Condividi:        

Mi ci date un'occhiata?

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Mi ci date un'occhiata?

Postdi Lukino24 » 28/06/06 17:39

Mi ci date un'occhiata? Il mio computer va alla cavolo di cane...


Logfile of HijackThis v1.99.1
Scan saved at 18.38.06, on 28/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Olivetti\ANY_WAY\olMntrService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD.EXE
C:\Programmi\Olivetti\ANY_WAY\olDvcStatus.exe
C:\WINDOWS\mediacon.exe
C:\WINDOWS\timed.exe
C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\timed.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\BitTorrent\bittorrent.exe
C:\Programmi\OpenOffice.org 2.0\program\soffice.exe
C:\Programmi\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\Documents and Settings\Luca Monaco\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O1 - Hosts: 200.73.174.154 STORAGE.HOSTANCE.NET
O1 - Hosts: 200.73.174.154 STORAGE-TASP.COM
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Class - {DA39029C-D291-A968-3FF4-D0990D5CB5FC} - C:\Programmi\LinkOptimizer\LinkOptimizer.dll
O2 - BHO: FastRX - {E09962E7-A39E-4F60-8003-66D57BED27B7} - C:\WINDOWS\System32\fastRX.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [funk] funk.exe
O4 - HKLM\..\Run: [OlStatusMon] "C:\Programmi\Olivetti\ANY_WAY\olDvcStatus.exe" dvcStatusMinimize
O4 - HKLM\..\Run: [MediaCtr] C:\WINDOWS\mediacon.exe -i
O4 - HKLM\..\Run: [ImMsn] C:\WINDOWS\timed.exe /i
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe"
O4 - HKLM\..\Run: [kpx] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\fastRX.dll DllInitApp
O4 - HKLM\..\Run: [xaiq1.exe] C:\WINDOWS\Temp\xaiq1.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [xaiq2.exe] C:\WINDOWS\Temp\xaiq2.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Startup: BitTorrent.lnk = C:\Programmi\BitTorrent\bittorrent.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programmi\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Cerca con Google - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Link a ritroso - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\npjpi150_06.dll
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energy-factor.com/diale ... 245_it.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BFA3ADB-33AF-43AD-8A86-35E439A14387}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1BFA3ADB-33AF-43AD-8A86-35E439A14387}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{1BFA3ADB-33AF-43AD-8A86-35E439A14387}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: olMntrService - Olivetti - C:\Programmi\Olivetti\ANY_WAY\olMntrServ

C'è qualche cosa di strano?
Lukino24
Utente Senior
 
Post: 123
Iscritto il: 24/06/06 19:10
Località: Torino

Sponsor
 

Postdi andorra24 » 28/06/06 18:12

Apri hijackthis, premi su ''open the misc tools section'', poi premi ''open process manager'', individua le voci indicate sotto e premi ''kill process'' :

C:\WINDOWS\mediacon.exe
C:\WINDOWS\timed.exe

Poi vai in basso e premi il tasto back e subito dopo il tasto scan. Metti la spunta nella casellina accanto alle voci indicate sotto e premi ''fix checked'' :

R3 - Default URLSearchHook is missing
O1 - Hosts: 200.73.174.154 STORAGE.HOSTANCE.NET
O1 - Hosts: 200.73.174.154 STORAGE-TASP.COM
O2 - BHO: FastRX - {E09962E7-A39E-4F60-8003-66D57BED27B7} - C:\WINDOWS\System32\fastRX.dll
O4 - HKLM\..\Run: [funk] funk.exe
O4 - HKLM\..\Run: [MediaCtr] C:\WINDOWS\mediacon.exe -i
O4 - HKLM\..\Run: [ImMsn] C:\WINDOWS\timed.exe /i
O4 - HKLM\..\Run: [kpx] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\fastRX.dll DllInitApp
O4 - HKLM\..\Run: [xaiq1.exe] C:\WINDOWS\Temp\xaiq1.exe
O4 - HKLM\..\Run: [xaiq2.exe] C:\WINDOWS\Temp\xaiq2.exe
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energy-factor.com/diale ... 245_it.exe

Scarica MyUninstaller da qui:
http://news.swzone.it/swznews-17533.php
e disinstalla LinkOptimizer.

