Condividi:        

Istant Access

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Istant Access

Postdi biki » 06/04/07 10:15

...buongiorno a tutti, scusatemi se apro questo nuovo topic, ho letto nelle discussioni precedenti che questo simpatico amico sta dando problemi a tutti.. Ormai è più di una settimana che la connessione (alice adsl), nel momento in cui apro Internet Explorer (che per caricare la pagina impiega moltissimo tempo) cade, aprendo e connettendosi ad Istant Access... per questo ora uso Firefox, che non mi crea problemi... come posso fare?

Grazie per un'eventuale risposta
biki
Newbie
 
Post: 3
Iscritto il: 06/04/07 10:03

Sponsor
 

Postdi Mikele46 » 06/04/07 21:25

prova a postare un log di hijackthis...e vediamo
Avatar utente
Mikele46
Utente Senior
 
Post: 521
Iscritto il: 20/08/06 15:16
Località: Napoli

Postdi biki » 08/04/07 11:04

Ecco qui... premetto che pensavo che il problema si fosse risolto... ma niente...

Logfile of HijackThis v1.99.1
Scan saved at 12.03.28, on 08/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Network Associates\Common Framework\FrameworkService.exe
C:\Programmi\Network Associates\VirusScan\Mcshield.exe
C:\Programmi\Network Associates\VirusScan\VsTskMgr.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Network Associates\VirusScan\SHSTAT.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Java\j2re1.4.2_03\bin\bak\jusched.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programmi\ARESCOM\Modem Telindus Arescom ND220b\dslmon.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\3M\PSNLite\PsnLite.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe
C:\Programmi\MSN Messenger\livecall.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\PROPRI~1\IMPOST~1\Temp\Rar$EX00.062\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-it10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.virgilio.it/free
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Tin.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programmi\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Vista HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmi\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programmi\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Programmi\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmi\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Programmi\File comuni\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Programmi\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [BackupNotify] c:\Programmi\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Programmi\3M\PSNLite\PsnLite.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.virgilio.it/free
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b30149.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-U ... E_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b30149.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{04D40984-9C3C-4C98-B95B-0017504C9975}: NameServer = 85.37.17.49 85.38.28.91
O17 - HKLM\System\CCS\Services\Tcpip\..\{DFD4EFC6-F6EA-40B9-A687-02C25E792CBB}: NameServer = 212.216.172.162
O17 - HKLM\System\CS1\Services\Tcpip\..\{04D40984-9C3C-4C98-B95B-0017504C9975}: NameServer = 85.37.17.49 85.38.28.91
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Programmi\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programmi\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programmi\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Programmi\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
biki
Newbie
 
Post: 3
Iscritto il: 06/04/07 10:03

Postdi Luke57 » 08/04/07 11:21

Ciao, scarica Findawf da qui:
http://noahdfear.geekstogo.com/FindAWF.exe

Esegui il file, si aprirà una finestra dos, premi invio per continuare, finito tutto si aprirà il block notes, copia e incolla il contenuto in un post
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi biki » 08/04/07 12:36

