!!!..... URGENTI PROBLEMI ........ !!!

di **(b)ananartista** » 29/08/06 15:11

non riesco ad eliminare alcuni virus e mailware che da un po' infettano il mio computer.

ho già fatto scansioni con antivir, virit
prevx.

ma con scarsi risultati.

in particolare credo che i file dannosi siano
msijavaup32.exe

e
creative.exe
e lsass.exe

COSA DEVO FARE?

ecco il mio log:

Logfile of HijackThis v1.99.1
Scan saved at 14.03.56, on 29/08/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\WINNT\system32\CTsvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\Sony\MD Simple Burner\NetMDSB.exe
C:\Programmi\Prevx1\PXAgent.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\Tablet.exe
C:\VEXPLITE\viritsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.exe
C:\WINNT\system32\msijavaup32.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\system32\CTHELPER.EXE
C:\WINNT\system32\GSICON.EXE
C:\WINNT\system32\dslagent.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINNT\kdx\KHost.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe
C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Prevx1\PXConsole.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINNT\system32\internat.exe
C:\Programmi\Creative\SBAudigy\TaskBar\CTLTray.exe
C:\Programmi\Creative\SBAudigy\TaskBar\CTLTask.exe
C:\Programmi\MySpace\IM\MySpaceIM.exe
C:\Programmi\Yahoo!\Messenger\ymsgr_tray.exe
C:\VEXPLITE\VIRITEXP.EXE
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\bananao\IMPOST~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe msijavaup32.exe
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,msijavaup32.exe
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programmi\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Microsoft Update] C:\WINNT\
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [kdx] C:\WINNT\kdx\KHost.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NTSys Updater] c:\windows\hardware32\hardwares.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmi\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MSsvc322] C:\WINNT\system32\MSsvc32.exe
O4 - HKLM\..\Run: [Services] C:\WINNT\system32\2.tmp
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Idle sign sixth eq] C:\Documents and Settings\All Users\Dati applicazioni\vc up idle sign\Bib this.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [irk4292d] RUNDLL32.EXE w0072b34.dll,n 0034292a0000000a0072b34
O4 - HKLM\..\Run: [ntdll.dll] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [PrevxOne] C:\Programmi\Prevx1\PXConsole.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\RunServices: [ntdll.dll] msjava.exe
O4 - HKLM\..\RunServices: [Ms Java for Windows NT] msijavaup32.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [TaskTray] C:\Programmi\Creative\SBAudigy\TaskBar\CTLTray.exe
O4 - HKCU\..\Run: [TaskBar] C:\Programmi\Creative\SBAudigy\TaskBar\CTLTask.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programmi\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Msg Fixage] msgfixing.exe
O4 - HKCU\..\Run: [Microsoft Synchronization Manager] as2.exe
O4 - HKCU\..\Run: [Win Updater] winupdater.exe
O4 - HKCU\..\Run: [Sygate Personal Firewall] win_sygate.exe
O4 - HKCU\..\Run: [NurbFork] C:\DOCUME~1\bananao\DATIAP~1\PUREFI~1\Aimtick.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Programmi\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [ntdll.dll] c:\gskqhcw.exe -a
O4 - HKCU\..\RunServices: [Ms Java for Windows NT] msijavaup32.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/ ... 1/chat.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://tdserver.bitstream.com/tdserver.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com/fs5/ax/ActiveXWebCam.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {C75BE5CC-7F80-458C-8B66-FAB86E3B13C3} (FotkiUploader Control) - http://images.fotki.com/activex/FotkiUploader.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O16 - DPF: {FFD1E45F-2B11-4742-BF47-3822FE02EE0F} (Yahoo! Foto - salva e condividi le tue foto su Yahoo! E' facile!l Class) - http://us.dl1.yimg.com/download.yahoo.c ... r1_4it.cab
O17 - HKLM\System\CS2\Services\Tcpip\..\{2D9BFEBF-3F12-424A-838F-36B403BE62C4}: NameServer = 85.37.17.15 85.38.28.74
O20 - Winlogon Notify: IPConfMSP - C:\WINNT\
O20 - Winlogon Notify: Setup - C:\WINNT\system32\mtpbde40.dll (file missing)
O20 - Winlogon Notify: SharedDLLs - C:\WINNT\system32\mvg4c32.dll (file missing)
O20 - Winlogon Notify: vtstq - vtstq.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\YmFuYW5hbw\command.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: FireDaemon Service: msagent (msagent) - Unknown owner - C:\WINNT\security\FireDaemon.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Windows Genuine Advantage Registration Service (net32a) - Unknown owner - C:\WINNT\system32\net32a.exe (file missing)
O23 - Service: FireDaemon Service: netclient (netclient) - Unknown owner - C:\WINNT\security\FireDaemon.exe (file missing)
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Programmi\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: Network Monitor - Unknown owner - C:\Programmi\Network Monitor\netmon.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Programmi\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINNT\system32\Tablet.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas http://www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
O23 - Service: change me please (virus) - Unknown owner - C:\WINNT\sysdat.exe (file missing)
O23 - Service: FireDaemon Service: winsecure (winsecure) - Unknown owner - C:\WINNT\security\FireDaemon.exe (file missing)

