Condividi:        

PER FAVORE ANALIZZATEMI QUESTO LOG!!! è urgenteee;(

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

PER FAVORE ANALIZZATEMI QUESTO LOG!!! è urgenteee;(

Postdi eletto » 29/08/06 17:23

Logfile of HijackThis v1.99.1
Scan saved at 20.50.53, on 28/08/2006
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\nvsvc32.exe
C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
C:\WINNT\system32\MSTask.exe
C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\tcpservice.exe
C:\WINNT\wdfmgr.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\System32\67861_netapi.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\bcmwltry.exe
C:\WINNT\system32\LVCOMSX.EXE
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINNT\Passepartout.exe
C:\dfndrff_14.exe
C:\kybrdff_14.exe
C:\Documents and Settings\Administrator\Desktop\Fabrizio\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://gw.aliceadsl.it/minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://free-default-update-win-mac-free ... net/sh.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.aliceadsl.it/home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: Shell=Explorer.exe 67861_netapi.exe
F2 - REG:system.ini: UserInit=C:\WINNT\System32\userinit.exe,67861_netapi.exe
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINNT\System32\vtusrsp.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Programmi\Dealio\Dealio.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1040,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KAVPersonal50] C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [XpOpenAuto] "C:\Programmi\Belkin\Belkin 54Mbps Wireless Utility\TOOL\OpenXpAuto.exe" 979899a48a75987f6b9d86a9aa798c73837198ae83a6a498b878837b768a788c84
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [YahooMessenger32] C:\WINNT\data\services.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FASTTRACKPassepartout] C:\WINNT\Passepartout.exe -A
O4 - HKLM\..\Run: [defender] C:\\dfndrff_14.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_14.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmff_14.exe
O4 - HKLM\..\RunServices: [Microsoft Server Client For Windows NT] 67861_netapi.exe
O4 - HKCU\..\Run: [FASTTRACKPassepartout] C:\WINNT\Passepartout.exe -A
O4 - HKCU\..\RunServices: [Microsoft Server Client For Windows NT] 67861_netapi.exe
O8 - Extra context menu item: &Cerca con Google - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Add to &Teleport - C:\Programmi\Teleport Pro\teleport.htm
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Programmi\Dealio\res\DealioSearch.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link a ritroso - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Salva oggetto con Net Transport - C:\Programmi\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Salva tutti gli oggetti con Net Transport - C:\Programmi\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programmi\Dealio\Dealio.dll (file missing)
O9 - Extra button: Alice - {9EEEEE59-FF84-4B8E-A122-3743A6C76824} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {275E2FE0-7486-11D0-89D6-00A0C90C9B67} (MCSiMenuCtl Class) - http://activex.microsoft.com/controls/mcsi/mcsimenu.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://elettoz.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/31f27ef5c1a ... 601_it.cab
O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} (PlayerOCX Control) - http://www.pysoft.com/Downloads/WebCamPlayerOCX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v ... b34246.cab
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.virgilio.it/downloa ... ctiveX.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F5BC716E-2650-4B08-9235-C110CF95017F} (Connessione Tiscali) - http://selfcare.tiscali.it/scripts/onec ... iscali.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D69D947F-5D1A-42B1-9822-94377584E58B}: NameServer = 212.48.4.30,62.211.69.170
O20 - Winlogon Notify: Explorer - C:\WINNT\system32\p0r40a9qed.dll
O20 - Winlogon Notify: vtusrsp - C:\WINNT\SYSTEM32\vtusrsp.dll
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Servizio iPod (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Microsoft Windows Spool Service (Windows Spool Service) - Unknown owner - C:\WINNT\wdfmgr.exe
eletto
Utente Junior
 
Post: 40
Iscritto il: 21/02/06 15:59

Sponsor
 

Postdi andorra24 » 29/08/06 17:46

Ciao, come prima cosa lancia il tool di rimozione dell'adware look2me perche' ne sei affetto:
http://www.atribune.org/content/view/28/2/

Adesso passiamo al log. Apri hijackthis, premi su ''open the misc tools section'', poi premi ''open process manager'', individua le voci indicate sotto e premi ''kill process'':

C:\WINNT\System32\67861_netapi.exe
C:\WINNT\Passepartout.exe
C:\dfndrff_14.exe
C:\kybrdff_14.exe
C:\WINNT\system32\tcpservice.exe
C:\WINNT\wdfmgr.exe

