Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

Chiedo aiuto Xfavore.....

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

Chiedo aiuto Xfavore.....

Postdi rimini81 » 05/09/06 17:53

Ciao a tutti! Non è la prima volta che chiedo il vostro aiuto ma non sò come usirne questo giro....
Ho formattato il pc e all'avvio non riesce più a connettersi a Internet.
Mi spiego,la connessione la effettua ma non mi si aprono le pagine e non riesco più a disconnettermi (addirittura ho spento ilmodemma la connessione rimane aperta????? ,è come se fosse bloccata)
In explorer scrivo l'indirizzo che desidero e la barra sembra impazzire cercando la pagina e tornando a quella di partenza 1000volte al secondo.
in più nel task manager mi compaiono fantomatici "project1"
Io credo sia un viruspertanto vorrei postrvi il log di hijack spero che qualcunopossa avere ancora tempo per me,grazie!


Logfile of HijackThis v1.99.1
Scan saved at 18.20.29, on 05/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\lssc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\dfndrff_16.exe
C:\WINDOWS\system32\svcchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Spyware Terminator\SpywareTerminator.exe
C:\Programmi\WinClamAVShield\sp_clam.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Mattia\Desktop\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Programmi\Deskbar\deskbar.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programmi\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Programmi\Deskbar\deskbar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmi\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_16.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_16.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmff_16.exe
O4 - HKLM\..\Run: [msvcc25] svcchost.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: SnagIt 7.lnk = C:\Programmi\TechSmith\SnagIt 7\SnagIt32.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O20 - Winlogon Notify: SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Network Location Manager - Unknown owner - C:\WINDOWS\system32\lssc.exe


Qusto invece ciò che ha trovato Spybot

http://www.freefilehosting.net/bin/?id=rdnym6XR9Q==

(li ho corretti ma ho paura che non basti e che abbia preso qualcosa di più serio.....)

infine vi mando anche ciò che ha trovato Spyterminator:

Spyware Terminator Version: 1.5.0.740
Start time: 05/09/2006 17.57.20
System: Windows XP
User: Admin

Processes Scan
C:\WINDOWS\SYSTEM32\WINLOGON.EXE [Microsoft Corporation] C:\PROGRAMMI\SUPERANTISPYWARE\SASWINLO.DLL [SUPERAntiSpyware.com],
C:\Programmi\Grisoft\AVG Free\avgamsvr.exe [GRISOFT, s.r.o.] avglog.dll [GRISOFT, s.r.o.], AVGCFG.DLL [GRISOFT, s.r.o.], AVGKLIB.DLL [GRISOFT, s.r.o.], AVGLNG.DLL [GRISOFT, s.r.o.],
C:\Programmi\Grisoft\AVG Free\avgupsvc.exe [GRISOFT, s.r.o.]
C:\Programmi\Grisoft\AVG Free\avgemc.exe [GRISOFT, s.r.o.] libsasl.dll [GRISOFT, s.r.o.], AVGCFG.DLL, AVGKLIB.DLL, avglog.dll, AVGLNG.DLL, AVGSCAN.DLL [GRISOFT, s.r.o.], AVGUNARC.DLL [GRISOFT, s.r.o.], SASLCRAMMD5.DLL [GRISOFT, s.r.o.], SASLDIGESTMD5.DLL [GRISOFT, s.r.o.], SASLLOGIN.DLL [GRISOFT, s.r.o.], SASLPLAIN.DLL [GRISOFT, s.r.o.], AVGMAIL.DLL [GRISOFT, s.r.o.], avgemcps.dll [GRISOFT, s.r.o.],
C:\WINDOWS\SYSTEM32\LSSC.EXE [Empty]
C:\WINDOWS\EXPLORER.EXE [Microsoft Corporation] C:\PROGRAMMI\SUPERANTISPYWARE\SASSEH.DLL [SuperAdBlocker.com], C:\PROGRAMMI\DESKBAR\DESKBAR.DLL [Deskbar],
C:\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE [file not found] wbemcomn.dll [file not found], wbemcomn.dll,
C:\WINDOWS\SOUNDMAN.EXE [Avance Logic, Inc.]
C:\PROGRAMMI\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE [Crawler.com]
C:\Programmi\Grisoft\AVG Free\avgcc.exe [GRISOFT, s.r.o.] avgtmgr.dll [GRISOFT, s.r.o.], avgctrl.dll [GRISOFT, s.r.o.], avgabout.dll [GRISOFT, s.r.o.], avgtest.dll [GRISOFT, s.r.o.], avgtres.dll [GRISOFT, s.r.o.], C:\Programmi\Grisoft\AVG Free\avgset.dll [Empty], avglog.dll, AVGCFG.DLL, AVGKLIB.DLL, AVGLNG.DLL, C:\PROGRAMMI\GRISOFT\AVG FREE\AVGF.DLL [Empty], C:\PROGRAMMI\GRISOFT\AVG FREE\AVGRES.DLL [Empty], AVGCCKRN.DLL [GRISOFT, s.r.o.], AVGVAULT.DLL [GRISOFT, s.r.o.], AVGSCAN.DLL, AVGUNARC.DLL, AVGREP.DLL [GRISOFT, s.r.o.], avgemsui.dll [GRISOFT, s.r.o.], avgemcps.dll,
C:\KYBRDFF_16.EXE [...]
C:\DFNDRFF_16.EXE [ewewrkewjuh5r72y74y72y4762764724]
C:\NWNMFF_16.EXE [flkmoijeruq3w748r87uthueytewrywey45]
C:\WINDOWS\SYSTEM32\SVCCHOST.EXE [Empty]
C:\PROGRAMMI\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE [SUPERAntiSpyware.com] SASSEH.DLL,
C:\PROGRAMMI\SPYWARE TERMINATOR\SPYWARETERMINATOR.EXE [Crawler.com]