aiutatemi.

COSA DEVO FARE?

di **andorra24** » 29/08/06 15:46

Ciao, come prima cosa ti consiglio di rimuovere dal Pannello di controllo/installazione applicazioni lo sponsor di Messenger Plus3 e se non ci riesci allora disinstalla l'intero Messenger Plus3.

Passiamo al log. Apri hijackthis, premi su ''open the misc tools section'', poi premi ''open process manager'', individua la voce indicata sotto e premi ''kill process'':

C:\WINNT\system32\msijavaup32.exe

Poi vai in basso e premi il tasto back e subito dopo il tasto scan. Metti la spunta nella casellina accanto alle voci indicate sotto e premi ''fix checked'' :

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe msijavaup32.exe
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,msijavaup32.exe
O4 - HKLM\..\Run: [Microsoft Update] C:\WINNT\
O4 - HKLM\..\Run: [NTSys Updater] c:\windows\hardware32\hardwares.exe
O4 - HKLM\..\Run: [MSsvc322] C:\WINNT\system32\MSsvc32.exe
O4 - HKLM\..\Run: [Services] C:\WINNT\system32\2.tmp
O4 - HKLM\..\Run: [Idle sign sixth eq] C:\Documents and Settings\All Users\Dati applicazioni\vc up idle sign\Bib this.exe
O4 - HKLM\..\Run: [irk4292d] RUNDLL32.EXE w0072b34.dll,n 0034292a0000000a0072b34
O4 - HKLM\..\RunServices: [ntdll.dll] msjava.exe
O4 - HKLM\..\RunServices: [Ms Java for Windows NT] msijavaup32.exe
O4 - HKCU\..\Run: [Msg Fixage] msgfixing.exe
O4 - HKCU\..\Run: [Microsoft Synchronization Manager] as2.exe
O4 - HKCU\..\Run: [Win Updater] winupdater.exe
O4 - HKCU\..\Run: [Sygate Personal Firewall] win_sygate.exe
O4 - HKCU\..\Run: [NurbFork] C:\DOCUME~1\bananao\DATIAP~1\PUREFI~1\Aimtick.exe
O4 - HKCU\..\Run: [ntdll.dll] c:\gskqhcw.exe -a
O4 - HKCU\..\RunServices: [Ms Java for Windows NT] msijavaup32.exe
O16 - DPF: {C75BE5CC-7F80-458C-8B66-FAB86E3B13C3} (FotkiUploader Control) - http://images.fotki.com/activex/FotkiUploader.cab (se non la conosci eliminala)
O20 - Winlogon Notify: IPConfMSP - C:\WINNT\
O20 - Winlogon Notify: Setup - C:\WINNT\system32\mtpbde40.dll (file missing)
O20 - Winlogon Notify: SharedDLLs - C:\WINNT\system32\mvg4c32.dll (file missing)
O20 - Winlogon Notify: vtstq - vtstq.dll (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\YmFuYW5hbw\command.exe (file missing)
O23 - Service: FireDaemon Service: msagent (msagent) - Unknown owner - C:\WINNT\security\FireDaemon.exe (file missing)
O23 - Service: Windows Genuine Advantage Registration Service (net32a) - Unknown owner - C:\WINNT\system32\net32a.exe (file missing)
O23 - Service: FireDaemon Service: netclient (netclient) - Unknown owner - C:\WINNT\security\FireDaemon.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Programmi\Network Monitor\netmon.exe (file missing)
O23 - Service: change me please (virus) - Unknown owner - C:\WINNT\sysdat.exe (file missing)
O23 - Service: FireDaemon Service: winsecure (winsecure) - Unknown owner - C:\WINNT\security\FireDaemon.exe (file missing)