Poi vai in basso e premi il tasto back e subito dopo il tasto scan. Metti la spunta nella casellina accanto alle voci indicate sotto e premi ''fix checked'' :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://free-default-update-win-mac-free ... net/sh.htm
F2 - REG:system.ini: Shell=Explorer.exe 67861_netapi.exe
F2 - REG:system.ini: UserInit=C:\WINNT\System32\userinit.exe,67861_netapi.exe
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINNT\System32\vtusrsp.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Programmi\Dealio\Dealio.dll (file missing)
O4 - HKLM\..\Run: [YahooMessenger32] C:\WINNT\data\services.exe
O4 - HKLM\..\Run: [FASTTRACKPassepartout] C:\WINNT\Passepartout.exe -A
O4 - HKLM\..\Run: [defender] C:\\dfndrff_14.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_14.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmff_14.exe
O4 - HKLM\..\RunServices: [Microsoft Server Client For Windows NT] 67861_netapi.exe
O4 - HKCU\..\Run: [FASTTRACKPassepartout] C:\WINNT\Passepartout.exe -A
O4 - HKCU\..\RunServices: [Microsoft Server Client For Windows NT] 67861_netapi.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Programmi\Dealio\res\DealioSearch.html
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programmi\Dealio\Dealio.dll (file missing)
O16 - DPF: {275E2FE0-7486-11D0-89D6-00A0C90C9B67} (MCSiMenuCtl Class) - http://activex.microsoft.com/controls/mcsi/mcsimenu.cab (se non la conosci eliminala)
O20 - Winlogon Notify: Explorer - C:\WINNT\system32\p0r40a9qed.dll
O20 - Winlogon Notify: vtusrsp - C:\WINNT\SYSTEM32\vtusrsp.dll
O23 - Service: Microsoft Windows Spool Service (Windows Spool Service) - Unknown owner - C:\WINNT\wdfmgr.exe

Vai su start/risorse del computer/strumenti/opzioni cartella/visualizzazione e metti la spunta su visualizza cartelle file nascosti e togli la spunta da ''nascondi i file protetti di sistema''.

Scarica killbox da qui:
http://www.bleepingcomputer.com/files/killbox.php
con killbox assicurati che spariscano dal tuo pc i seguenti files (se presenti) :
C:\WINNT\System32\67861_netapi.exe
C:\WINNT\Passepartout.exe
C:\dfndrff_14.exe
C:\kybrdff_14.exe
C:\\nwnmff_14.exe
C:\WINNT\System32\vtusrsp.dll
C:\WINNT\data\services.exe
C:\WINNT\system32\p0r40a9qed.dll
C:\WINNT\wdfmgr.exe
C:\WINNT\system32\tcpservice.exe

Fai una scansione approfondita con superantispyware:
http://www.superantispyware.com/downloa ... PYWAREFREE
e una con questo tool antivirus standalone:
http://download.drweb.com/drweb+cureit/
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi eletto » 30/08/06 18:45

Ciao,

grazie mille per la velocità con cui mi hai risposto!!!Ho fatto tutto come hai detto ma qualcosa nn ha funzionato...
innanzi tutto i "Look2Me-Destroyer" nn funziona quindi nn ho potutto eliminare quel virus..quando l'avvio si richiude dicendomi ke in meno di un minuto si riaprirà,invece non si avvia piu!
Poi nel log file vado elimnare quei files ke mi hai detto,alcuni li ha eliminati altri dice che nn può!Devo dire che però qualcosa è già cambaito perchè prima c'era un qualcosa ke mi disattiva l'antivirus ora invece funziona correttamente quindi farò fare anche una scansione con questo..