Startup Scan

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"CTFMON.EXE" = "C:\WINDOWS\SYSTEM32\CTFMON.EXE" [ Microsoft Corporation ]
"SUPERAntiSpyware" = "C:\PROGRAMMI\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE" [ SUPERAntiSpyware.com ]
"MSMSGS" = "C:\PROGRAMMI\MESSENGER\MSMSGS.EXE" [ Microsoft Corporation ]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"SoundMan" = "C:\WINDOWS\SOUNDMAN.EXE" [ Avance Logic, Inc. ]
"SpywareTerminator" = "C:\PROGRAMMI\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE" [ Crawler.com ]
"AVG7_CC" = "C:\Programmi\Grisoft\AVG Free\avgcc.exe" [ GRISOFT, s.r.o. ]
"keyboard" = "C:\KYBRDFF_16.EXE" [ ... ]
"defender" = "C:\DFNDRFF_16.EXE" [ ewewrkewjuh5r72y74y72y4762764724 ]
"newname" = "C:\NWNMFF_16.EXE" [ flkmoijeruq3w748r87uthueytewrywey45 ]
"msvcc25" = "C:\WINDOWS\system32\SVCCHOST.EXE" [ Empty ]
"BluetoothAuthenticationAgent" = "C:\WINDOWS\system32\BTHPROPS.CPL" [ Microsoft Corporation ]

BHO Scan
{53707962-6F74-2D53-2644-206D7942484F} C:\Programmi\Spybot - Search & Destroy\SDHelper.dll [Safer Networking Limited]
DeskbarBHO {A8B28872-3324-4CD2-8AA3-7D555C872D96} C:\PROGRAMMI\DESKBAR\DESKBAR.DLL [Deskbar]
{FB5F1910-F110-11d2-BB9E-00C04F795683} [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{42071714-76d4-11d1-8b24-00a0c9068ff3} = Estensione panoramica video del Pannello di controllo (deskpan.dll) [file not found]
{764BF0E1-F219-11ce-972D-00AA00A14F56} = Estensioni shell per la compressione dei file () [file not found]
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} = Menu di scelta rapida di crittografia () [file not found]
{88895560-9AA2-1069-930E-00AA0030EBC8} = Estensione di icona di HyperTerminal (C:\WINDOWS\SYSTEM32\HTICONS.DLL) [Hilgraeve, Inc.]
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = Barra delle applicazioni e menu di avvio () [file not found]
{32683183-48a0-441b-a342-7c2a440a9478} = Media Band () [file not found]
{7A9D77BD-5403-11d2-8785-2E0420524153} = Account utente () [file not found]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = WinRAR shell extension (C:\PROGRAMMI\WINRAR\RAREXT.DLL) [Empty]
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = AVG7 Shell Extension (C:\PROGRAMMI\GRISOFT\AVG FREE\AVGSE.DLL) [GRISOFT, s.r.o.]
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} = AVG7 Find Extension (C:\PROGRAMMI\GRISOFT\AVG FREE\AVGSE.DLL) [GRISOFT, s.r.o.]
{A57EB4F2-3D21-485A-B2BC-3215A5BD4B47} = (C:\WINDOWS\system32\wxi.dll) [file not found]
{339F7FB1-262D-44C8-B7D0-B454687D1E34} = (C:\WINDOWS\system32\aqtiveds.dll) [file not found]