Vai su start/risorse del computer/strumenti/opzioni cartella/visualizzazione e metti la spunta su visualizza cartelle file nascosti e togli la spunta da ''nascondi i file protetti di sistema''.

Scarica killbox da qui:
http://www.bleepingcomputer.com/files/killbox.php
con killbox assicurati che spariscano dal tuo pc i seguenti files (se presenti) :

C:\WINNT\system32\msijavaup32.exe
c:\windows\hardware32\hardwares.exe (dopo aver eliminato il file exe elimina la cartella hardware32)
C:\WINNT\system32\MSsvc32.exe
C:\WINNT\system32\2.tmp
C:\Documents and Settings\All Users\Dati applicazioni\vc up idle sign\Bib this.exe (dopo elimina anche la cartella vc up idle sign)
C:\WINNT\system32\msjava.exe
C:\WINNT\system32\as2.exe
C:\WINNT\system32\winupdater.exe
C:\WINNT\system32\msgfixing.exe
C:\WINNT\system32\win_sygate.exe
C:\DOCUME~1\bananao\DATIAP~1\PUREFI~1\Aimtick.exe
c:\gskqhcw.exe

Fai una scansione con bitdefender online:
http://www.bitdefender.com/scan8/ie.html
e una con superantispyware:
http://www.superantispyware.com/downloa ... PYWAREFREE

di **(b)ananartista** » 29/08/06 15:59

non so come mai ma la funzione di scan non è attiva.
tutto il riquadrino scan and fix stuff è disattivo.

che fare?

c'è una alternativa?

(b)

.

di **Luke57** » 29/08/06 16:00

Ciao, scarica questi programmi:
per la rimozione di Look2me
http://www.atribune.org/ccount/click.php?id=7

Scarica stinger 2.6.0 da qui:
http://vil.nai.com/vil/stinger/

è stand alone non va installato

Scarica superantispyware free da qui:
http://www.superantispyware.com/
installalo e aggiorna le definizioni

Gaobotfix da qui:
http://securityresponse.symantec.com/av ... Gaobot.exe

Esegui il tool per la rimozione di Look2me

QUOTE

* Chiudere tutti i programmi prima di continuare.
* Cliccare su Look2Me-Destroyer.exe per eseguirlo.
* Mettere la spunta a "next to Run this program as a task"
* Riceverete un messaggio messaggio che Look2Me-Destroyer si chiuderà e riaprirà in 1 minuto. CliccateOK
* Quando Look2Me-Destroyer si riapre, Clicca sul bottone "Scan for L2M " , le icone del desktop scompariranno, questo è normale.
* Una volta fatta la scansione, cliccare su "Remove L2M".
* Riceverete il messaggio scansione effettuata, cliccare OK.
* Quando completato, vedrete messaggio: " Done removing infected files! Look2Me-Destroyer will now shutdown your computer", cliccare OK.
* Al riavvio, postare sul forum, se richiesto il contenuto di Look2Me-Destroyer.txt ed un log HiJackThis nuovo .

Esegui gaobot fix

Fai una scansione completa con stinger

Fai una scansione completa con superantispyware

Invia nuovo log di hijackthis

di **andorra24** » 29/08/06 16:13

Ciao Luke, le voci relative a look2me comunque risultano missing nel suo log, quindi dovrebbe gia' essere stato rimosso da qualche sua precedente scansione.

di **andorra24** » 29/08/06 16:21

(b)ananartista ha scritto:non so come mai ma la funzione di scan non è attiva.
tutto il riquadrino scan and fix stuff è disattivo.

che fare?

c'è una alternativa?