Ora ti posto un nuovo log files almeno mi dici cosa devo fare:

Logfile of HijackThis v1.99.1
Scan saved at 19.48.33, on 30/08/2006
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\nvsvc32.exe
C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
C:\WINNT\system32\MSTask.exe
C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\explorer.exe
C:\WINNT\System32\bcmwltry.exe
C:\WINNT\system32\LVCOMSX.EXE
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINNT\System32\ogyjd.exe
C:\WINNT\System32\zmw.exe
C:\Documents and Settings\Administrator\Desktop\Fabrizio\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://gw.aliceadsl.it/minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.aliceadsl.it/home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1040,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KAVPersonal50] C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [XpOpenAuto] "C:\Programmi\Belkin\Belkin 54Mbps Wireless Utility\TOOL\OpenXpAuto.exe" 979899a48a75987f6b9d86a9aa798c73837198ae83a6a498b878837b768a788c84
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Mgsgi service] ogyjd.exe
O4 - HKLM\..\Run: [Microsoft (R) Windows Update Manager] C:\dihf.exe
O4 - HKLM\..\Run: [Windows Network Firewall] C:\WINNT\System32\firewall.exe
O4 - HKLM\..\Run: [Windows Update Firewall System] winmsfw.exe
O4 - HKLM\..\Run: [Windows Update] Windowsupfix.exe
O4 - HKLM\..\Run: [RPC Service] zmw.exe
O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINNT\System32\kgovnohv.exe
O4 - HKLM\..\RunServices: [Mgsgi service] ogyjd.exe
O4 - HKLM\..\RunServices: [Windows Update Firewall System] winmsfw.exe
O4 - HKLM\..\RunServices: [Windows Update] Windowsupfix.exe
O4 - HKLM\..\RunServices: [RPC Service] zmw.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &Cerca con Google - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Add to &Teleport - C:\Programmi\Teleport Pro\teleport.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link a ritroso - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Salva oggetto con Net Transport - C:\Programmi\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Salva tutti gli oggetti con Net Transport - C:\Programmi\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: Alice - {9EEEEE59-FF84-4B8E-A122-3743A6C76824} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://elettoz.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/31f27ef5c1a ... 601_it.cab
O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} (PlayerOCX Control) - http://www.pysoft.com/Downloads/WebCamPlayerOCX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v ... b34246.cab
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.virgilio.it/downloa ... ctiveX.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F5BC716E-2650-4B08-9235-C110CF95017F} (Connessione Tiscali) - http://selfcare.tiscali.it/scripts/onec ... iscali.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D69D947F-5D1A-42B1-9822-94377584E58B}: NameServer = 212.48.4.30,62.211.69.170
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Servizio iPod (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: TCP/IP Protocol Service (tcpipservice) - Unknown owner - C:\WINNT\system32\tcpservice.exe (file missing)
O23 - Service: Windows Update Manager (UpdateManager) - Unknown owner - C:\dihf.exe (file missing)
O23 - Service: Microsoft Windows Spool Service (Windows Spool Service) - Unknown owner - C:\WINNT\wdfmgr.exe (file missing)
eletto
Utente Junior
 
Post: 40
Iscritto il: 21/02/06 15:59

Postdi andorra24 » 30/08/06 19:10

Allora, ci sono diverse cose che vanno eliminate. Apri hijackthis, premi su ''open the misc tools section'', poi premi ''open process manager'', individua le voci indicata sotto e premi ''kill process'':

C:\WINNT\System32\ogyjd.exe
C:\WINNT\System32\zmw.exe

Poi vai in basso e premi il tasto back e subito dopo il tasto scan. Metti la spunta nella casellina accanto alle voci indicate sotto e premi ''fix checked'' :

O4 - HKLM\..\Run: [Mgsgi service] ogyjd.exe
O4 - HKLM\..\Run: [Microsoft (R) Windows Update Manager] C:\dihf.exe
O4 - HKLM\..\Run: [Windows Network Firewall] C:\WINNT\System32\firewall.exe
O4 - HKLM\..\Run: [Windows Update Firewall System] winmsfw.exe
O4 - HKLM\..\Run: [Windows Update] Windowsupfix.exe
O4 - HKLM\..\Run: [RPC Service] zmw.exe
O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINNT\System32\kgovnohv.exe
O4 - HKLM\..\RunServices: [Mgsgi service] ogyjd.exe
O4 - HKLM\..\RunServices: [Windows Update Firewall System] winmsfw.exe
O4 - HKLM\..\RunServices: [Windows Update] Windowsupfix.exe
O4 - HKLM\..\RunServices: [RPC Service] zmw.exe
O23 - Service: TCP/IP Protocol Service (tcpipservice) - Unknown owner - C:\WINNT\system32\tcpservice.exe (file missing)
O23 - Service: Windows Update Manager (UpdateManager) - Unknown owner - C:\dihf.exe (file missing)
O23 - Service: Microsoft Windows Spool Service (Windows Spool Service) - Unknown owner - C:\WINNT\wdfmgr.exe (file missing)

Vai su start/risorse del computer/strumenti/opzioni cartella/visualizzazione e metti la spunta su visualizza cartelle file nascosti e togli la spunta da ''nascondi i file protetti di sistema''.