Winlogon Notify Scan
SASWinLogon = C:\Programmi\SUPERAntiSpyware\SASWINLO.dll (C:\PROGRAMMI\SUPERANTISPYWARE\SASWINLO.DLL) [SUPERAntiSpyware.com]

Services Scan
"ALCXWDM" = C:\WINDOWS\SYSTEM32\DRIVERS\ALCXWDM.SYS [Avance Logic, Inc.]
"Avg7Alrt" = C:\Programmi\Grisoft\AVG Free\avgamsvr.exe [GRISOFT, s.r.o.]
"Avg7Core" = C:\WINDOWS\SYSTEM32\DRIVERS\AVG7CORE.SYS [GRISOFT, s.r.o.]
"Avg7RsW" = C:\WINDOWS\SYSTEM32\DRIVERS\AVG7RSW.SYS [GRISOFT, s.r.o.]
"Avg7RsXP" = C:\WINDOWS\SYSTEM32\DRIVERS\AVG7RSXP.SYS [GRISOFT, s.r.o.]
"Avg7UpdSvc" = C:\Programmi\Grisoft\AVG Free\avgupsvc.exe [GRISOFT, s.r.o.]
"AVGEMS" = C:\Programmi\Grisoft\AVG Free\avgemc.exe [GRISOFT, s.r.o.]
"AvgTdi" = C:\WINDOWS\SYSTEM32\DRIVERS\AVGTDI.SYS [GRISOFT, s.r.o.]
"basic2" = C:\WINDOWS\SYSTEM32\DRIVERS\HSF_BSC2.SYS [Conexant]
"dmboot" = C:\WINDOWS\SYSTEM32\DRIVERS\DMBOOT.SYS [Microsoft Corp., Veritas Software]
"dmio" = C:\WINDOWS\SYSTEM32\DRIVERS\DMIO.SYS [Microsoft Corp., Veritas Software]
"dmload" = C:\WINDOWS\SYSTEM32\DRIVERS\DMLOAD.SYS [Microsoft Corp., Veritas Software.]
"Fallback" = C:\WINDOWS\SYSTEM32\DRIVERS\HSF_FALL.SYS [Conexant]
"Fsks" = C:\WINDOWS\SYSTEM32\DRIVERS\HSF_FSKS.SYS [Conexant]
"HSFHWBS2" = C:\WINDOWS\SYSTEM32\DRIVERS\HSFBS2S2.SYS [Conexant Systems, Inc.]
"HSF_DP" = C:\WINDOWS\SYSTEM32\DRIVERS\HSFDPSP2.SYS [Conexant Systems, Inc.]
"hsf_msft" = C:\WINDOWS\SYSTEM32\DRIVERS\HSF_MSFT.SYS [Conexant]
"K56" = C:\WINDOWS\SYSTEM32\DRIVERS\HSF_K56K.SYS [Conexant]
"mdmxsdk" = C:\WINDOWS\SYSTEM32\DRIVERS\MDMXSDK.SYS [Conexant]
"Network Location Manager" = C:\WINDOWS\SYSTEM32\LSSC.EXE [Empty]
"nv" = C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS [NVIDIA Corporation]
"Ptilink" = C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS [Parallel Technologies, Inc.]
"Rksample" = C:\WINDOWS\SYSTEM32\DRIVERS\HSF_SAMP.SYS [Conexant]
"rtl8139" = C:\WINDOWS\SYSTEM32\DRIVERS\RTL8139.SYS [Realtek Semiconductor Corporation ]
"SASDIFSV" = C:\PROGRAMMI\SUPERANTISPYWARE\SASDIFSV.SYS [Empty]
"SASENUM" = C:\PROGRAMMI\SUPERANTISPYWARE\SASENUM.SYS [SuperAdBlocker, Inc.]
"SASKUTIL" = C:\PROGRAMMI\SUPERANTISPYWARE\SASKUTIL.SYS [Empty]
"Secdrv" = C:\WINDOWS\SYSTEM32\DRIVERS\SECDRV.SYS [Empty]
"SoftFax" = C:\WINDOWS\SYSTEM32\DRIVERS\HSF_FAXX.SYS [Conexant]
"SpeakerPhone" = C:\WINDOWS\SYSTEM32\DRIVERS\HSF_SPKP.SYS [Conexant]
"sp_rsdrv2" = C:\DOCUMENTS AND SETTINGS\ALL USERS\DATI APPLICAZIONI\SPYWARE TERMINATOR\SP_RSDRV2.SYS [Empty]
"Tones" = C:\WINDOWS\SYSTEM32\DRIVERS\HSF_TONE.SYS [Conexant]
"V124" = C:\WINDOWS\SYSTEM32\DRIVERS\HSF_V124.SYS [Conexant]
"viaagp1" = C:\WINDOWS\SYSTEM32\DRIVERS\VIAAGP1.SYS [VIA Technologies, Inc.]
"winachsf" = C:\WINDOWS\SYSTEM32\DRIVERS\HSFCXTS2.SYS [Conexant Systems, Inc.]