(b)

.

Ti riferisci alla scansione di bitdefender? Intanto esegui la scansione con superantispyware e le altre consigliate da Luke57.

di **(b)ananartista** » 29/08/06 21:50

ecco ho fatto alcune delle cose che mi avete suggerito
e il computer sembra a posto.

ecco il log attuale:

Logfile of HijackThis v1.99.1
Scan saved at 22.49.49, on 29/08/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\WINNT\system32\CTsvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\Sony\MD Simple Burner\NetMDSB.exe
C:\Programmi\Prevx1\PXAgent.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\MSTask.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\Tablet.exe
C:\VEXPLITE\viritsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\system32\CTHELPER.EXE
C:\WINNT\system32\GSICON.EXE
C:\WINNT\system32\dslagent.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINNT\kdx\KHost.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Prevx1\PXConsole.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINNT\system32\internat.exe
C:\Programmi\Creative\SBAudigy\TaskBar\CTLTray.exe
C:\Programmi\Creative\SBAudigy\TaskBar\CTLTask.exe
C:\Programmi\MySpace\IM\MySpaceIM.exe
C:\Programmi\Yahoo!\Messenger\ymsgr_tray.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avcenter.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\WINNT\system32\cmd.exe
C:\DOCUME~1\bananao\IMPOST~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programmi\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [kdx] C:\WINNT\kdx\KHost.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmi\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ntdll.dll] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [PrevxOne] C:\Programmi\Prevx1\PXConsole.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [TaskTray] C:\Programmi\Creative\SBAudigy\TaskBar\CTLTray.exe
O4 - HKCU\..\Run: [TaskBar] C:\Programmi\Creative\SBAudigy\TaskBar\CTLTask.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programmi\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Programmi\MySpace\IM\MySpaceIM.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/ ... 1/chat.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://tdserver.bitstream.com/tdserver.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com/fs5/ax/ActiveXWebCam.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {C75BE5CC-7F80-458C-8B66-FAB86E3B13C3} (FotkiUploader Control) - http://images.fotki.com/activex/FotkiUploader.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O16 - DPF: {FFD1E45F-2B11-4742-BF47-3822FE02EE0F} (Yahoo! Foto - salva e condividi le tue foto su Yahoo! E' facile!l Class) - http://us.dl1.yimg.com/download.yahoo.c ... r1_4it.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D9BFEBF-3F12-424A-838F-36B403BE62C4}: NameServer = 85.37.17.15 85.38.28.74
O17 - HKLM\System\CS1\Services\Tcpip\..\{2D9BFEBF-3F12-424A-838F-36B403BE62C4}: NameServer = 85.37.17.15 85.38.28.74
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\YmFuYW5hbw\command.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: FireDaemon Service: msagent (msagent) - Unknown owner - C:\WINNT\security\FireDaemon.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Windows Genuine Advantage Registration Service (net32a) - Unknown owner - C:\WINNT\system32\net32a.exe (file missing)
O23 - Service: FireDaemon Service: netclient (netclient) - Unknown owner - C:\WINNT\security\FireDaemon.exe (file missing)
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Programmi\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Programmi\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINNT\system32\Tablet.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas http://www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
O23 - Service: change me please (virus) - Unknown owner - C:\WINNT\sysdat.exe (file missing)
O23 - Service: FireDaemon Service: winsecure (winsecure) - Unknown owner - C:\WINNT\security\FireDaemon.exe (file missing)

1- è davvero tutto a posto?

2- come faccio a difendermi da futuri attacchi? adesso ho antivir, è un buon prodotto?

grazie.