Con killbox elimina i seguenti files (se presenti) :
C:\WINNT\System32\ogyjd.exe
C:\WINNT\System32\zmw.exe
C:\WINNT\System32\ogyjd.exe
C:\dihf.exe
C:\WINNT\System32\firewall.exe
C:\WINNT\System32\winmsfw.exe
C:\WINNT\System32\Windowsupfix.exe
C:\WINNT\System32\kgovnohv.exe

Fai anche queste semplici operazioni:

start>esegui>sc stop tcpipservice>OK
start>esegui>sc delete tcpipservice>OK

start>esegui>sc stop UpdateManager>OK
start>esegui>sc delete UpdateManager>OK

start>esegui>sc stop Windows Spool Service>OK
start>esegui>sc delete Windows Spool Service>OK

Fai una scansione online sul sito di bitdefender:
http://www.bitdefender.com/scan8/ie.html
Ultima modifica di andorra24 su 30/08/06 20:37, modificato 1 volte in totale.
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi eletto » 30/08/06 19:46

dannazione!!!
allora:

il killbox.exe nn si apre piu..mi fa un errore strano ERRORE DI SISTEMA (VARI NUMERI).SERVER RPC NN DISPONIBILE.ho provato anche a riscaricarlo ma niente...

poi ho fatto quei comandi su esegui ma mi dice IMPOSSIBILE TROVARE IL FILE SC...
....cosa devo fare?
scusa se ti sto rompendo l'anima!!ma mi devo aggiustare assolutamente il pc...
cmq ti riposto un nuovo log:

Logfile of HijackThis v1.99.1
Scan saved at 20.51.11, on 30/08/2006
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\nvsvc32.exe
C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
C:\WINNT\system32\MSTask.exe
C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\explorer.exe
C:\WINNT\System32\bcmwltry.exe
C:\WINNT\system32\LVCOMSX.EXE
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Real\RealOne Player\RealPlay.exe
C:\PROGRA~1\Alice\ALICEE~1\app\EnterNet.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\Fabrizio\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://gw.aliceadsl.it/minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.aliceadsl.it/home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1040,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KAVPersonal50] C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [XpOpenAuto] "C:\Programmi\Belkin\Belkin 54Mbps Wireless Utility\TOOL\OpenXpAuto.exe" 979899a48a75987f6b9d86a9aa798c73837198ae83a6a498b878837b768a788c84
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
O8 - Extra context menu item: &Cerca con Google - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Add to &Teleport - C:\Programmi\Teleport Pro\teleport.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link a ritroso - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Salva oggetto con Net Transport - C:\Programmi\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Salva tutti gli oggetti con Net Transport - C:\Programmi\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: Alice - {9EEEEE59-FF84-4B8E-A122-3743A6C76824} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://elettoz.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/31f27ef5c1a ... 601_it.cab
O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} (PlayerOCX Control) - http://www.pysoft.com/Downloads/WebCamPlayerOCX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v ... b34246.cab
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.virgilio.it/downloa ... ctiveX.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F5BC716E-2650-4B08-9235-C110CF95017F} (Connessione Tiscali) - http://selfcare.tiscali.it/scripts/onec ... iscali.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D69D947F-5D1A-42B1-9822-94377584E58B}: NameServer = 212.48.4.30,62.211.69.170
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Servizio iPod (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: TCP/IP Protocol Service (tcpipservice) - Unknown owner - C:\WINNT\system32\tcpservice.exe (file missing)
O23 - Service: Windows Update Manager (UpdateManager) - Unknown owner - C:\dihf.exe (file missing)
O23 - Service: Microsoft Windows Spool Service (Windows Spool Service) - Unknown owner - C:\WINNT\wdfmgr.exe (file missing)
eletto
Utente Junior
 
Post: 40
Iscritto il: 21/02/06 15:59

Postdi andorra24 » 30/08/06 19:59

Guarda, la situazione adesso e' OK rispetto a prima. Infatti prima avevi tantissime infezioni e adesso e' pulito. Ci sono solo 3 voci residue (file missing) da eliminare con hijackthis:

