Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

virus BHO.C3.A come eliminarlo???

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

virus BHO.C3.A come eliminarlo???

Postdi maryepucci » 14/06/07 09:13

Logfile of HijackThis v1.99.1
Scan saved at 10.03.18, on 14/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Eset\nod32kui.exe
C:\BITWARE\NT\bwprnmon.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\VEXPLITE\MONLITE.EXE
C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\HP\Digital Imaging\bin\hpqgalry.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\DataBrain\DataBrain.exe
C:\Programmi\Microsoft Office\Office10\WINWORD.EXE
C:\Programmi\Microsoft Office\Office10\EXCEL.EXE
C:\WINDOWS\system32\notepad.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\zbianche\tuttomio\vari programmi utili\protezione\hjt (raffaele)\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.infoimprese.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - (no file)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CDWCheckRubrica] C:\SEAT\CDItalia\Chkrub_cdi
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [bwprnmon.exe] C:\BITWARE\NT\bwprnmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [PrevxOne] C:\Programmi\Prevx1\PXConsole.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [SpySweeper] "C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B76AAEB-55AC-4791-8617-449E45DC6705}: NameServer = 213.140.2.12,213.140.2.21
O17 - HKLM\System\CS1\Services\Tcpip\..\{4B76AAEB-55AC-4791-8617-449E45DC6705}: NameServer = 213.140.2.12,213.140.2.21
O17 - HKLM\System\CS2\Services\Tcpip\..\{4B76AAEB-55AC-4791-8617-449E45DC6705}: NameServer = 213.140.2.12,213.140.2.21
O17 - HKLM\System\CS3\Services\Tcpip\..\{4B76AAEB-55AC-4791-8617-449E45DC6705}: NameServer = 213.140.2.12,213.140.2.21
O17 - HKLM\System\CS4\Services\Tcpip\..\{4B76AAEB-55AC-4791-8617-449E45DC6705}: NameServer = 213.140.2.12,213.140.2.21
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Programmi\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas http://www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

virilt mi dice che il virus si chiama [58FB2CBB-C874-45FC-A1C9-B62CC9E3BED9] infetto da BHO.C3.A.

come si fà ad eliminarlo??
non lasciatemi in sospeso please :(
maryepucci
Utente Senior
 
Post: 154
Iscritto il: 13/07/06 17:08

Sponsor
 

Postdi maryepucci » 14/06/07 09:15

Luke57!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! :aaah :aaah :aaah
maryepucci
Utente Senior
 
Post: 154
Iscritto il: 13/07/06 17:08

Postdi Luke57 » 14/06/07 15:28

Ciaao, nel log non appare niente di che, fixa le voci seguenti indicate in rosso.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi maryepucci » 14/06/07 15:49

Luke57 ha scritto:Ciaao, nel log non appare niente di che, fixa le voci seguenti indicate in rosso.


l'ho già fatto e non vanno viaaa :cry: :cry:
maryepucci
Utente Senior
 
Post: 154
Iscritto il: 13/07/06 17:08

Postdi maryepucci » 15/06/07 10:41

ragazziiiiiii :cry:
maryepucci
Utente Senior
 
Post: 154
Iscritto il: 13/07/06 17:08

Postdi Luke57 » 15/06/07 12:03

maryepucci ha scritto:ragazziiiiiii :cry:

Ciao, Ciao, scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip
scompatta il file.zip
Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla (ctl+v)le scritte in neretto:


registry keys to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55EA1964-F5E4-4D6A-B9B2-125B37655FCB}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}



Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente

Il programma rilascia un log con le operazioni eseguite.

Posta il log di Avenger (C:/avenger.txt) con l´esito dello script.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi maryepucci » 20/06/07 11:09

eccolo :lol: :

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\dls^wlev

*******************

Script file located at: \??\C:\fmamdpcn.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55EA1964-F5E4-4D6A-B9B2-125B37655FCB} deleted successfully.
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
maryepucci
Utente Senior
 
Post: 154
Iscritto il: 13/07/06 17:08

Postdi maryepucci » 20/06/07 13:09

eccolo:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\dls^wlev

*******************

Script file located at: \??\C:\fmamdpcn.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55EA1964-F5E4-4D6A-B9B2-125B37655FCB} deleted successfully.
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
maryepucci
Utente Senior
 
Post: 154
Iscritto il: 13/07/06 17:08


Torna a Sicurezza e Privacy


Topic correlati a "virus BHO.C3.A come eliminarlo???":


Chi c’è in linea

Visitano il forum: Nessuno e 48 ospiti