ecco qui... grazie ^^

Find AWF report by noahdfear ©2006


bak folders found
~~~~~~~~~~~

Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 24E3-812D

Directory di C:\HP\KBD\BAK

11/02/2003 20.02 61.440 KBD.EXE
1 File 61.440 byte
2 Directory 36.166.529.024 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 24E3-812D

Directory di C:\PROGRA~1\ITUNES\BAK

30/10/2006 10.36 256.576 iTunesHelper.exe
1 File 256.576 byte
2 Directory 36.166.529.024 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 24E3-812D

Directory di C:\PROGRA~1\MESSEN~1\BAK

0 File 0 byte
2 Directory 36.166.524.928 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 24E3-812D

Directory di C:\PROGRA~1\MULTIM~1\BAK

29/10/2003 11.17 135.168 shwicon2k.exe
1 File 135.168 byte
2 Directory 36.166.524.928 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 24E3-812D

Directory di C:\PROGRA~1\QUICKT~1\BAK

25/10/2006 19.58 282.624 qttask.exe
1 File 282.624 byte
2 Directory 36.166.524.928 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 24E3-812D

Directory di C:\PROGRA~1\SPYWAR~1\BAK

27/01/2007 14.58 2.903.040 SpywareTerminatorShield.exe
1 File 2.903.040 byte
2 Directory 36.166.524.928 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 24E3-812D

Directory di C:\PROGRA~1\WINAMP\BAK

23/02/2006 21.10 35.328 winampa.exe
1 File 35.328 byte
2 Directory 36.166.524.928 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 24E3-812D

Directory di C:\WINDOWS\CREATOR\BAK

18/12/2003 00.31 118.784 Remind_XP.exe
1 File 118.784 byte
2 Directory 36.166.524.928 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 24E3-812D

Directory di C:\WINDOWS\SMINST\BAK

03/11/2003 17.50 221.184 RECGUARD.EXE
1 File 221.184 byte
2 Directory 36.166.524.928 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 24E3-812D

Directory di C:\WINDOWS\SYSTEM\BAK

01/04/2007 19.54 179 hpsysdrv.DAT
07/05/1998 17.04 52.736 hpsysdrv.exe
2 File 52.915 byte
2 Directory 36.166.524.928 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 24E3-812D

Directory di C:\WINDOWS\SYSTEM32\BAK

20/08/2004 00.39 15.360 ctfmon.exe
21/08/2003 04.17 483.328 hphmon05.exe
16/10/2002 16.57 81.920 ps2.exe
3 File 580.608 byte
2 Directory 36.166.524.928 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 24E3-812D

Directory di C:\PROGRA~1\ATITEC~1\ATICON~1\BAK

25/11/2003 21.10 335.872 atiptaxx.exe
1 File 335.872 byte
2 Directory 36.166.520.832 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 24E3-812D

Directory di C:\PROGRA~1\CANON\EASY-P~2\BAK

17/10/2006 03.20 398.944 BJPSMAIN.EXE
1 File 398.944 byte
2 Directory 36.166.520.832 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 24E3-812D

Directory di C:\PROGRA~1\CREATIVE\SHARED~1\BAK

30/07/2004 11.04 245.760 CAMTRAY.EXE
1 File 245.760 byte
2 Directory 36.166.520.832 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 24E3-812D

Directory di C:\PROGRA~1\HP\{45B61~1\BAK

21/08/2003 04.23 49.152 hphupd05.exe
1 File 49.152 byte
2 Directory 36.166.520.832 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 24E3-812D

Directory di C:\PROGRA~1\NETWOR~1\COMMON~1\BAK

06/08/2004 04.50 139.320 UpdaterUI.exe
1 File 139.320 byte
2 Directory 36.166.520.832 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 24E3-812D

Directory di C:\PROGRA~1\NETWOR~1\VIRUSS~1\BAK

0 File 0 byte
2 Directory 36.166.520.832 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 24E3-812D

Directory di C:\PROGRA~1\FILECO~1\NETWOR~1\TALKBACK\BAK

07/10/2003 10.48 147.514 TBMon.exe
1 File 147.514 byte
2 Directory 36.166.520.832 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 24E3-812D

Directory di C:\PROGRA~1\FILECO~1\REAL\UPDATE~1\BAK

13/06/2006 15.27 180.269 realsched.exe
1 File 180.269 byte
2 Directory 36.166.520.832 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 24E3-812D

Directory di C:\PROGRA~1\FILECO~1\SONIC\UPDATE~1\BAK

19/08/2003 09.01 110.592 sgtray.exe
1 File 110.592 byte
2 Directory 36.166.520.832 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 24E3-812D

Directory di C:\PROGRA~1\GOOGLE\GOOGLE~1\121128~1.546\BAK

19/03/2007 19.49 171.448 GoogleToolbarNotifier.exe
1 File 171.448 byte
2 Directory 36.166.520.832 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 24E3-812D