(b)

.

di **andorra24** » 29/08/06 22:10

Ci sono alcune voci da rimuovere:
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\YmFuYW5hbw\command.exe (file missing)
O23 - Service: FireDaemon Service: msagent (msagent) - Unknown owner - C:\WINNT\security\FireDaemon.exe (file missing)
O23 - Service: Windows Genuine Advantage Registration Service (net32a) - Unknown owner - C:\WINNT\system32\net32a.exe (file missing)
O23 - Service: FireDaemon Service: netclient (netclient) - Unknown owner - C:\WINNT\security\FireDaemon.exe (file missing)
O23 - Service: FireDaemon Service: winsecure (winsecure) - Unknown owner - C:\WINNT\security\FireDaemon.exe (file missing)
O23 - Service: change me please (virus) - Unknown owner - C:\WINNT\sysdat.exe (file missing)

Riprova ad eliminarle con hijackthis (se necessario anche in modalita' provvisoria). Se con hijackthis non funziona fai cosi:

start>esegui>sc stop cmdService>OK
start>esegui>sc delete cmdService>OK

start>esegui>sc stop msagent>OK
start>esegui>sc delete msagent>OK

start>esegui>sc stop net32a>OK
start>esegui>sc delete net32a>OK

start>esegui>sc stop netclient>OK
start>esegui>sc delete netclient>OK

start>esegui>sc stop winsecure>OK
start>esegui>sc delete winsecure>OK

start>esegui>sc stop virus>OK
start>esegui>sc delete virus>OK

(b)ananartista ha scritto:

2- come faccio a difendermi da futuri attacchi? adesso ho antivir, è un buon prodotto?

Si antivir va bene come antivirus. Inoltre aggiorna sempre il sistema operativo, naviga con un browser diverso da IE come Firefox.

di **(b)ananartista** » 31/08/06 11:52

ho seguito tutte le vostre istruzioni e sembrava tutto a posto.

poi antivir ha iniziato a segnalare virus di continuo
e ho continuato ad usare antivir per eliminarli.

evidentemente con scarsi risultati dato che ora il pc ha ancora problemi ed è infetto.

ecco il mio log attuale:

Logfile of HijackThis v1.99.1
Scan saved at 10.51.22, on 31/08/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\WINNT\system32\CTsvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\Sony\MD Simple Burner\NetMDSB.exe
C:\Programmi\Prevx1\PXAgent.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\MSTask.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\Tablet.exe
C:\VEXPLITE\viritsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\system32\CTHELPER.EXE
C:\WINNT\system32\GSICON.EXE
C:\WINNT\system32\dslagent.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINNT\kdx\KHost.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Prevx1\PXConsole.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINNT\system32\internat.exe
C:\Programmi\Creative\SBAudigy\TaskBar\CTLTray.exe
C:\Programmi\Creative\SBAudigy\TaskBar\CTLTask.exe
C:\Programmi\MySpace\IM\MySpaceIM.exe
C:\VEXPLITE\VIRITEXP.EXE
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programmi\Yahoo!\Messenger\YPager.exe
C:\WINNT\hh.exe
C:\WINNT\hh.exe
C:\Programmi\Microsoft Office\Office\WINWORD.EXE
C:\WINNT\system32\cmd.exe
C:\WINNT\system32\FTP.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\bananao\IMPOST~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programmi\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [kdx] C:\WINNT\kdx\KHost.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmi\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ntdll.dll] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [PrevxOne] C:\Programmi\Prevx1\PXConsole.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [TaskTray] C:\Programmi\Creative\SBAudigy\TaskBar\CTLTray.exe
O4 - HKCU\..\Run: [TaskBar] C:\Programmi\Creative\SBAudigy\TaskBar\CTLTask.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programmi\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Programmi\MySpace\IM\MySpaceIM.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/ ... 1/chat.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://tdserver.bitstream.com/tdserver.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com/fs5/ax/ActiveXWebCam.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {C75BE5CC-7F80-458C-8B66-FAB86E3B13C3} (FotkiUploader Control) - http://images.fotki.com/activex/FotkiUploader.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O16 - DPF: {FFD1E45F-2B11-4742-BF47-3822FE02EE0F} (Yahoo! Foto - salva e condividi le tue foto su Yahoo! E' facile!l Class) - http://us.dl1.yimg.com/download.yahoo.c ... r1_4it.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D9BFEBF-3F12-424A-838F-36B403BE62C4}: NameServer = 85.37.17.15 85.38.28.74
O17 - HKLM\System\CS1\Services\Tcpip\..\{2D9BFEBF-3F12-424A-838F-36B403BE62C4}: NameServer = 85.37.17.15 85.38.28.74
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\YmFuYW5hbw\command.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: FireDaemon Service: msagent (msagent) - Unknown owner - C:\WINNT\security\FireDaemon.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Windows Genuine Advantage Registration Service (net32a) - Unknown owner - C:\WINNT\system32\net32a.exe (file missing)
O23 - Service: FireDaemon Service: netclient (netclient) - Unknown owner - C:\WINNT\security\FireDaemon.exe (file missing)
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Programmi\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Programmi\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINNT\system32\Tablet.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas http://www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
O23 - Service: change me please (virus) - Unknown owner - C:\WINNT\sysdat.exe (file missing)
O23 - Service: FireDaemon Service: winsecure (winsecure) - Unknown owner - C:\WINNT\security\FireDaemon.exe (file missing)

