Condividi:        

tolto exsplorer... trovati altri

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

tolto exsplorer... trovati altri

Postdi loki3 » 05/02/06 13:11

grazie al vostro utilissimo forum sono riuscito a togliere dal mio compunter exsplorer tramite il mega tool di francy.
seguendo i vostri consigli ho oi fatto uno scan con kaspersky, ecco il risultato:

KASPERSKY ON-LINE SCANNER REPORT
Sunday, February 05, 2006 13:06:48
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 5/02/2006
Kaspersky Anti-Virus database records: 174960
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 53701
Number of viruses found: 5
Number of infected objects: 12
Number of suspicious objects: 0
Duration of the scan process: 1974 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Gianluca\Impostazioni locali\Temporary Internet Files\Content.IE5\EHC7UXI5\italy3[1].htm Infected: Backdoor.Win32.Agent.tt
C:\System Volume Information\_restore{853ABC2D-9237-46B4-AD7B-C5D46C9CC875}\RP28\A0002917.exe Infected: Trojan-Downloader.Win32.Small.cca
C:\WINDOWS\hosts Infected: Trojan.Win32.Qhost.fj
C:\WINDOWS\inf\MDM186.PNF Infected: Trojan.Win32.Dialer.ns
C:\WINDOWS\inf\MDM286.PNF Infected: Trojan.Win32.Dialer.hz
C:\WINDOWS\inf\MDM386.PNF Infected: Trojan.Win32.Dialer.hz
C:\WINDOWS\ita.exe Infected: Trojan-Downloader.Win32.Small.cca
C:\WINDOWS\system32\krnl186.exe Infected: Trojan.Win32.Dialer.ns
C:\WINDOWS\system32\krnl286.exe Infected: Trojan.Win32.Dialer.ns
C:\WINDOWS\system32\krnl586.exe Infected: Trojan.Win32.Dialer.ns
C:\WINDOWS\system32\netmon.exe Infected: Trojan.Win32.Dialer.hz
C:\WINDOWS\system32\odbccfg.exe Infected: Trojan.Win32.Dialer.hz


ho notato inoltre che no riesco ad attivare gli aggiornamenti automatici di windows update (attivo e si disattiva immediatamente..)

vi riporto infine il log di highjackthis:

Logfile of HijackThis v1.99.1
Scan saved at 13.10.23, on 05/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Programmi\Sony\vaio entertainment\VzTaskScheduler.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\__P9HEPQKBJ.EXE
C:\WINDOWS\__P9HEPQKBJ.EXE
C:\WINDOWS\Explorer.EXE
C:\Programmi\Sony\HotKey Utility\HKserv.exe
C:\Programmi\sony\vaio update 2\VAIOUpdt.exe
C:\Programmi\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
C:\Programmi\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Sony\HotKey Utility\HKWnd.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programmi\Sony\sonicstage mastering studio\audio filter\SSMSFilter.exe
C:\Programmi\Sony\vaio entertainment\VzTrayIcon.exe
C:\Programmi\Sony\VAIO Launcher\Launcher.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Winamp\Winamp.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOCUME~1\Gianluca\IMPOST~1\Temp\Directory temporanea 2 per hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\__P9HEPQKBJ.EXE
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Programmi\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Programmi\sony\vaio update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VZRemoteCommander] C:\Programmi\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
O4 - HKLM\..\Run: [PDService.exe] C:\Programmi\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: VAIO Launcher.lnk = C:\Programmi\Sony\VAIO Launcher\Launcher.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Audio Filter.lnk = C:\Programmi\Sony\sonicstage mastering studio\audio filter\SSMSFilter.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Stato registrazione.lnk = C:\Programmi\Sony\vaio entertainment\VzTrayIcon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Cerca con Google - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://c:\programmi\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Link a ritroso - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/ ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D35327E-4FA5-4092-8883-2218C7FF2252}: NameServer = 85.37.17.45 85.38.28.99
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Programmi\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Programmi\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Programmi\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Programmi\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe

Vi ringrazio per tutto l'aiuto che riuscirete a darmi

buona domenica e forza cagliari!
loki3
Newbie
 
Post: 9
Iscritto il: 05/02/06 11:17

Sponsor
 

Postdi fabrizius » 05/02/06 15:32

devi assolutamente eliminare questa voce,si tratta di un virus....
Vedi se trovi il processo nel task manager e chiudilo poi,
Scarica KILLBOX
http://www.bleepingcomputer.com/files/spyware/KillBox.zip

# In full path inserisci :
C:\WINDOWS\__p9hEPQkbj.exe

# seleziona la casella DELETE ON REBOOT

# Clicca sulla X rossa a destra (il computer si riavvierà)


Dopo il riavvio, da START\ESEGUI digita regedit

Controlla OGNIUNA di queste chiavi:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

che non contengano la voce: [SERVICES.EXE] C:\WINDOWS\__p9hEPQkbj.exe
Se ci sono eliminale