O23 - Service: TCP/IP Protocol Service (tcpipservice) - Unknown owner - C:\WINNT\system32\tcpservice.exe (file missing)
O23 - Service: Windows Update Manager (UpdateManager) - Unknown owner - C:\dihf.exe (file missing)
O23 - Service: Microsoft Windows Spool Service (Windows Spool Service) - Unknown owner - C:\WINNT\wdfmgr.exe (file missing)

Se non riesci ad eliminarle in modalita' normale riprova in modalita' provvisoria. In modalita' provvisoria riprova anche quei 3 comandi su ''esegui'' che ti ho indicato nel post precedente. Poi ti esorto a fare una scansione con bitdefender online per ulteriore sicurezza.
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi eletto » 30/08/06 20:14

effettivamente è migliorato di molto ...prima era impossibile navigare perchè incominciavano a nascere errori strani..per fortuna si è svegliato anche il mio antivius e ogni tanto ha individauato e fatto elilminare dei file chiamati netepai.exe(o qualcosa del genere).Ho nontato che nella cartella WINT ce ne sono parecchi di sti netepai.exe..che sono??
cmq l'ho fatta la scansione però nn ho capito molto se ha elimiato o meno eventuali files infetti perchè era in tedesco..ora cmq vado in modalità provvisoria e faccio quello ke mi hai detto...
un'altra cosa strana è che la qualità dello schermo si è tipo abbassata..come se fosse un pò in grassetto...vado ammazzo e torno!!:)...
cmq GRAZIE MILLE ANCORA!!!
eletto
Utente Junior
 
Post: 40
Iscritto il: 21/02/06 15:59

Postdi eletto » 30/08/06 20:15

ah...un'altra cosa ho notato..non mi fa fare piu il copia e incolla nè con il tasto destro nè con i comandi veloci:\
eletto
Utente Junior
 
Post: 40
Iscritto il: 21/02/06 15:59

Postdi andorra24 » 30/08/06 20:41

eletto ha scritto: ogni tanto ha individauato e fatto elilminare dei file chiamati netepai.exe(o qualcosa del genere).Ho nontato che nella cartella WINT ce ne sono parecchi di sti netepai.exe..che sono??

Se non indichi il nome preciso di questi files non posso certo tirare ad indovinare, ma suppongo che siano virus o qualcosa di simile.
eletto ha scritto:cmq l'ho fatta la scansione però nn ho capito molto se ha elimiato o meno eventuali files infetti perchè era in tedesco..

Non ti ho linkato nessuna scansione in tedesco, se mai era inglese.
Comunque posso solo dirti che eri conciato malissimo ed avevi tante infezioni. Ma non usi un firewall?
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi eletto » 30/08/06 20:50

il link ke mi avevi dato nn funzionava per cui sono andato manualmente a trovare il softwere per lo SCAN...
senti nn hai mica il MSN?almeno parliamo meglio?
eletto
Utente Junior
 
Post: 40
Iscritto il: 21/02/06 15:59

Postdi andorra24 » 30/08/06 21:01

eletto ha scritto:il link ke mi avevi dato nn funzionava per cui sono andato manualmente a trovare il softwere per lo SCAN...

La scansione da fare e' questa:
http://www.bitdefender.com/scan8/ie.html
eletto ha scritto:senti nn hai mica il MSN?almeno parliamo meglio?


Mi spiace, non uso i messenger.

Ti cancello, nel tuo interesse, l'indirizzo email che hai scritto nel tuo messaggio altrimenti sarai ricoperto ben presto da un sacco di spam. ;)
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi eletto » 30/08/06 21:14

si grazie...
cmq ogni tanto mi si impalla il pc perchè qualcosa usa la cpu al 100%!!
ho notato infatti al task manager strane .exe ke sono in azione, del tipo:

services.exe
tcpipservices.exe
ftp.exe

riposto il log:
Logfile of HijackThis v1.99.1
Scan saved at 22.14.59, on 30/08/2006
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\nvsvc32.exe
C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
C:\WINNT\system32\MSTask.exe
C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\tcpservice.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\explorer.exe
C:\WINNT\System32\bcmwltry.exe
C:\WINNT\system32\LVCOMSX.EXE
C:\Documents and Settings\Administrator\Desktop\Fabrizio\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://gw.aliceadsl.it/minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.aliceadsl.it/home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1040,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KAVPersonal50] C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [XpOpenAuto] "C:\Programmi\Belkin\Belkin 54Mbps Wireless Utility\TOOL\OpenXpAuto.exe" 979899a48a75987f6b9d86a9aa798c73837198ae83a6a498b878837b768a788c84
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
O8 - Extra context menu item: &Cerca con Google - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Add to &Teleport - C:\Programmi\Teleport Pro\teleport.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link a ritroso - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Salva oggetto con Net Transport - C:\Programmi\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Salva tutti gli oggetti con Net Transport - C:\Programmi\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: Alice - {9EEEEE59-FF84-4B8E-A122-3743A6C76824} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://elettoz.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/31f27ef5c1a ... 601_it.cab
O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} (PlayerOCX Control) - http://www.pysoft.com/Downloads/WebCamPlayerOCX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v ... b34246.cab
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.virgilio.it/downloa ... ctiveX.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F5BC716E-2650-4B08-9235-C110CF95017F} (Connessione Tiscali) - http://selfcare.tiscali.it/scripts/onec ... iscali.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D69D947F-5D1A-42B1-9822-94377584E58B}: NameServer = 212.48.4.30,62.211.69.170
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Servizio iPod (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Windows Update Manager (UpdateManager) - Unknown owner - C:\dihf.exe (file missing)
O23 - Service: Microsoft Windows Spool Service (Windows Spool Service) - Unknown owner - C:\WINNT\wdfmgr.exe (file missing)
eletto
Utente Junior
 
Post: 40
Iscritto il: 21/02/06 15:59

Postdi andorra24 » 30/08/06 21:29

Apri hijackthis, premi su ''open the misc tools section'', poi premi ''open process manager'', individua la voce indicata sotto e premi ''kill process'':

C:\WINNT\system32\tcpservice.exe

Cerca ed elimina il file in rosso:

C:\WINNT\system32\tcpservice.exe (se con killbox hai problemi usa delete doctor: http://www.megalab.it/articoli.php?id=652 )
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi eletto » 30/08/06 21:40

il file l'ho eliminato direttamente con il programma ke mi hai detto...
verrà cancellato al reboot del pc.Però adesso sto facendo lo scan online come mi hai detto e ci vorrà un bel pò di tempo..
eletto
Utente Junior
 
Post: 40
Iscritto il: 21/02/06 15:59

Postdi eletto » 31/08/06 17:53

ho fotmattato la partizione C...
ora sto installando le varie schede...ma ogni tanto avvengono cose strane lo stesso..finestre di errori e mi si disconnette.Per verificare che tutto sia ok ti metto un nuovo log:

Logfile of HijackThis v1.99.1
Scan saved at 18.58.01, on 31/08/2006
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\winIogon.exe
C:\WINNT\System32\spoolsvc.exe
C:\WINNT\System32\internat.exe
C:\Programmi\File comuni\InstallShield\Engine\6\Intel 32\IKernel.exe
C:\Programmi\File comuni\InstallShield\engine\6\Intel 32\iKernel.exe
C:\dihd.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
C:\WINNT\system32\drwtsn32.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: @msdxmLC.dll,-1@1040,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINNT\System32\winIogon.exe
O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINNT\System32\spoolsvc.exe
O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\dihd.exe
O4 - HKLM\..\RunOnce: [MigrateMMDrivers] rundll32.exe mmsys.cpl,mmseRunOnce
O4 - HKCU\..\Run: [internat.exe] internat.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=http://it.msn.com
O14 - IERESET.INF: MS_START_PAGE_URL=http://it.msn.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DC55BC9-39EF-441A-A107-0BB527F305DD}: NameServer = 85.37.17.46 85.38.28.84
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
eletto
Utente Junior
 
Post: 40
Iscritto il: 21/02/06 15:59

Postdi andorra24 » 31/08/06 18:05

Apri hijackthis, premi su ''open the misc tools section'', poi premi ''open process manager'', individua le voci indicate sotto e premi ''kill process'':

C:\WINNT\System32\winIogon.exe (NON CONFONDERLO con il legittimo winlogon.exe!!)
C:\WINNT\System32\spoolsvc.exe (NON CONFONDERLO con il legittimo spoolsv.exe)
C:\dihd.exe

Poi vai in basso e premi il tasto back e subito dopo il tasto scan. Metti la spunta nella casellina accanto alle voci indicate sotto e premi ''fix checked'' :

O4 - HKLM\..\Run: [Windows Logon Application] C:\WINNT\System32\winIogon.exe
O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINNT\System32\spoolsvc.exe
O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\dihd.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

Vai su start/risorse del computer/strumenti/opzioni cartella/visualizzazione e metti la spunta su visualizza cartelle file nascosti e togli la spunta da ''nascondi i file protetti di sistema''.