CHE FACCIO?

anticipatamente grazie.
(b)

di **andorra24** » 31/08/06 12:28

Dal tuo ultimo log non emerge nessuna nuova infezione. Ci sono solo le solite voci di file missing che dovresti cercare di eliminare (anche in modalita' provvisoria) :

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\YmFuYW5hbw\command.exe (file missing)
O23 - Service: FireDaemon Service: msagent (msagent) - Unknown owner - C:\WINNT\security\FireDaemon.exe (file missing)
O23 - Service: Windows Genuine Advantage Registration Service (net32a) - Unknown owner - C:\WINNT\system32\net32a.exe (file missing)
O23 - Service: FireDaemon Service: netclient (netclient) - Unknown owner - C:\WINNT\security\FireDaemon.exe (file missing)
O23 - Service: FireDaemon Service: winsecure (winsecure) - Unknown owner - C:\WINNT\security\FireDaemon.exe (file missing)
O23 - Service: change me please (virus) - Unknown owner - C:\WINNT\sysdat.exe (file missing)

start>esegui>sc stop cmdService>OK
start>esegui>sc delete cmdService>OK

start>esegui>sc stop msagent>OK
start>esegui>sc delete msagent>OK

start>esegui>sc stop net32a>OK
start>esegui>sc delete net32a>OK

start>esegui>sc stop netclient>OK
start>esegui>sc delete netclient>OK

start>esegui>sc stop winsecure>OK
start>esegui>sc delete winsecure>OK

start>esegui>sc stop virus>OK
start>esegui>sc delete virus>OK

Poi ribadisco che dovresti fare una scansione online sul sito di bitdefender: http://www.bitdefender.com/scan8/ie.html
e magari anche con ewido: http://www.ewido.net/en/onlinescan/

di **(b)ananartista** » 31/08/06 17:58

non riesco proprio a eliminarli quei file,
neanche in modalità provvisoria.

boh...

e poi dopo un po compare :

"arresto del sistema"

il sistema sta per essere arresta....
l'arresto è stato iniziato da nt authoryty\system

il processo di sistema
"c:\winnt|system32\services.exe! è terminato in modo non previsto con codice di stato 128.
il sistema sarà chiuso e riavviato.

è forse il sasser?

che faccio?

ancora grazie.

(b)(b)(b)

.

di **andorra24** » 31/08/06 18:16

(b)ananartista ha scritto:

"arresto del sistema"

il sistema sta per essere arresta....
l'arresto è stato iniziato da nt authoryty\system

il processo di sistema
"c:\winnt|system32\services.exe! è terminato in modo non previsto con codice di stato 128.
il sistema sarà chiuso e riavviato.

Vedi se questo link puo' aiutarti, sembra il tuo caso:
http://support.microsoft.com/default.as ... t%3B318447

Comunque per sicurezza dai una passata con stinger:
http://download.nai.com/products/mcafee ... tng260.exe