Scarica killbox da qui: http://www.bleepingcomputer.com/files/killbox.php ed elimina i seguenti files:

mediacon.exe in C:\WINDOWS\
timed.exe in C:\WINDOWS\
fastRX.dll in C:\WINDOWS\System32\
xaiq1.exe in C:\WINDOWS\Temp\
xaiq2.exe in C:\WINDOWS\Temp\
LinkOptimizer.dll in C:\Programmi\LinkOptimizer\

poi vai in C:\Programmi\ ed elimina la cartella LinkOptimizer.

Scarica ATF cleaner e mettilo sul destop :
http://www.atribune.org/ccount/click.php?id=1
Avvia ATF cleaner ( serve ad eliminare i file temporanei di windows e di IE),clicca sul menu "main" e poi seleziona la casella "Select All". Poi
clicca sul pulsante "Empty selected" e aspetta il messaggio "Done Cleaning!".

Fai una scansione con ewido:
http://www.ewido.net/en/onlinescan/
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi Lukino24 » 28/06/06 18:29

Mi salvi ancora una volta!
Grazie!
Lukino24
Utente Senior
 
Post: 123
Iscritto il: 24/06/06 19:10
Località: Torino

Postdi Lukino24 » 01/07/06 14:05

Non mi fa eliminare astRX.dll in C:\WINDOWS\System32\
Se tento di eliminarlo mi sparische lo chermo 3-4 volte e poi mi viene un messaggio di errore "couldn't delete this"
Che faccio?
Lukino24
Utente Senior
 
Post: 123
Iscritto il: 24/06/06 19:10
Località: Torino

Postdi andorra24 » 01/07/06 14:09

Cerca di eliminarlo con unlocker:
http://ccollomb.free.fr/unlocker/
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi Lukino24 » 01/07/06 15:27

Fatto, grazie!
Lukino24
Utente Senior
 
Post: 123
Iscritto il: 24/06/06 19:10
Località: Torino

Postdi Lukino24 » 01/07/06 18:00

Ma per sicurezza ve ne posto un'altro!


Logfile of HijackThis v1.99.1
Scan saved at 18.59.56, on 01/07/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Olivetti\ANY_WAY\olMntrService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD.EXE
C:\Programmi\Olivetti\ANY_WAY\olDvcStatus.exe
C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\OpenOffice.org 2.0\program\soffice.exe
C:\Programmi\OpenOffice.org 2.0\program\soffice.BIN
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Luca Monaco\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Class - {DA39029C-D291-A968-3FF4-D0990D5CB5FC} - C:\Programmi\LinkOptimizer\LinkOptimizer.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [OlStatusMon] "C:\Programmi\Olivetti\ANY_WAY\olDvcStatus.exe" dvcStatusMinimize
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programmi\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BFA3ADB-33AF-43AD-8A86-35E439A14387}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1E193BB-3363-414B-B549-58E4484316BA}: NameServer = 193.70.152.15 193.70.152.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{1BFA3ADB-33AF-43AD-8A86-35E439A14387}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{1BFA3ADB-33AF-43AD-8A86-35E439A14387}: NameServer = 192.168.0.1
O23 - Service: olMntrService - Olivetti - C:\Programmi\Olivetti\ANY_WAY\olMntrService.exe

Il pc va bene, ma mi da fastidio avere dei virus o altro sul computer!!!
Grazie della disponibilità!!
Lukino24
Utente Senior
 
Post: 123
Iscritto il: 24/06/06 19:10
Località: Torino

Postdi andorra24 » 01/07/06 18:33

Rimangono da eliminare queste voci:

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Class - {DA39029C-D291-A968-3FF4-D0990D5CB5FC} - C:\Programmi\LinkOptimizer\LinkOptimizer.dll (file missing)

Per quanto riguarda le voci 02 segui le istruzioni seguenti:

Citazione:
Originalmente inviato da Luke57
per la voce 02 (Browser Helper Objects) fai:
start>esegui>regedt32 (lo scrivi nello spazio bianco)>ok.
Si apre l’editor del registro, ciccando sui + accanto alle singole voci segui questo percorso:
HKEY_LOCAL_MACHINE\SOFTWARE\Micosoft\Windows\Curre ntVersion\Explorer\Browser Helper Objects, individui la voce che ti interessa rimuovere(in gergo tecnico è un CLSID)
,clic con il tasto dx su di essa, sul menu che compare scegli Autorizzazioni, sulla finestra che si apre scegli Avanzate, vai su Proprietario e confermi ( evidenziando di solito il nome dell’utente del computer)con ok, torni sulla pagina precedente e consenti il controllo completo mettendo le relative spunte>ok. A quel punto, cliccando con il tastro dx del mouse sul CLSID e scegliendo Elimina se ne dovrebbe andare. .
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi Lukino24 » 02/07/06 20:23

Questo invece è di un mio amico, posso postarvelo?


Logfile of HijackThis v1.99.1
Scan saved at 12:58:43 AM, on 7/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\BeamFile\BeamFile.exe
C:\Program Files\Creative\ShareDLL\MediaDet.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [EasyMessage] "C:\Program Files\Zango Messenger\em2.exe" -wait
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [BeamFile] "C:\Program Files\BeamFile\BeamFile.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Grouper.lnk = C:\Program Files\Grouper\Grouper.exe
O4 - Global Startup: LG SyncManager.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe


Il computer è lento stile lumaca...
Grazie!

P.S Come faccio a vedere le cose che vanno bene e quelle no?
Lukino24
Utente Senior
 
Post: 123
Iscritto il: 24/06/06 19:10
Località: Torino

Postdi Franz! » 02/07/06 20:34

O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
AdWare.ToolBar.Azesearch
Hit rate: 100,00 % Da eliminare!
-------------------------------------------------------------------------------------
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
E' consigliabile premere subito il pulsante Fix in HijackThis!

Il Download accelerator ha spyware all'interno
---------------------------------------------------------------------------------------

Comunqe le analisi puoi fartele anche da solo:
http://www.pc-facile.com/guide/guida_hijackthis/
Alcune regole sono fatte per essere eluse altre infrante [Matrix]
Strano gioco l'unico modo per vincere è non giocare [wargames]
http://hkanc.spaces.live.com/
http://www.ackronic.net/
Franz!
Utente Senior
 
Post: 369
Iscritto il: 30/01/06 21:14
Località: Roma

Postdi Lukino24 » 24/07/06 10:28

Cambiato il compiuter e mi da subito problemi... Ho provato a far da solo ma non ci sono riuschito! :cry: :D

Ecco qui!

Logfile of HijackThis v1.99.1
Scan saved at 11.22.29, on 24/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AVPersonal\AVGUARD.EXE
C:\Programmi\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Toolbar\TBPSSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\IPM\Adsl\DataWay\dslstat.exe
C:\WINDOWS\system32\dslagent.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\PROGRA~1\FILECO~1\WinTools\WToolsA.exe
C:\Programmi\Toolbar\TBPS.exe
C:\Programmi\NaviSearch\bin\nls.exe
C:\Programmi\Microsoft IntelliType Pro\type32.exe
C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Windows Media Player\wmplayer.exe
C:\Programmi\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Toolbar\PIB.exe
C:\Programmi\PhotoFiltre\PhotoFiltre.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Yahoo!\Messenger\ypager.exe
C:\Programmi\File comuni\WinTools\WSup.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Katherine Melendrez\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50162
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gw.aliceadsl.it/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.aliceadsl.it/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50162
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50162
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\FILECO~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\Programmi\Toolbar\toolbar.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\system32\nvms.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O2 - BHO: (no name) - {DE9BD092-B88D-E79A-EE22-BA14DA210DAB} - C:\DOCUME~1\KATHER~1\DATIAP~1\MPEGGP~1\AUDIO MEMO.exe
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmi\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\Programmi\Toolbar\toolbar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SplashDisplayer] C:\WINDOWS\System32\ISTHTB.EXE
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [SearchUpgrader] C:\Programmi\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Programmi\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\FILECO~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [TBPS] C:\Programmi\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Programmi\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [type32] "C:\Programmi\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [EasyMessage] "C:\Programmi\Zango Messenger\em2.exe" -wait
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IM2001] C:\Programmi\IM2001\IM2001.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programmi\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Bore Mags Default One] C:\Documents and Settings\All Users\Dati applicazioni\Boob Mapi Bore Mags\findpoll.exe
O4 - HKLM\..\Run: [frwk1.exe] C:\WINDOWS\TEMP\frwk1.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programmi\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: IM2001 - Instant Messaging - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programmi\IM2001\IM2001 (file missing)
O9 - Extra 'Tools' menuitem: &IM2001 - Instant Messaging - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programmi\IM2001\IM2001 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Alice - {CB89487C-E3DA-4235-ABF4-6C149051D26B} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1045687.exe
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://www.supersfondi.org/generale.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://deposito.hostance.net/dialer/1056307.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8B84203-8A2A-4EF0-BCE7-0FEC8B6AAB5C}: NameServer = 85.37.17.15 85.38.28.74
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\Programmi\Toolbar\toolbar.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programmi\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programmi\AVPersonal\AVWUPSRV.EXE
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\Programmi\Toolbar\TBPSSvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Programmi\File comuni\WinTools\WToolsS.exe (file missing)