Scarica killbox da qui:
http://www.bleepingcomputer.com/files/killbox.php
con killbox assicurati che spariscano dal tuo pc i seguenti files:
C:\WINNT\System32\winIogon.exe (NON CONFONDERLO con il legittimo winlogon.exe!!)
C:\WINNT\System32\spoolsvc.exe (NON CONFONDERLO con il legittimo spoolsv.exe)
C:\dihd.exe

NON vedo nessun firewall e nessun antivirus nel tuo log. Installali al piu' presto altrimenti continuerai ad infettarti in eterno. Mi raccomando.
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi eletto » 31/08/06 20:14

cavolo ma ancora spie avevo??
cmq ho fatto come hai detto solo ke con il killbox nn ho indivuduato

C:\WINNT\System32\winIogon.exe (NON CONFONDERLO con il legittimo winlogon.exe!!)
C:\WINNT\System32\spoolsvc.exe (NON CONFONDERLO con il legittimo spoolsv.exe)
eletto
Utente Junior
 
Post: 40
Iscritto il: 21/02/06 15:59

Postdi andorra24 » 31/08/06 20:18

Posta un nuovo log di hijackthis. E ti esorto ad installare al piu' presto il firewall e l'antivirus.
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi eletto » 31/08/06 20:42

oddio mio di nuovo sono immerso da virus!!!ma com'è possibile???...ecco i log:Logfile of HijackThis v1.99.1
Scan saved at 21.42.12, on 31/08/2006
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\dihf.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\csrs.exe
C:\WINNT\System32\Isass.exe
C:\dfndrff_15.exe
C:\WINNT\System32\internat.exe
C:\PROGRA~1\FILECO~1\mmim\mmimm.exe
C:\PROGRA~1\FILECO~1\mmim\mmima.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: @msdxmLC.dll,-1@1040,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINNT\System32\csrs.exe
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINNT\System32\Isass.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_15.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_15.exe
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINNT\System32\winIogon.exe
O4 - HKLM\..\Run: [Microsoft (R) Windows Update Manager] C:\dihf.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Programmi\Winamp3\winampa.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [mmim] C:\PROGRA~1\FILECO~1\mmim\mmimm.exe
O14 - IERESET.INF: START_PAGE_URL=http://it.msn.com
O14 - IERESET.INF: MS_START_PAGE_URL=http://it.msn.com
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Windows Update Manager (UpdateManager) - Unknown owner - C:\dihf.exe

...cmq nn trovo + il cd con l'antivrus...continuo a cercare
eletto
Utente Junior
 
Post: 40
Iscritto il: 21/02/06 15:59

Postdi eletto » 31/08/06 20:47

ah un'altra cosa strana che mi capita è questa:
appaiono finestre SERVIZIO MESSENGER dove c'è scritto grosso modo
STOP!WINDOWS REQUIRES IMMEDIATE ATTENTION.
WINDOWS HAS FOUND 55 CRITICAL SYSTEM ERRORS.
TO FIX THE ERRORS PLEASE DO THE FOLLOWING:
1.DOWNLOAD REGISTRY UPDATE FROM http://WWW.REGFIXIT.COM
2.INSTALL REGISTRY UPDATE
3.RUN REGISTRY UPDATE
4. REBOOT

FAILURE TO ACT NOW MAY LEAD TO YSTEM FAILURE!

....cos'è un virus??o devo fare qullo ke mi dice??
eletto
Utente Junior
 
Post: 40
Iscritto il: 21/02/06 15:59

Prossimo

Torna a Sicurezza e Privacy


Topic correlati a "PER FAVORE ANALIZZATEMI QUESTO LOG!!! è urgenteee;(":


Chi c’è in linea

Visitano il forum: Nessuno e 34 ospiti