Condividi:        

e1xplorer

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Postdi tarbh » 14/08/06 09:30

Dimenticavo tutta la pappardella ;)


Logfile of HijackThis v1.99.1
Scan saved at 10.33.09, on 14/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Trend Micro\Internet Security\pccguide.exe
C:\Programmi\Trend Micro\Internet Security\PCClient.exe
C:\Programmi\Trend Micro\Internet Security\TMOAgent.exe
C:\WINDOWS\system32\spoolsvc.exe
C:\Programmi\Logitech\SetPoint\KEM.exe
C:\Programmi\Logitech\SetPoint\KHALMNPR.EXE
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Trend Micro\Internet Security\Tmntsrv.exe
C:\Programmi\Trend Micro\Internet Security\tmproxy.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\PROGRA~1\Symantec\WinFax\WFXMOD32.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Microsoft Office\Office10\WINWORD.EXE
C:\Programmi\Symantec\WinFax\wfxctl32.exe
C:\Documents and Settings\Davide\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.1987324.com?301
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.nero.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https=127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: ComCap - {E1B2E864-8BFC-4072-AE11-924E0F8BBA96} - C:\WINDOWS\system32\comcap16.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: Intense - {FB47056B-B34D-410E-819A-E8A51CC8E2EB} - C:\WINDOWS\system32\Kaboom.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Toolbar\01.01.2607.0\it\msntb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [pccguide.exe] "C:\Programmi\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Programmi\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Programmi\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\system32\spoolsvc.exe
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: Impostazioni.lnk = C:\Programmi\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Trend Micro Internet Security.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.1987324.com
O15 - Trusted Zone: *.aflashcounter.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O18 - Protocol: bw+0 - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {6ECE8D7F-0D62-496B-8D14-71017683E765} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Programmi\Trend Micro\Internet Security\PccPfw.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Programmi\Trend Micro\Internet Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Programmi\Trend Micro\Internet Security\tmproxy.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
tarbh
Newbie
 
Post: 5
Iscritto il: 14/08/06 09:20
Località: Turin

Sponsor
 

Postdi andorra24 » 14/08/06 09:45

Ciao, come prima cosa devi seguire le semplici indicazioni di questo link per eliminare il trojan bomka (kaboom.dll) :

http://www.greatis.com/security/ICQCHK. ... emover.htm

Adesso veniamo al log. Apri hijackthis, premi su ''open the misc tools section'', poi premi ''open process manager'', individua (se presente) la voce indicata sotto e premi ''kill process'':

C:\WINDOWS\system32\spoolsvc.exe

Poi vai in basso e premi il tasto back e subito dopo il tasto scan. Metti la spunta nella casellina accanto alle voci indicate sotto e premi ''fix checked'' :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.1987324.com?301
O2 - BHO: ComCap - {E1B2E864-8BFC-4072-AE11-924E0F8BBA96} - C:\WINDOWS\system32\comcap16.dll
O2 - BHO: Intense - {FB47056B-B34D-410E-819A-E8A51CC8E2EB} - C:\WINDOWS\system32\Kaboom.dll
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\system32\spoolsvc.exe
O15 - Trusted Zone: http://www.1987324.com
O15 - Trusted Zone: *.aflashcounter.com

Vai su start/risorse del computer/strumenti/opzioni cartella/visualizzazione e metti la spunta su visualizza cartelle file nascosti e togli la spunta da ''nascondi i file protetti di sistema''.

Scarica killbox da qui:
http://www.bleepingcomputer.com/files/killbox.php
con killbox assicurati che spariscano dal tuo pc i seguenti files (se presenti) :

C:\WINDOWS\system32\spoolsvc.exe (da non confondere con il legittimo spoolsv.exe)
C:\WINDOWS\system32\Kaboom.dll
C:\WINDOWS\system32\comcap16.dll
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi Luke57 » 14/08/06 09:51

Ciao, apri hijackthis, con tutte le applicazioni chiuse e disconnesso da internet, premi “open the misc tools section”, poi “open process manger”, individua ed evidenzia i processi:
C:\WINDOWS\system32\spoolsvc.exe
Premi kill process.