Per me è da togliere O2 - BHO: (no name) - {DE9BD092-B88D-E79A-EE22-BA14DA210DAB} - C:\DOCUME~1\KATHER~1\DATIAP~1\MPEGGP~1\AUDIO MEMO.exe
ma non voglio combinare casini! Mi date una mano?= Grazie!
Lukino24
Utente Senior
 
Post: 123
Iscritto il: 24/06/06 19:10
Località: Torino

Postdi andorra24 » 24/07/06 11:06

Ma come hai fatto a ridurti in questo modo? Ci sono un sacco di cose da eliminare. :roll:

Apri hijackthis, premi su ''open the misc tools section'', poi premi ''open process manager'', individua le voci indicate sotto e premi ''kill process'':

C:\Programmi\Toolbar\TBPSSvc.exe
C:\Programmi\Toolbar\TBPS.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\PROGRA~1\FILECO~1\WinTools\WToolsA.exe
C:\Programmi\NaviSearch\bin\nls.exe
C:\PROGRA~1\Toolbar\PIB.exe
C:\Programmi\File comuni\WinTools\WSup.exe

Poi vai in basso e premi il tasto back e subito dopo il tasto scan. Metti la spunta nella casellina accanto alle voci indicate sotto e premi ''fix checked'' :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50162
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50162
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50162
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\FILECO~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\Programmi\Toolbar\toolbar.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\system32\nvms.dll
O2 - BHO: (no name) - {DE9BD092-B88D-E79A-EE22-BA14DA210DAB} - C:\DOCUME~1\KATHER~1\DATIAP~1\MPEGGP~1\AUDIO MEMO.exe
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmi\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\Programmi\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [SearchUpgrader] C:\Programmi\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Programmi\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\FILECO~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [TBPS] C:\Programmi\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Programmi\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [EasyMessage] "C:\Programmi\Zango Messenger\em2.exe" -wait
O4 - HKLM\..\Run: [Bore Mags Default One] C:\Documents and Settings\All Users\Dati applicazioni\Boob Mapi Bore Mags\findpoll.exe
O4 - HKLM\..\Run: [frwk1.exe] C:\WINDOWS\TEMP\frwk1.exe
O9 - Extra button: IM2001 - Instant Messaging - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programmi\IM2001\IM2001 (file missing)
O9 - Extra 'Tools' menuitem: &IM2001 - Instant Messaging - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programmi\IM2001\IM2001 (file missing)
O9 - Extra button: Alice - {CB89487C-E3DA-4235-ABF4-6C149051D26B} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1045687.exe
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://www.supersfondi.org/generale.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://deposito.hostance.net/dialer/1056307.exe
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\Programmi\Toolbar\toolbar.dll
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\Programmi\Toolbar\TBPSSvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Programmi\File comuni\WinTools\WToolsS.exe (file missing)

Vai nel Pannello di controllo/installazione applicazioni e disinstalla tutto cio' che non hai installato volutamente.

Vai su start/risorse del computer/strumenti/opzioni cartella/visualizzazione e metti la spunta su visualizza cartelle file nascosti e togli la spunta da ''nascondi i file protetti di sistema''.