Portarti alla seguente chiave:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

individuare nella finestra di destra USERINIT ed eliminare la voce: ,C:\WINDOWS\__p9hEPQkbj.exe

ATTENZIONE a non eliminare tutta la chiave altrimenti il computer non sarà più in grado di riavviarsi

Allo stesso modo controllare che la voce non sia presente nella chiave SHELL
Per eliminare solo la voce infetta: doppio clic sul nome della chiave:

Nelle finestra che si apre evidenziare la voce ,C:\WINDOWS\__p9hEPQkbj.exe (virgola compresa)

A questo punto premere il taso di cancellazione (Back Space)

Ok

Al termine di queste operazioni, postare un log di HIJACK
che continuiamo con le altre voci
fabrizius
Utente Senior
 
Post: 1220
Iscritto il: 20/05/05 13:55

Postdi loki3 » 05/02/06 17:47

ho seguito i tuoi consigli, ecci il log aggiornato

spero che la situazione sia migliorata e che ho seguito tutti i passaggi, grazie mille dell'interesse!

Logfile of HijackThis v1.99.1
Scan saved at 17.44.15, on 05/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Programmi\Sony\vaio entertainment\VzTaskScheduler.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Programmi\Sony\HotKey Utility\HKserv.exe
C:\Programmi\sony\vaio update 2\VAIOUpdt.exe
C:\Programmi\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
C:\Programmi\Sony\HotKey Utility\HKWnd.exe
C:\Programmi\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programmi\Sony\sonicstage mastering studio\audio filter\SSMSFilter.exe
C:\Programmi\Sony\vaio entertainment\VzTrayIcon.exe
C:\Programmi\Sony\VAIO Launcher\Launcher.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\DOCUME~1\Gianluca\IMPOST~1\Temp\Directory temporanea 3 per hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Programmi\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Programmi\sony\vaio update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VZRemoteCommander] C:\Programmi\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
O4 - HKLM\..\Run: [PDService.exe] C:\Programmi\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: VAIO Launcher.lnk = C:\Programmi\Sony\VAIO Launcher\Launcher.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Audio Filter.lnk = C:\Programmi\Sony\sonicstage mastering studio\audio filter\SSMSFilter.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Stato registrazione.lnk = C:\Programmi\Sony\vaio entertainment\VzTrayIcon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Cerca con Google - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://c:\programmi\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Link a ritroso - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/ ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D35327E-4FA5-4092-8883-2218C7FF2252}: NameServer = 85.37.17.45 85.38.28.99
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Programmi\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Programmi\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Programmi\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Programmi\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
loki3
Newbie
 
Post: 9
Iscritto il: 05/02/06 11:17

Postdi Luke57 » 05/02/06 20:01

Ciao, a me pare a posto, complimenti.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi loki3 » 05/02/06 20:13

ciao Luke

il problema è che facendo una scan con Kaspersky mi risultano ancora 5 viruse nel sistema... sempre questi Win 32 Trojan dialer ns...

che devo fare....?
loki3
Newbie
 
Post: 9
Iscritto il: 05/02/06 11:17

Postdi fabrizius » 05/02/06 23:37

loki3 ha scritto:ciao Luke

il problema è che facendo una scan con Kaspersky mi risultano ancora 5 viruse nel sistema... sempre questi Win 32 Trojan dialer ns...

che devo fare....?


il log é apposto,il virus lo hai eliminato.....ora prova a fare lo scan online con il panda per vedere che risultati ti da....al limite potresti anche scaricare la versione demo di ewido che dopo i 14gg di prova puoi
comunque continuare ad aggioranrlo e fare la scansioni,smette di funzionare solo la protezione in real time
http://www.ewido.net/en/

Puoi provare anche questo come scan online:http://www.emsisoft.com/en/software/ax/
fabrizius
Utente Senior
 
Post: 1220
Iscritto il: 20/05/05 13:55

Postdi fabrizius » 05/02/06 23:52

scusa non avevo visto il log kapersky,allora:dai una passata con Ccleaner,prima di avviare la pulizia,vai nelle opzioni di Ccleaner-avanzate e togli la spunta da:cancella i file solo se piu vecchi di 48 ore...
http://www.ccleaner.com/ccdownload.asp
Poi disattiva il ripristino configurazione di sistema e riavvia il pc,cosi facendo annullerai tutti i punti di ripristino creati dal sistema e con essi tutte le porcherie che vi si sono installate....
non dimenticare di ricreare un punto di ripristino dopo il riavvio
fabrizius
Utente Senior
 
Post: 1220
Iscritto il: 20/05/05 13:55

Postdi loki3 » 06/02/06 12:34

ciao fabrizius

prima di procedere con quest'ultimo consiglio che mi hai postato ho una domanda:

come ricreo il punto di ripristino??