Directory di C:\PROGRA~1\HP\DIGITA~1\BIN\BAK

09/01/2004 02.34 32.768 backupnotify.exe
1 File 32.768 byte
2 Directory 36.166.520.832 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 24E3-812D

Directory di C:\PROGRA~1\JAVA\J2RE14~1.2_0\BIN\BAK

01/01/2004 23.24 32.881 jusched.exe
1 File 32.881 byte
2 Directory 36.166.516.736 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 24E3-812D

Directory di C:\PROGRA~1\ADOBE\PHOTOS~2\3.0\APPS\BAK

07/07/2005 19.41 57.344 apdproxy.exe
1 File 57.344 byte
2 Directory 36.166.516.736 byte disponibili
Il volume nell'unit… C Š HP_PAVILION
Numero di serie del volume: 24E3-812D

Directory di C:\PROGRA~1\HPPAVI~1\PAVILION\XPHWWBP4\PLUGIN\BIN\BAK

02/01/2004 01.03 155.648 PCHButton.exe
1 File 155.648 byte
2 Directory 36.166.516.736 byte disponibili


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

24076 5 Apr 2007 "C:\hp\KBD\KBD.EXE"
61440 11 Feb 2003 "C:\hp\KBD\bak\KBD.EXE"
256576 30 Oct 2006 "C:\Programmi\iTunes\bak\iTunesHelper.exe"
102400 25 Dec 2006 "C:\WINDOWS\Installer\{446DBFFA-4088-48E3-8932-74316BA4CAE4}\iTunesIco.exe"
108096 30 Oct 2006 "C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 7.0.2.16\iTunesSetupAdmin.exe"
24076 5 Apr 2007 "C:\Programmi\Multimedia Card Reader\shwicon2k.exe"
135168 29 Oct 2003 "C:\Programmi\Multimedia Card Reader\bak\shwicon2k.exe"
282624 25 Oct 2006 "C:\Programmi\QuickTime\bak\qttask.exe"
8329840 26 Jan 2007 "C:\Programmi\Spyware Terminator\SpywareTerminator.Exe"
2903040 27 Jan 2007 "C:\Programmi\Spyware Terminator\bak\SpywareTerminatorShield.exe"
35328 23 Feb 2006 "C:\Programmi\Winamp\bak\winampa.exe"
118784 18 Dec 2003 "C:\WINDOWS\CREATOR\bak\Remind_XP.exe"
24076 5 Apr 2007 "C:\WINDOWS\SMINST\RECGUARD.EXE"
221184 3 Nov 2003 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
188 23 Mar 2007 "C:\WINDOWS\system\hpsysdrv.DAT"
179 1 Apr 2007 "C:\WINDOWS\system\bak\hpsysdrv.DAT"
24076 5 Apr 2007 "C:\WINDOWS\system\hpsysdrv.exe"
52736 7 May 1998 "C:\WINDOWS\system\bak\hpsysdrv.exe"
15360 20 Aug 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 20 Aug 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
24076 5 Apr 2007 "C:\WINDOWS\system32\hphmon05.exe"
483328 21 Aug 2003 "C:\WINDOWS\system32\bak\hphmon05.exe"
24076 5 Apr 2007 "C:\WINDOWS\system32\ps2.exe"
81920 16 Oct 2002 "C:\hp\drivers\keyboard\PS2.EXE"
81920 16 Oct 2002 "C:\WINDOWS\system32\bak\ps2.exe"
24076 5 Apr 2007 "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"
335872 25 Nov 2003 "C:\Programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
398944 17 Oct 2006 "C:\Programmi\Canon\Easy-PrintToolBox\bak\BJPSMAIN.EXE"
245760 30 Jul 2004 "C:\Programmi\Creative\Shared Files\bak\CAMTRAY.EXE"
24076 5 Apr 2007 "C:\Programmi\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe"
49152 21 Aug 2003 "C:\Programmi\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\bak\hphupd05.exe"
24076 22 Mar 2007 "C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe1175248809"
139320 6 Aug 2004 "C:\Programmi\Network Associates\Common Framework\bak\UpdaterUI.exe"
147514 7 Oct 2003 "C:\Programmi\File comuni\Network Associates\TalkBack\bak\TBMon.exe"
180269 13 Jun 2006 "C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe"
24076 5 Apr 2007 "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe"
110592 19 Aug 2003 "C:\Programmi\File comuni\Sonic\Update Manager\bak\sgtray.exe"
52272 19 Mar 2007 "C:\Programmi\Google\googletoolbar2user.exe"
608936 13 Jun 2006 "C:\Programmi\File comuni\Real\GToolbar\GoogleToolbarInstaller.exe"
138168 19 Mar 2007 "C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe"
24076 5 Apr 2007 "C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe"
171448 19 Mar 2007 "C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe"
860240 19 Mar 2007 "C:\Documents and Settings\Proprietario\Impostazioni locali\Temporary Internet Files\Content.IE5\GX2BCT6V\GoogleToolbarInstaller_ADBx_it_401019_signed.exe"
24076 5 Apr 2007 "C:\Programmi\HP\Digital Imaging\bin\backupnotify.exe"
32768 9 Jan 2004 "C:\Programmi\HP\Digital Imaging\bin\bak\backupnotify.exe"
24076 5 Apr 2007 "C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe"
32873 19 Aug 2003 "C:\Programmi\Java\j2re1.4.2_01\bin\jusched.exe"