Scarica killbox da qui:
http://www.bleepingcomputer.com/files/killbox.php
con killbox assicurati di eliminare i seguenti files:

C:\Programmi\Toolbar\TBPSSvc.exe (dopo aver eliminato il file exe elimina anche la cartella Toolbar)
C:\Programmi\Toolbar\TBPS.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe (dopo aver eliminato il file exe elimina anche la cartella P2P Networking)
C:\PROGRA~1\FILECO~1\WinTools\WToolsA.exe (dopo aver eliminato il file exe elimina anche la cartella WinTools)
C:\Programmi\NaviSearch\bin\nls.exe (dopo aver eliminato il file exe elimina anche la cartella NaviSearch)
C:\PROGRA~1\Toolbar\PIB.exe
C:\Programmi\File comuni\WinTools\WSup.exe
C:\PROGRA~1\FILECO~1\WinTools\WToolsB.dll
C:\Programmi\Toolbar\toolbar.dll
C:\Programmi\Common files\SearchUpgrader\SearchUpgrader.exe (dopo aver eliminato il file exe elimina anche la cartella SearchUpgrader)
C:\Programmi\BullsEye Network\bin\bargains.exe (dopo aver eliminato il file exe elimina anche la cartella BullsEye Network)
C:\Documents and Settings\All Users\Dati applicazioni\Boob Mapi Bore Mags\findpoll.exe (dopo aver eliminato il file exe elimina anche la cartella Boob Mapi Bore Mags)
C:\DOCUME~1\KATHER~1\DATIAP~1\MPEGGP~1\AUDIO MEMO.exe
c:\windows\system32\aklsp.dll
C:\WINDOWS\TEMP\frwk1.exe

Scarica ATF Cleaner da qui:
http://www.atribune.org/ccount/click.php?id=1
(per eliminare file temporanei di windows e IE)
Avvia ATF cleaner, clicca sul menu "main" e poi seleziona la casella "Select All". Adesso clicca sul pulsante "Empty selected" e aspetta il messaggio "Done Cleaning!"

Fai un paio di scansioni:

ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe
http://www.grisoft.cz/softw/70/filedir/ ... 0.172b.exe

Al termine posta un nuovo log di hijackthis.
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi andorra24 » 24/07/06 11:16

andorra24 ha scritto:
Scarica killbox da qui:
http://www.bleepingcomputer.com/files/killbox.php
con killbox assicurati di eliminare i seguenti files:

C:\Programmi\Toolbar\TBPSSvc.exe (dopo aver eliminato il file exe elimina anche la cartella Toolbar)
C:\Programmi\Toolbar\TBPS.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe (dopo aver eliminato il file exe elimina anche la cartella P2P Networking)
C:\PROGRA~1\FILECO~1\WinTools\WToolsA.exe (dopo aver eliminato il file exe elimina anche la cartella WinTools)
C:\Programmi\NaviSearch\bin\nls.exe (dopo aver eliminato il file exe elimina anche la cartella NaviSearch)
C:\PROGRA~1\Toolbar\PIB.exe
C:\Programmi\File comuni\WinTools\WSup.exe
C:\PROGRA~1\FILECO~1\WinTools\WToolsB.dll
C:\Programmi\Toolbar\toolbar.dll
C:\Programmi\Common files\SearchUpgrader\SearchUpgrader.exe (dopo aver eliminato il file exe elimina anche la cartella SearchUpgrader)
C:\Programmi\BullsEye Network\bin\bargains.exe (dopo aver eliminato il file exe elimina anche la cartella BullsEye Network)
C:\Documents and Settings\All Users\Dati applicazioni\Boob Mapi Bore Mags\findpoll.exe (dopo aver eliminato il file exe elimina anche la cartella Boob Mapi Bore Mags)
C:\DOCUME~1\KATHER~1\DATIAP~1\MPEGGP~1\AUDIO MEMO.exe
c:\windows\system32\aklsp.dll
C:\WINDOWS\TEMP\frwk1.exe


Con killbox elimina anche questi files:
C:\WINDOWS\system32\nvms.dll
C:\Programmi\MyWay\myBar\1.bin\MYBAR.DLL (dopo aver eliminato il file MYBAR.DLL elimina l'intera cartella MyWay)
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi Lukino24 » 24/07/06 13:13