Torni alla pagina principale con back, premi “scan”, cerchi e spunti le seguenti voci:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.1987324.com?301
R3 - Default URLSearchHook is missing
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: ComCap - {E1B2E864-8BFC-4072-AE11-924E0F8BBA96} - C:\WINDOWS\system32\comcap16.dll
O2 - BHO: Intense - {FB47056B-B34D-410E-819A-E8A51CC8E2EB} - C:\WINDOWS\system32\Kaboom.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\system32\spoolsvc.exe
O15 - Trusted Zone: http://www.1987324.com
O15 - Trusted Zone: *.aflashcounter.com

Premi fix checked

Riavvia in modalità provvisoria
(Avviare il computer.Subito dopo il calcolo della RAM e prima che inizi a caricarsi Windows, iniziare a premere ripetutamente il tasto F8 sulla tastiera. Continuare a farlo fino a visualizzare il menu Opzioni avanzate di Windows. Usando i tasti freccia sulla tastiera, scorrere le opzioni e selezionare il menu Modalità Provvisoria, quindi premere Invio)

Rendi visibili file e cartelle nascosti:
da gestione del computer>strumenti>Opzioni Cartella
Seleziona Visualizza
Spunta "mostra file e cartelle nascoste"
Togli la spunta da "nascondi file protetti di sistema (consigliato)
Premi OK


Cerca ed elimina i seguenti file e cartelle:
CC:\WINDOWS\system32\spoolsvc.exe
C:\WINDOWS\system32\comcap16.dll
C:\WINDOWS\system32\Kaboom.dll
C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll


Elimina poi tutti i file temporanei di windows temp e tmp (da start>cerca>tutti i file e cartelle, copi e incolli: *.temp;*.tmp, ed elimini tutti quelli trovati)

sulle opzioni Internet cancella la cache di IE ( sull’opzione elimina file temporanei spunta anche “elimina il contenuto non in linea”, i cookies, cronologia)

Da pannello di controllo, installazioni\applicazioni, elimina le applicazioni sospette non installate da te

svuota il cestino.

Riavvia in mdo.normale, collegati qui:
http://collectiontricks.p2pforum.it/mod ... idedito=21
scarica il tool Bomka C. e fai una scansione.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi tarbh » 14/08/06 10:43

... incominciamo bene!

non mi fa cancellare il file dentro windows!!!!
Dice:
The select process could not be killed. It may already closed, or it may beprotected by windows.

this process might be a service, which you can stopfrom the service applet in admin tools.

Cosa vuol dire??

Scusate ma sono proprio ignorante!
tarbh
Newbie
 
Post: 5
Iscritto il: 14/08/06 09:20
Località: Turin

Postdi andorra24 » 14/08/06 11:00

Spiegati meglio. Qual e' il passaggio che ti sta creando difficolta'?
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi tarbh » 14/08/06 11:15

Caspita, stavo cancellando spoolsv.exe!!!

Meno male che me ne sono accorto!

Ho fatto tutti i passaggi! Ho riavviato e non si è più presentato!
Spero di aver fatto tutto giusto!

C'è un modo per verificare di non aver ancora quella m.... nel pc?
tarbh
Newbie
 
Post: 5
Iscritto il: 14/08/06 09:20
Località: Turin

Postdi andorra24 » 14/08/06 11:33

tarbh ha scritto:Caspita, stavo cancellando spoolsv.exe!!!

Meno male che me ne sono accorto!

Ho fatto tutti i passaggi! Ho riavviato e non si è più presentato!
Spero di aver fatto tutto giusto!

C'è un modo per verificare di non aver ancora quella m.... nel pc?