32881 1 Jan 2004 "C:\Programmi\Java\j2re1.4.2_03\bin\bak\jusched.exe"
57344 7 Jul 2005 "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe"
24076 5 Apr 2007 "C:\Programmi\HP Pavilion PC Help\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe"
155648 2 Jan 2004 "C:\Programmi\HP Pavilion PC Help\Pavilion\XPHWWBP4\plugin\bin\bak\PCHButton.exe"
155648 2 Jan 2004 "C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe"


end of report
biki
Newbie
 
Post: 3
Iscritto il: 06/04/07 10:03

Postdi Luke57 » 08/04/07 20:08

Ciao, questo malfare sostituisce i file legittimi dei processi di avvio conn le sue copie infette e tu hai un incredibile numero di programmi in avvio. Ho fatto una fatica

Comunque, disinstalla la console java da installazioni applicazioni ed installa la versione più recente http://java.sun.com/javase/downloads/index.jsp
Vai fino alla voce "Java Runtime Environment (JRE) 6u1
The Java SE Runtime Environment (JRE) allows end-users to run Java applications. " e clicca sul pulsante "Download" una volta scaricato il software installalo.

scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip
Decomprimi l'archivio
Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte in neretto:

Files to move:
C:\hp\KBD\bak\KBD.EXE| C:\hp\KBD\KBD.EXE
C:\Programmi\iTunes\bak\iTunesHelper.exe| C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Multimedia Card Reader\bak\shwicon2k.exe | C:\Programmi\Multimedia Card Reader\shwicon2k.exe
C:\Programmi\QuickTime\bak\qttask.exe| C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Spyware Terminator\bak\SpywareTerminatorShield.exe | C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\Programmi\Winamp\bak\winampa.exe | C:\Programmi\Winamp\winampa.exe
C:\WINDOWS\CREATOR\bak\Remind_XP.exe| C:\WINDOWS\CREATOR\Remind_XP.exe
C:\WINDOWS\SMINST\bak\RECGUARD.EXE| C:\WINDOWS\SMINST\RECGUARD.EXE
C:\WINDOWS\system\bak\hpsysdrv.DAT| C:\WINDOWS\system\hpsysdrv.DAT
C:\WINDOWS\system\bak\hpsysdrv.exe| C:\WINDOWS\system\hpsysdrv.exe
C:\WINDOWS\system32\bak\ctfmon.exe| C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\bak\hphmon05.exe | C:\WINDOWS\system32\hphmon05.exe
C:\WINDOWS\system32\bak\ps2.exe | C:\WINDOWS\system32\ps2.exe
C:\Programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe | C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Canon\Easy-PrintToolBox\bak\BJPSMAIN.EXE | C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
C:\Programmi\Creative\Shared Files\bak\CAMTRAY.EXE | C:\Programmi\Creative\Shared Files\CAMTRAY.EXE
C:\Programmi\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\bak\hphupd05.exe | C:\Programmi\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
C:\Programmi\Network Associates\Common Framework\bak\UpdaterUI.exe | C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe
C:\Programmi\File comuni\Network Associates\TalkBack\bak\TBMon.exe | C:\Programmi\File comuni\Network Associates\TalkBack\TBMon.exe
C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe | C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\File comuni\Sonic\Update Manager\bak\sgtray.exe | C:\Programmi\File comuni\Sonic\
Update Manager\sgtray.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe | C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmi\HP\Digital Imaging\bin\bak\backupnotify.exe | C:\Programmi\HP\Digital Imaging\bin\backupnotify.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe | C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programmi\HP Pavilion PC Help\Pavilion\XPHWWBP4\plugin\bin\bak\PCHButton.exe | C:\Programmi\HP Pavilion PC Help\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe



Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente.

Posta il report che trovi in C:\avenger.txt
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi cavallitto » 19/04/07 18:52

Ciao a tutti,
anche io sono incappato in instantaccess.Sono riuscito ad eliminare l'icona con la sua destinazione e sembra che non tornino più.Ma il computer mi va lentissimo e facendo un scan on-line mi rileva un pò di file infetti.Vi posto i resoconti di awf e hijackthis,spero possiate aiutarmi.
Grazie a tutti...


Find AWF report by noahdfear ©2006


bak folders found
~~~~~~~~~~~

Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 0CA0-9CFA

Directory di C:\WINDOWS\BAK

09/06/2004 16.37 40.960 VM_STI.EXE
1 File 40.960 byte
2 Directory 6.088.146.944 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 0CA0-9CFA

Directory di C:\PROGRA~1\DAEMON~1\BAK

12/11/2006 12.48 157.592 daemon.exe
1 File 157.592 byte
2 Directory 6.088.146.944 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 0CA0-9CFA

Directory di C:\PROGRA~1\MSNMES~1\BAK

0 File 0 byte
2 Directory 6.088.142.848 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 0CA0-9CFA

Directory di C:\WINDOWS\SYSTEM32\BAK

09/07/2001 12.50 155.648 NeroCheck.exe
1 File 155.648 byte
2 Directory 6.088.142.848 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 0CA0-9CFA

Directory di C:\PROGRA~1\ANALOG~1\SOUNDMAX\BAK

30/05/2003 10.42 585.728 Smax4.exe
29/05/2003 17.28 790.528 SMax4PNP.exe
2 File 1.376.256 byte
2 Directory 6.088.142.848 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 0CA0-9CFA

Directory di C:\PROGRA~1\GRISOFT\AVGFRE~1\BAK

09/02/2007 10.21 411.648 avgcc.exe
1 File 411.648 byte
2 Directory 6.088.142.848 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 0CA0-9CFA

Directory di C:\PROGRA~1\JAVA\J2RE14~1.2_0\BIN\BAK

04/03/2005 21.01 32.881 jusched.exe
1 File 32.881 byte
2 Directory 6.088.142.848 byte disponibili
Il volume nell'unit… C non ha etichetta.
Numero di serie del volume: 0CA0-9CFA

Directory di C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\BAK

01/07/2002 10.50 28.672 EM_EXEC.EXE
1 File 28.672 byte
2 Directory 6.088.142.848 byte disponibili


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

24076 19 Apr 2007 "C:\WINDOWS\VM_STI.EXE"
40960 9 Jun 2004 "C:\WINDOWS\bak\VM_STI.EXE"
40960 9 Jun 2004 "C:\WINDOWS\OPTIONS\Install\VM_STI.EXE"
24076 19 Apr 2007 "C:\Programmi\DAEMON Tools\daemon.exe"
157592 12 Nov 2006 "C:\Programmi\DAEMON Tools\bak\daemon.exe"
24076 19 Apr 2007 "C:\WINDOWS\system32\NeroCheck.exe"
155648 9 Jul 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe"
24076 19 Apr 2007 "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe"
585728 30 May 2003 "C:\Programmi\Analog Devices\SoundMAX\bak\Smax4.exe"
24076 19 Apr 2007 "C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe"
790528 29 May 2003 "C:\Programmi\Analog Devices\SoundMAX\bak\SMax4PNP.exe"
411648 19 Apr 2007 "C:\Programmi\Grisoft\AVG7\avgcc.exe"
411648 9 Feb 2007 "C:\Programmi\Grisoft\AVG Free\bak\avgcc.exe"
32881 4 Mar 2005 "C:\j2sdk1.4.2_08\jre\bin\jusched.exe"
24076 19 Apr 2007 "C:\Programmi\Java\j2re1.4.2_08\bin\jusched.exe"
32881 4 Mar 2005 "C:\Programmi\Java\j2re1.4.2_08\bin\bak\jusched.exe"
24076 19 Apr 2007 "C:\Programmi\Logitech\MouseWare\system\EM_EXEC.EXE"
28672 1 Jul 2002 "C:\Programmi\Logitech\MouseWare\system\bak\EM_EXEC.EXE"