Logfile of HijackThis v1.99.1
Scan saved at 14.09.15, on 24/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AVPersonal\AVGUARD.EXE
C:\Programmi\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\IPM\Adsl\DataWay\dslstat.exe
C:\WINDOWS\system32\dslagent.exe
C:\Programmi\Microsoft IntelliType Pro\type32.exe
C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\AVPersonal\AVGNT.EXE
C:\PROGRA~1\FILECO~1\WinTools\WToolsA.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Yahoo!\Messenger\ypager.exe
C:\Programmi\Windows Media Player\wmplayer.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmi\File comuni\WinTools\WSup.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Katherine Melendrez\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gw.aliceadsl.it/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.aliceadsl.it/home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\FILECO~1\WinTools\WToolsB.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [SplashDisplayer] C:\WINDOWS\System32\ISTHTB.EXE
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [type32] "C:\Programmi\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IM2001] C:\Programmi\IM2001\IM2001.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programmi\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Bore Mags Default One] C:\Documents and Settings\All Users\Dati applicazioni\Boob Mapi Bore Mags\findpoll.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\FILECO~1\WinTools\WToolsA.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe


Va bene così?
Lukino24
Utente Senior
 
Post: 123
Iscritto il: 24/06/06 19:10
Località: Torino

Postdi andorra24 » 24/07/06 13:32

Ci sono ancora cose da eliminare.
Apri hijackthis, premi su ''open the misc tools section'', poi premi ''open process manager'', individua le voci indicate sotto e premi ''kill process'':

C:\PROGRA~1\FILECO~1\WinTools\WToolsA.exe
C:\Programmi\File comuni\WinTools\WSup.exe

Poi vai in basso e premi il tasto back e subito dopo il tasto scan. Metti la spunta nella casellina accanto alle voci indicate sotto e premi ''fix checked'' :

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\FILECO~1\WinTools\WToolsB.dll
O4 - HKLM\..\Run: [Bore Mags Default One] C:\Documents and Settings\All Users\Dati applicazioni\Boob Mapi Bore Mags\findpoll.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\FILECO~1\WinTools\WToolsA.exe


Con killbox elimina i seguenti files:
C:\PROGRA~1\FILECO~1\WinTools\WToolsA.exe
C:\Programmi\File comuni\WinTools\WSup.exe
C:\PROGRA~1\FILECO~1\WinTools\WToolsB.dll
C:\Documents and Settings\All Users\Dati applicazioni\Boob Mapi Bore Mags\findpoll.exe

Se non ti serve questo instant messenger ''IM2001'' disinstallalo dal pannello di controllo.

Fai le scansioni che ti ho consigliato nel post precedente.
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi Lukino24 » 24/07/06 13:45

ogfile of HijackThis v1.99.1
Scan saved at 14.43.03, on 24/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AVPersonal\AVGUARD.EXE
C:\Programmi\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\IPM\Adsl\DataWay\dslstat.exe
C:\WINDOWS\system32\dslagent.exe
C:\Programmi\Microsoft IntelliType Pro\type32.exe
C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\AVPersonal\AVGNT.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Yahoo!\Messenger\ypager.exe
C:\Programmi\Windows Media Player\wmplayer.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmi\File comuni\WinTools\WSup.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\PhotoFiltre\PhotoFiltre.exe
C:\Programmi\File comuni\WinTools\WToolsA.exe
C:\Documents and Settings\Katherine Melendrez\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gw.aliceadsl.it/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.aliceadsl.it/home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\FILECO~1\WinTools\WToolsB.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [SplashDisplayer] C:\WINDOWS\System32\ISTHTB.EXE
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [type32] "C:\Programmi\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IM2001] C:\Programmi\IM2001\IM2001.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programmi\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\FILECO~1\WinTools\WToolsA.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programmi\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: IM2001 - Instant Messaging - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programmi\IM2001\IM2001 (file missing)
O9 - Extra 'Tools' menuitem: &IM2001 - Instant Messaging - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programmi\IM2001\IM2001 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Alice - {CB89487C-E3DA-4235-ABF4-6C149051D26B} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8B84203-8A2A-4EF0-BCE7-0FEC8B6AAB5C}: NameServer = 85.37.17.15 85.38.28.74
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programmi\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programmi\AVPersonal\AVWUPSRV.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Programmi\File comuni\WinTools\WToolsS.exe (file missing)