Si infatti nel mio messaggio ti avevo specificato di non confondere spoolsvc.exe con il legittimo spoolsv.exe. Si differenziano solo per una c

Se hai fatto tutto direi che puoi postare un nuovo log di hijackthis per un controllo.
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi poeta 64 » 15/08/06 12:23

Andorra ti ringrazio infinitamente. Il problema sembra risolto. No non ho usato panda, ho una versione del norton del 2004, che ho disinstallato ed ho provato a reinstallare senza successo, conosci un buon antivirus che posso scaricare dalla rete che mi protegge da assalti? Grazie ancora.il file apvxdwin.exe e pulito. ciao
poeta 64
Newbie
 
Post: 2
Iscritto il: 13/08/06 13:04

Postdi andorra24 » 15/08/06 12:52

Se vuoi un buon antivirus free ti consiglio avast home oppure antivir. Se invece cerchi un buon antivirus a pagamento ti consiglio kaspersky o nod32.
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi ginno » 15/08/06 14:08

Ciao ragazzi ho un problema simile:
vi posto il log di Hjack,sono troppo in crisi amici,temo anche di aver cancellato qualche voce utile,nel tentativo di eliminare il problema:

Logfile of HijackThis v1.99.1
Scan saved at 15.07.13, on 15/08/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Programmi\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
C:\WINDOWS\CTHELPER.EXE
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
C:\Programmi\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Proprietario.NOME-SUY66U0SY5.002\Documenti\Otri\Softwares\killsgrunt.exe
C:\Programmi\DAP\DAP.EXE
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\Proprietario.NOME-SUY66U0SY5.002\Documenti\Otri\Softwares\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/oggi/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programmi\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programmi\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O8 - Extra context menu item: &Cerca con Google - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: &Traduci parola in italiano - res://C:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://keyb74gabriele.spaces.live.com// ... nPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/06848366899 ... 601_it.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6846047031
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6849685140
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.virgilio.it/downloa ... ctiveX.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://cache10.itv.mop.com/pCastCtl-1.0.0.88_signed.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A431C5EA-8EAC-4DF6-94B7-4D5EF4C89322}: NameServer = 85.37.17.4 85.38.28.70
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
ginno
Utente Junior
 
Post: 17
Iscritto il: 13/08/06 20:03

Postdi Alexsandra » 15/08/06 14:19

Avatar utente
Alexsandra
Utente Senior
 
Post: 2358
Iscritto il: 09/01/06 20:31

Postdi ginno » 15/08/06 14:35

ho seguito le indicazioni di quel sito,però il problema ora s'è nutato:
quando apro una pag.web,questa si chiude da sola,dopo pochi secondi.
Che posso fare amici?
ginno
Utente Junior
 
Post: 17
Iscritto il: 13/08/06 20:03

Postdi ginno » 15/08/06 15:03

ma c'è qualcuno che mi possa aiutare?
non riesco più a vedere le pagine internet,perchè,dopo pochi sencondi che le ho aperte,si chiudono da sole
ginno
Utente Junior
 
Post: 17
Iscritto il: 13/08/06 20:03

Postdi Alexsandra » 15/08/06 16:48

qualcuno che ti stà aiutando c'è però se tu posti lo stesso problema in 2 topic diversi come facciamo??
ti è stato risposto nell'altro
http://www.pc-facile.com/forum/viewtopi ... 531#293531
Avatar utente
Alexsandra
Utente Senior
 
Post: 2358
Iscritto il: 09/01/06 20:31

Postdi ginno » 15/08/06 16:56

OPS SCUSATEMI,ME NE SONO ACCORTO ORA;
STO CERCANDO DI RISOLVERE STO PROBLEMA AL PC DI MIA FIGLIA,E NON è CHE NE CAPISCA MOLTO.
CMQ GRAZIE MILLE RAGAZZI
ginno
Utente Junior
 
Post: 17
Iscritto il: 13/08/06 20:03

Postdi lupos3 » 21/08/06 14:52

Ciao a tutti il pazientissimo e disponibilissimo luke 57 mi ha dato una mano a togliere questo fastidiosissimo verme
ora cosa devo fare per capire se e' stato definitivamente eliminato?
grazie
lupos3
Utente Senior
 
Post: 177
Iscritto il: 20/08/06 14:15

Postdi padrino » 29/08/06 01:15

Ciao a tutti.
Qualcuno può aiutare anche me please. :roll:
Ecco il log.