end of report

ecco l'altro

Logfile of HijackThis v1.99.1
Scan saved at 19.15.28, on 19/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\3Com_DMI\3CDMINIC.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\Comodo\Firewall\cmdagent.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmi\Spyware Doctor\svcntaux.exe
C:\Programmi\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Spyware Doctor\SDTrayApp.exe
C:\Programmi\Analog Devices\SoundMAX\bak\Smax4.exe
C:\windows\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\Comodo\Firewall\CPF.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\bak\EM_EXEC.EXE
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\Philips\SPC 300NC PC Camera\TrayMin300.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Documents and Settings\Cavallitto\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 66.212.225.28 http://www.pokerstars.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programmi\Free Download Manager\iefdmcks.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programmi\FlashFXP\IEFlash.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\bak\Smax4.exe" /tray
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CleanRegPath] C:\PROGRA~1\ADSLMO~1\CleanReg.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 300NC PC Camera
O4 - HKLM\..\Run: [xpzlaa.exe] C:\DOCUME~1\CAVALL~1\IMPOST~1\Temp\xpzlaa.exe
O4 - HKLM\..\Run: [updvjlcb] "c:\windows\system32\updvjlcb.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SDTray] "C:\Programmi\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programmi\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: TrayMin300.exe.lnk = ?
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Programmi\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Programmi\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Programmi\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Programmi\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://cavallitto.spaces.live.com//Phot ... nPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{33EBB275-650B-4FE6-ADBB-5B7E51B755D0}: NameServer = 85.37.17.39 151.99.125.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: 3Com DMI Agent (3ComDMIService) - 3Com Corporation - C:\WINDOWS\System32\3Com_DMI\3CDMINIC.EXE
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Programmi\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\swdsvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

:) :) :)
cavallitto
Newbie
 
Post: 3
Iscritto il: 19/04/07 18:41

Postdi Mikele46 » 20/04/07 14:11

posso analizzarti solo il log di Hijack comunque elimina questi...


O1 - Hosts: 66.212.225.28 http://www.pokerstars.com


O4 - HKLM\..\Run: [xpzlaa.exe] C:\DOCUME~1\CAVALL~1\IMPOST~1\Temp\xpzlaa.exe


O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)


O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)



questo è sconosciuto....quindi devi decidere tu se eliminarla io non conosco quello che hai nel tup pc :-)


O4 - HKLM\..\Run: [updvjlcb] "c:\windows\system32\updvjlcb.exe"
Avatar utente
Mikele46
Utente Senior
 
Post: 521
Iscritto il: 20/08/06 15:16
Località: Napoli

Postdi Tiseria » 20/04/07 15:43

cavallitto ha scritto:Ciao a tutti,
anche io sono incappato in instantaccess.Sono riuscito ad eliminare l'icona con la sua destinazione e sembra che non tornino più.Ma il computer mi va lentissimo e facendo un scan on-line mi rileva un pò di file infetti.Vi posto i resoconti di awf e hijackthis,spero possiate aiutarmi.
Grazie a tutti...


:) :) :)


Prova a fare una passata con Virit dal sito http://www.tgsoft.it
Tiseria
Utente Junior
 
Post: 97
Iscritto il: 09/03/05 15:23

Postdi cavallitto » 20/04/07 20:26

Ma come faccio ad eliminarli?
Grazie.
cavallitto
Newbie
 
Post: 3
Iscritto il: 19/04/07 18:41


Torna a Sicurezza e Privacy


Topic correlati a "Istant Access":


Chi c’è in linea

Visitano il forum: Nessuno e 115 ospiti