Seguitot tutto alla lettera! ma credo che ci sia qualcosa che non riesco a togliere...
Lukino24
Utente Senior
 
Post: 123
Iscritto il: 24/06/06 19:10
Località: Torino

Postdi andorra24 » 24/07/06 14:01

andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi andorra24 » 24/07/06 14:03

andorra24 ha scritto:Prima esegui alcune scansioni e poi posta un nuovo log di hijackthis:

http://securityresponse.symantec.com/av ... xVundo.exe
http://www.superantispyware.com/downloa ... PYWAREFREE

Lancia anche questo tool:
http://www.trendmicro.com/ftp/products/ ... redder.exe
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi Lukino24 » 24/07/06 18:45

Logfile of HijackThis v1.99.1
Scan saved at 19.39.32, on 24/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AVPersonal\AVGUARD.EXE
C:\Programmi\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\IPM\Adsl\DataWay\dslstat.exe
C:\WINDOWS\system32\dslagent.exe
C:\Programmi\Microsoft IntelliType Pro\type32.exe
C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Yahoo!\Messenger\ypager.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmi\File comuni\WinTools\WSup.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Katherine Melendrez\Desktop\HijackThis.exe
C:\Programmi\File comuni\WinTools\WToolsA.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gw.aliceadsl.it/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.aliceadsl.it/home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [SplashDisplayer] C:\WINDOWS\System32\ISTHTB.EXE
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [type32] "C:\Programmi\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IM2001] C:\Programmi\IM2001\IM2001.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programmi\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\FILECO~1\WinTools\WToolsA.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programmi\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: IM2001 - Instant Messaging - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programmi\IM2001\IM2001 (file missing)
O9 - Extra 'Tools' menuitem: &IM2001 - Instant Messaging - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programmi\IM2001\IM2001 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Alice - {CB89487C-E3DA-4235-ABF4-6C149051D26B} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8B84203-8A2A-4EF0-BCE7-0FEC8B6AAB5C}: NameServer = 85.37.17.15 85.38.28.74
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programmi\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programmi\AVPersonal\AVWUPSRV.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Programmi\File comuni\WinTools\WToolsS.exe (file missing)


Ecco qui! Grazie di tutto!
Lukino24
Utente Senior
 
Post: 123
Iscritto il: 24/06/06 19:10
Località: Torino

Postdi andorra24 » 24/07/06 19:27

Non se ne vogliono andare a quanto pare. Apri hijackthis, premi su ''open the misc tools section'', poi premi ''open process manager'', individua le voci indicate sotto e premi ''kill process'':

C:\Programmi\File comuni\WinTools\WSup.exe
C:\Programmi\File comuni\WinTools\WToolsA.exe

Poi vai in basso e premi il tasto back e subito dopo il tasto scan. Metti la spunta nella casellina accanto alle voci indicate sotto e premi ''fix checked'' :

O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\FILECO~1\WinTools\WToolsA.exe
O9 - Extra button: IM2001 - Instant Messaging - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programmi\IM2001\IM2001 (file missing)
O9 - Extra 'Tools' menuitem: &IM2001 - Instant Messaging - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programmi\IM2001\IM2001 (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Programmi\File comuni\WinTools\WToolsS.exe (file missing)

Scarica unlocker: http://ccollomb.free.fr/unlocker/
oppure delete doctor: http://www.megalab.it/articoli.php?id=652

Con questi tool cerca di eliminare i seguenti files:
C:\Programmi\File comuni\WinTools\WSup.exe
C:\Programmi\File comuni\WinTools\WToolsA.exe
c:\windows\system32\aklsp.dll
C:\Programmi\File comuni\WinTools\WToolsS.exe
poi elimina l'intera cartella WinTools.
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Prossimo

Torna a Sicurezza e Privacy


Topic correlati a "Mi ci date un'occhiata?":


Chi c’è in linea

Visitano il forum: Nessuno e 33 ospiti