scusa ma non sono molto esperto e non vorrei giocarmi il mio pc nuovo nuovo :-)

grazie mille per tutto!
loki3
Newbie
 
Post: 9
Iscritto il: 05/02/06 11:17

Postdi Luke57 » 06/02/06 12:56

Ciao, clicchi col tasto destro su risorse del computer>proprietà>ripristino configurazione di sistema>metti il segno di spunta a disattiva ripristino configurazione di sistema applica>OK. Per riattivare esegui operazione inversa (togli segno di spunta)
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi loki3 » 06/02/06 14:05

ok perfetto, stasera provo e poi vi faccio sapere

grazie a tutti!
loki3
Newbie
 
Post: 9
Iscritto il: 05/02/06 11:17

Postdi loki3 » 06/02/06 21:47

fabrizius, luke grazie mille per i vostri ottimi consigli i 5 virus che avevo più il dialerr sono stati debellati... il tecnico voleva formattare tutto, ma grazie a voi ho evitato di perdere un mare di cose.. GRAZIE!

LOKI3 :D
loki3
Newbie
 
Post: 9
Iscritto il: 05/02/06 11:17

Postdi loki3 » 06/02/06 22:46

ho cantato vittoria vittoria troppo presto, da una nuova scansione con kaspersky risultano ora 4 virus (invece che 5....) vi posto quello che mi dice :

KASPERSKY ON-LINE SCANNER REPORT
Monday, February 06, 2006 22:28:51
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 6/02/2006
Kaspersky Anti-Virus database records: 175280
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 48521
Number of viruses found: 4
Number of infected objects: 10
Number of suspicious objects: 0
Duration of the scan process: 1984 sec

Infected Object Name - Virus Name
C:\WINDOWS\hosts Infected: Trojan.Win32.Qhost.fj
C:\WINDOWS\inf\MDM186.PNF Infected: Trojan.Win32.Dialer.ns
C:\WINDOWS\inf\MDM286.PNF Infected: Trojan.Win32.Dialer.hz
C:\WINDOWS\inf\MDM386.PNF Infected: Trojan.Win32.Dialer.hz
C:\WINDOWS\ita.exe Infected: Trojan-Downloader.Win32.Small.cca
C:\WINDOWS\system32\krnl186.exe Infected: Trojan.Win32.Dialer.ns
C:\WINDOWS\system32\krnl286.exe Infected: Trojan.Win32.Dialer.ns
C:\WINDOWS\system32\krnl586.exe Infected: Trojan.Win32.Dialer.ns
C:\WINDOWS\system32\netmon.exe Infected: Trojan.Win32.Dialer.hz
C:\WINDOWS\system32\odbccfg.exe Infected: Trojan.Win32.Dialer.hz

questo è il log






Logfile of HijackThis v1.99.1
Scan saved at 22.34.11, on 06/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Programmi\Sony\vaio entertainment\VzTaskScheduler.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Programmi\Sony\HotKey Utility\HKserv.exe
C:\Programmi\sony\vaio update 2\VAIOUpdt.exe
C:\Programmi\Sony\HotKey Utility\HKWnd.exe
C:\Programmi\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
C:\Programmi\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programmi\Sony\sonicstage mastering studio\audio filter\SSMSFilter.exe
C:\Programmi\Sony\vaio entertainment\VzTrayIcon.exe
C:\Programmi\Sony\VAIO Launcher\Launcher.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Movie Maker\moviemk.exe
C:\DOCUME~1\Gianluca\IMPOST~1\Temp\Directory temporanea 1 per hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Programmi\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Programmi\sony\vaio update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VZRemoteCommander] C:\Programmi\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
O4 - HKLM\..\Run: [PDService.exe] C:\Programmi\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: VAIO Launcher.lnk = C:\Programmi\Sony\VAIO Launcher\Launcher.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Audio Filter.lnk = C:\Programmi\Sony\sonicstage mastering studio\audio filter\SSMSFilter.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Stato registrazione.lnk = C:\Programmi\Sony\vaio entertainment\VzTrayIcon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Cerca con Google - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://c:\programmi\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Link a ritroso - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/ ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {EB298A87-BD35-4424-9BA2-B198D2B63BBD} (WebPhoneEVT Control) - http://www.abbeyphone.it/activex/WebPho ... _heavy.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D35327E-4FA5-4092-8883-2218C7FF2252}: NameServer = 85.37.17.45 85.38.28.99
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Programmi\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Programmi\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Programmi\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Programmi\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe

c'è qualche cosa che si può fare o mi devo arrendere?

loki3
loki3
Newbie
 
Post: 9
Iscritto il: 05/02/06 11:17

Postdi fabrizius » 06/02/06 23:02

fabrizius
Utente Senior
 
Post: 1220
Iscritto il: 20/05/05 13:55


Torna a Sicurezza e Privacy


Topic correlati a "tolto exsplorer... trovati altri":


Chi c’è in linea

Visitano il forum: Nessuno e 44 ospiti