di **(b)ananartista** » 02/09/06 13:57

ora il mio log è così

Logfile of HijackThis v1.99.1
Scan saved at 14.52.10, on 02/09/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\WINNT\system32\CTsvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\Sony\MD Simple Burner\NetMDSB.exe
C:\Programmi\Prevx1\PXAgent.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\Tablet.exe
C:\VEXPLITE\viritsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\system32\CTHELPER.EXE
C:\WINNT\system32\GSICON.EXE
C:\WINNT\system32\dslagent.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINNT\kdx\KHost.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Prevx1\PXConsole.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINNT\system32\internat.exe
C:\Programmi\Creative\SBAudigy\TaskBar\CTLTray.exe
C:\Programmi\Creative\SBAudigy\TaskBar\CTLTask.exe
C:\Programmi\MySpace\IM\MySpaceIM.exe
C:\Programmi\Yahoo!\Messenger\ymsgr_tray.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\bananao\IMPOST~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programmi\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [kdx] C:\WINNT\kdx\KHost.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmi\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ntdll.dll] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [PrevxOne] C:\Programmi\Prevx1\PXConsole.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [TaskTray] C:\Programmi\Creative\SBAudigy\TaskBar\CTLTray.exe
O4 - HKCU\..\Run: [TaskBar] C:\Programmi\Creative\SBAudigy\TaskBar\CTLTask.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programmi\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Programmi\MySpace\IM\MySpaceIM.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/ ... 1/chat.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://tdserver.bitstream.com/tdserver.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com/fs5/ax/ActiveXWebCam.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {C75BE5CC-7F80-458C-8B66-FAB86E3B13C3} (FotkiUploader Control) - http://images.fotki.com/activex/FotkiUploader.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O16 - DPF: {FFD1E45F-2B11-4742-BF47-3822FE02EE0F} (Yahoo! Foto - salva e condividi le tue foto su Yahoo! E' facile!l Class) - http://us.dl1.yimg.com/download.yahoo.c ... r1_4it.cab
O17 - HKLM\System\CS2\Services\Tcpip\..\{2D9BFEBF-3F12-424A-838F-36B403BE62C4}: NameServer = 85.37.17.15 85.38.28.74
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\YmFuYW5hbw\command.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: FireDaemon Service: msagent (msagent) - Unknown owner - C:\WINNT\security\FireDaemon.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Windows Genuine Advantage Registration Service (net32a) - Unknown owner - C:\WINNT\system32\net32a.exe (file missing)
O23 - Service: FireDaemon Service: netclient (netclient) - Unknown owner - C:\WINNT\security\FireDaemon.exe (file missing)
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Programmi\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Programmi\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINNT\system32\Tablet.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas http://www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
O23 - Service: change me please (virus) - Unknown owner - C:\WINNT\sysdat.exe (file missing)
O23 - Service: FireDaemon Service: winsecure (winsecure) - Unknown owner - C:\WINNT\security\FireDaemon.exe (file missing)

poi con antivir mi continua arrivare l'avviso che sono infettato da
BDS/VANBOT.F

non ho trovato notizie su questo.
genera un exe che si chiama netapi.

?

(b)

.

di **andorra24** » 02/09/06 14:25

Nel tuo log ci sono sempre le stesse voci che ti porti appresso da un bel po'. Se non riesci ad eliminarle definitivamente non posso farci nulla. Fai una scansione online con bitdefender e controlla lo stato del tuo pc:

http://www.bitdefender.com/scan8/ie.html

di **Luke57** » 02/09/06 15:54

Ciao, va in questo link
http://www.wininizio.it/forum/index.php?showtopic=33498
e segui le istruzioni e link di Dinop per command service (ci sono due tool appositi).

di **(b)ananartista** » 13/09/06 14:31

il problema persiste.

ogni due ore circa il sistema viene arrestato da nt/authority/system

.

e se anche cambio l'ora per evitare il riavvio
il computer rallenta,
non salva le cose,
si blocca,
molte funzioni non sono più ok.

che faccio?

(b)

di **(b)ananartista** » 13/09/06 20:03

nessuno riesce ad aiutarmi.

ho seguito tutte le procedure che mi avete consigliato.

niente?

di **lucas/s** » 13/09/06 20:11

sc delete cmdService
sc delete msagent
sc delete net32a
sc delelte netclient
sc delete "virus"
sc delete "FireDaemon Service"
sc delete "change me please"
sc delete "Windows Genuine Advantage Registration Service"

Prova così,ciao

!!!..... URGENTI PROBLEMI ........ !!!

!!!..... URGENTI PROBLEMI ........ !!!

Topic correlati a "!!!..... URGENTI PROBLEMI ........ !!!":

Chi c’è in linea