Protocol Filters Scan
Class Install Handler = {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} (C:\WINDOWS\SYSTEM32\URLMON.DLL) [Microsoft Corporation]

Hosts Scan
LOCALHOST mapping = 1

IE Scan
IERESET.INF missing Signature="$CHICAGO$"
IERESET.INF missing AdvancedINF=2.5,"You need a new version of advpack.dll"
IERESET.INF missing AddReg=RestoreHomePage.reg
IERESET.INF missing HKCU,"Software\Microsoft\Internet Explorer\Main","Start Page",0,%START_PAGE_URL%
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main","Default_Page_URL",0,%START_PAGE_URL%
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main","Default_Search_URL",0,%SEARCH_PAGE_URL%
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main","Search Page",0,%SEARCH_PAGE_URL%
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","1",0,"www.%s.com"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","2",0,"www.%s.org"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","3",0,"www.%s.net"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","4",0,"www.%s.edu"
IERESET.INF missing HKCU,"Software\Microsoft\Internet Explorer\Main","Search Page",0,%SEARCH_PAGE_URL%
IERESET.INF missing HKCU,"Software\Microsoft\Internet Explorer\SearchUrl","Provider",0,""
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Search","SearchAssistant",0,"http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Search","CustomizeSearch",0,"http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
IERESET.INF missing HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\SafeSites",%SAFESITE_VALUE%,0,"http://ie.search.msn.com/*"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","5"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","6"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","7"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","8"
IERESET.INF missing HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","9"
IERESET.INF missing HKCU,"Software\Microsoft\Internet Explorer\Main","AutoSearch"
IERESET.INF missing SEARCH_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
IERESET.INF missing AddReg=RestoreBrowserSettings.reg
IERESET.INF missing DelReg=DeleteTemplates.reg or DelReg=DeleteTemplates.reg, DeleteAutosearch.reg
IERESET.INF missing START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" or START_PAGE_URL="http://www.msn.com"
IERESET.INF missing SAFESITE_VALUE="http://home.microsoft.com/" or SAFESITE_VALUE="ie.search.msn.com"
IERESET.INF missing MS_START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" or MS_START_PAGE_URL="http://www.msn.com"
URLSearchHook = {A8B28872-3324-4CD2-8AA3-7D555C872D96} (C:\PROGRAMMI\DESKBAR\DESKBAR.DLL) [Deskbar] HIJACK WARNING!
rimini81
Utente Junior
 
Post: 49
Iscritto il: 13/12/05 19:36

Sponsor
 

Postdi Luke57 » 05/09/06 18:09

Ciao, Apri hijackthis, clicchi “open the misc tools section”, “open process manager”, cerchi ed evidenzi i seguenti processi (se non ci sono, vai avanti lo stesso):
C:\WINDOWS\system32\lssc.exe
C:\dfndrff_16.exe
C:\WINDOWS\system32\svcchost.exe

premi kill process

Torna al menu principale con back, premi scan, cerchi e spunti le voci seguenti:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_16.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_16.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmff_16.exe
O4 - HKLM\..\Run: [msvcc25] svcchost.exe
O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe
O23 - Service: Network Location Manager - Unknown owner - C:\WINDOWS\system32\lssc.exe
Premi fix checked