Logfile of HijackThis v1.99.1
Scan saved at 1.53.03, on 29/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programmi\Network Associates\Common Framework\FrameworkService.exe
C:\Programmi\Network Associates\VirusScan\Mcshield.exe
C:\Programmi\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\Network Associates\VirusScan\SHSTAT.EXE
C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe
C:\Programmi\File comuni\Network Associates\TalkBack\TBMon.exe
C:\Programmi\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Programmi\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Administrator\Dati applicazioni\ratorefaci\sysrtmvs.exe
C:\Programmi\Creative\MediaSource\Detector\CTDetect.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\File comuni\Logitech\KhalShared\KHALMNPR.EXE
C:\Programmi\Creative\ShareDLL\CADI\NotiMan.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
E:\Programmi\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 205.238.40.2 http://www.winmx.com
O1 - Hosts: 205.238.40.2 err.winmx.com
O1 - Hosts: 209.67.209.50 test3201.winmx.com test3203.winmx.com test3205.winmx.com test3207.winmx.com
O1 - Hosts: 82.43.224.20 test3202.winmx.com test3204.winmx.com test3206.winmx.com test3208.winmx.com
O1 - Hosts: 209.67.209.50 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com
O1 - Hosts: 212.227.64.159 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com
O1 - Hosts: 212.227.64.159 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com
O2 - BHO: edit_html Class - {14D1A72D-8705-11D8-B120-0040F46CB696} - C:\Documents and Settings\Administrator\Desktop\827133412.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmi\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Programmi\File comuni\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [mmtask] "C:\Programmi\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Programmi\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Programmi\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programmi\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programmi\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [aouei] C:\Documents and Settings\Administrator\Dati applicazioni\ratorefaci\sysrtmvs.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Programmi\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Startup: ATITool.lnk = C:\Programmi\ATITool\ATITool.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.adslconnection.name
O15 - Trusted Zone: http://www.softlab.name
O15 - Trusted Zone: http://www.xxx-content.name
O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.4players.de/LaunchGame.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio di framework di McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Programmi\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programmi\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programmi\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programmi\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

Grazie anticipatamente ;)
padrino
Newbie
 
Post: 7
Iscritto il: 29/08/06 01:12
Località: Messina

Postdi andorra24 » 29/08/06 04:07

Ciao, apri hijackthis, premi su ''open the misc tools section'', poi premi ''open process manager'', individua la voce indicata sotto e premi ''kill process'':

C:\Documents and Settings\Administrator\Dati applicazioni\ratorefaci\sysrtmvs.exe

Poi vai in basso e premi il tasto back e subito dopo il tasto scan. Metti la spunta nella casellina accanto alle voci indicate sotto e premi ''fix checked'' :

O2 - BHO: edit_html Class - {14D1A72D-8705-11D8-B120-0040F46CB696} - C:\Documents and Settings\Administrator\Desktop\827133412.dll (file missing)
O4 - HKLM\..\Run: [aouei] C:\Documents and Settings\Administrator\Dati applicazioni\ratorefaci\sysrtmvs.exe
O15 - Trusted Zone: http://www.adslconnection.name
O15 - Trusted Zone: http://www.softlab.name
O15 - Trusted Zone: http://www.xxx-content.name

Vai su start/risorse del computer/strumenti/opzioni cartella/visualizzazione e metti la spunta su visualizza cartelle file nascosti e togli la spunta da ''nascondi i file protetti di sistema''.

Scarica killbox da qui:
http://www.bleepingcomputer.com/files/killbox.php
con killbox assicurati che spariscano dal tuo pc i seguenti files (se presenti) :
C:\Documents and Settings\Administrator\Dati applicazioni\ratorefaci\sysrtmvs.exe (dopo aver eliminato il file exe elimina la cartella ratorefaci)
C:\Documents and Settings\Administrator\Desktop\827133412.dll
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi padrino » 31/08/06 11:16

Grazie andorra24.
Sembra tutto risolto ;)

Padrino
padrino
Newbie
 
Post: 7
Iscritto il: 29/08/06 01:12
Località: Messina

Postdi andorra24 » 31/08/06 11:39

padrino ha scritto:Grazie andorra24.
Sembra tutto risolto ;)

Padrino

Mi fa piacere. ;)
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

PrecedenteProssimo

Torna a Sicurezza e Privacy


Topic correlati a "e1xplorer":

e1xplorer
Autore: Zaba
Forum: Sicurezza e Privacy
Risposte: 4

Chi c’è in linea

Visitano il forum: Nessuno e 29 ospiti