
O15 - Trusted Zone: *.hardfootballbabes.com
O15 - Trusted Zone: http://www.redfunny.com
O15 - Trusted Zone: http://www.skymasters.biz
O16 - DPF: {41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} (HHCtrl Object) - http://195.225.176.5/d/axehkqu/nnvkjxu/ ... hhctrl.ocx
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} - http://www.tbcode.com/ist/softwares/v4. ... cracks.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Smart Viewer 7) - http://207.169.197.2/viewer/activeXView ... viewer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{12435B6E-9C03-45B0-9C42-1AA13DC3AA66}: NameServer = 85.255.115.45,85.255.112.144
O17 - HKLM\System\CCS\Services\Tcpip\..\{90CC1438-717A-4CB1-A295-031B9C0CF2CB}: NameServer = 85.255.115.45 85.255.112.144
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD23F3A8-9FD0-46BD-87AF-3A0AE611BB88}: NameServer = 85.255.115.45,85.255.112.144
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.45 85.255.112.144
O17 - HKLM\System\CS1\Services\Tcpip\..\{12435B6E-9C03-45B0-9C42-1AA13DC3AA66}: NameServer = 85.255.115.45,85.255.112.144
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.45 85.255.112.144
O17 - HKLM\System\CS2\Services\Tcpip\..\{12435B6E-9C03-45B0-9C42-1AA13DC3AA66}: NameServer = 85.255.115.45,85.255.112.144
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.45 85.255.112.144

Vai su start/risorse del computer/strumenti/opzioni cartella/visualizzazione e metti la spunta su visualizza cartelle file nascosti e togli la spunta da ''nascondi i file protetti di sistema (consigliato)''.

Scarica killbox: http://killbox.net/downloads/KillBox.exe
con killbox elimina i seguenti files:
C:\Documents and Settings\DottErrico\Dati applicazioni\sgrunt\IE4321.exe (elimina anche la cartella sgrunt)
C:\WINDOWS\System32\dflnl.exe
C:\WINDOWS\System32\nkzxc.exe

Se per caso dovessi riscontrare qualche problema con la connessione fai questa cosa: pannello di controllo/rete e connessioni internet/connessioni di rete. Poi clicca col destro del mouse sulla tua connessione di default e seleziona Proprieta', fai doppio click su Protocollo internet (tcp/ip) e metti la spunta su Ottieni indirizzo server DNS automaticamente. Premi OK ed eventualmente riavvia il pc.

Dopo svuota la cache DNS. Per farlo esegui il comando "ipconfig /flushdns" da MS-DOS. Per fare ciò, seleziona "Start" > "Programmi" > "Accessori" > "Prompt dei comandi". Digita "ipconfig /flushdns" (senza virgolette), quindi premi Invio.

Fai una scansione con superantispyware:
http://www.superantispyware.com/downloa ... PYWAREFREE
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi zsuperfrengo » 01/10/06 12:33

Mamma mia grazie
proverò a fare tutto questo e ti dico! Grazie tante!
zsuperfrengo
Newbie
 
Post: 2
Iscritto il: 29/09/06 17:54


Torna a Sicurezza e Privacy


Topic correlati a "Eliminare Citofarera Help Me Please":


Chi c’è in linea

Visitano il forum: Nessuno e 4 ospiti