riparti in modalità provvisoria:
(Avviare il computer.Subito dopo il calcolo della RAM e prima che inizi a caricarsi Windows, iniziare a premere ripetutamente il tasto F8 sulla tastiera. Continuare a farlo fino a visualizzare il menu Opzioni avanzate di Windows. Usando i tasti freccia sulla tastiera, scorrere le opzioni e selezionare il menu Modalità Provvisoria, quindi premere Invio)

rendi visibili file e cartelle nascosti:
Seleziona strumenti>Opzioni Cartella
Seleziona Visualizza
Spunta "mostra file e cartelle nascoste"
Togli la spunta da "nascondi file di sistema protetti"
Click OK

cerchi ed elimini, se ci sono, i seguenti file:
C:\WINDOWS\system32\lssc.exe
C:\dfndrff_16.exe
C:\WINDOWS\system32\svcchost.exe
C:\\kybrdff_16.exe
C:\\nwnmff_16.exe

Elimina poi tutti i file temporanei di windows temp e tmp (da start>cerca>tutti i file e cartelle, copi e incolli: *.temp;*.tmp, ed elimini tutti quelli trovati)

sulle opzioni Internet cancella la cache di IE ( sull’opzione elimina file temporanei spunta anche “elimina il contenuto non in linea”, i cookies, cronologia)

svuota il cestino.

Fai poi una scansione on line qui:
http://www.bitdefender.com/scan8/ie.html

Posta nuovo log per controllo
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi rimini81 » 06/09/06 12:40

Ciao ho fatto tutto quello che avevi scritto.

Nella opzione "open the misc tools section”, “open process manager"non riscoa cancellare C:\WINDOWS\system32\lssc.exe e C:\WINDOWS\system32\svcchost.exe non c'è.

tornando indietro con back e rifacendo scan non trovo C:\WINDOWS\system32\lssc.exe
per il resto tutto fatto,mi si ricollega ad internet e faccio la scansione con il link che mi hai dato,tempo 10minuti e mi si incanta internet,la scansione si blocca,la barra degli strumenti si modifica come sefosse quella di windows in mod.provvisoria e nonmi si sconette più.
Forseho bisogno di un antivirus per la connessione?

questo è il nuovo log:


Logfile of HijackThis v1.99.1
Scan saved at 13.33.15, on 06/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\msiexec.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Mattia\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Programmi\Deskbar\deskbar.dll (file missing)
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programmi\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmi\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?800daef4164b4eaca47a4986809771ea
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?800daef4164b4eaca47a4986809771ea
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
rimini81
Utente Junior
 
Post: 49
Iscritto il: 13/12/05 19:36

Postdi Luke57 » 06/09/06 12:53

Ciao, delle volte la scansione co bitdefender dà questi problemi. Il log pare a posto.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi rimini81 » 06/09/06 14:37

Allora non capisco perchè ho finito la scansione con bitdefender e dopo qualche secondo internet ha riniziato a bloccarsi e la barra degli strumenti a odificarsi.

Questo èquello che mi ha trovato bitdefender:


http://www.freefilehosting.net/?id=rdn9kqTZ9g==
rimini81
Utente Junior
 
Post: 49
Iscritto il: 13/12/05 19:36

Postdi rimini81 » 06/09/06 15:20

Questo è il messaggio che mi compare,dopo di questo mi si presentano tutti i problemi:

http://www.freefilehosting.net/bin/?id=rdn9kqTc9g==

in più spybot continua a trovarmi quest DSO exploit (modifica del registro)
rimini81
Utente Junior
 
Post: 49
Iscritto il: 13/12/05 19:36

Postdi rimini81 » 06/09/06 21:50

SOS :(
rimini81
Utente Junior
 
Post: 49
Iscritto il: 13/12/05 19:36

Postdi rimini81 » 08/09/06 15:40

Le patch di windows risolvono il problema. Grazie di tutto! ;)
rimini81
Utente Junior
 
Post: 49
Iscritto il: 13/12/05 19:36


Torna a Sicurezza e Privacy


Topic correlati a "Chiedo aiuto Xfavore.....":

Aiuto urgente!!!
Autore: templare77
Forum: Software Windows
Risposte: 1

Chi c’è in linea

Visitano il forum: Nessuno e 6 ospiti