virus serwab?!?

[Luke57]

Ciao, senza antivirus nè protezione i log di hiajckthis diventano veri e propri colabrodi
Prova a scaricare questo antivirus versione free:
http://www.wininizio.it/forum/index.php?showtopic=45205
link e modalità d'uso

Scarica anche stinger 260:
http://vil.nai.com/vil/stinger/
è stand alone, non va installato.
Fai scansioni complete con entrambi, posta poi nuovo log.

[giova]

ho fatto tutto ciò che mi hai consigliato, e questa è la mia nuova situazione:

RemoveIT Pro XT2 - SE (Buld date: 2.8.2006) full information log file.
Generated at: 17/08/2006 on 16.03.01
Microsoft Windows XP Professional (Build 2600)
Author: Damjan Irgolic
http://www.incodesolutions.com
support@incodesolutions.com


You have some viruses in your computer.
Please Scan your computer with RemoveIT Pro to remove discovered viruses.
Virus list:
Infected with Win32.Random.Rbot
Infected with Win32.Random.Feebs
Infected with Sys32.WinNB57
Infected with Sys32.WinNB57
Infected with Sys32.WinNB57
Infected with Sys32.awtqn
Infected with Win32.Adware.Component
Infected with Win32.Trojan.Component
Infected with Sys32.WinNB**
Infected with Win32.Adware.UCmore

Running processes: (41)
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\R2lvdmFubmkgQ3Jpc3RpbmE\command.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\rundll32.exe
F:\Programmi\ScsiAccess.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Canon\CAL\CALMAIN.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
F:\Programmi\Digital Imaging\bin\hpotdd01.exe
C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
F:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
F:\Programmi\lg_fwupdate\fwupdate.exe
C:\WINDOWS\System32\XCSyncML.exe
C:\Programmi\FlyNet\CnxDslTb.exe
C:\WINDOWS\volume.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\System32\YSTEM3~1\chkdsk.exe
C:\PROGRA~1\FILECO~1\fqqf\fqqfm.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\PROGRA~1\FILECO~1\fqqf\fqqfa.exe
F:\Programmi\SetPoint\SetPoint.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE
C:\Programmi\File comuni\{1C47D828-0775-1040-1003-030310080027}\Update.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\rundll32.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\InCode Solutions\RemoveIT Pro XT2 - SE\removeit.exe

Startup files:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\CTFMON.EXE
[C:\WINDOWS\System32\ctfmon.exe]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MSMSGS
["C:\Programmi\Messenger\msmsgs.exe" /background]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\PowerBar
[]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
["C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Rmoe
["C:\WINDOWS\System32\YSTEM3~1\chkdsk.exe" -vt tzt]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\fqqf
[C:\PROGRA~1\FILECO~1\fqqf\fqqfm.exe]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Bjzoc
[C:\Programmi\??stem32\?serinit.exe]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ATIPTA
[C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\DeviceDiscovery
[F:\Programmi\Digital Imaging\bin\hpotdd01.exe]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\HP Software Update
["C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OpwareSE2
["C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\HPDJ Taskbar Utility
[C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\HPHUPD05
[F:\Programmi\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\HP Component Manager
["C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\HPHmon05
[C:\WINDOWS\System32\hphmon05.exe]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WinHound
[C:\Programmi\WinHound\WinHound.exe]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\dflnl.exe
[C:\WINDOWS\System32\dflnl.exe]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\RemoteControl
["F:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\LGODDFU
[F:\Programmi\lg_fwupdate\fwupdate.exe]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\hgqhp.exe
[C:\WINDOWS\System32\hgqhp.exe]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\NeroFilterCheck
[C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\XCSyncML
[C:\WINDOWS\System32\XCSyncML.exe]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\CnxDslTaskBar
["C:\Programmi\FlyNet\CnxDslTb.exe"]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\VolControl
[C:\WINDOWS\volume.exe -i]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched
[C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\defender
[C:\\dfndrff_11.exe]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\keyboard
[C:\\kybrdff_11.exe]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\newname
[C:\\nwnmff_11.exe]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\rtb1fdaa
[RUNDLL32.EXE w001944c.dll,n 0031fda70000000a001944c]

Detail report: (109)
Clsid c:\windows\system32\awtqn.dll[d4ddb9a57a87e07b0ac475b0862fcddd][573492]
Clsid C:\WINDOWS\System32\crypt32.dll[0b70aaadff1ea805eef7000263bc9333][558592]
Clsid C:\WINDOWS\System32\cryptnet.dll[6569866fa5f03bdefb136c72e7e112ee][53248]
Clsid C:\WINDOWS\System32\cscdll.dll[1202a489444d5dafde7d1f49ee4a690f][90112]
Clsid C:\WINDOWS\System32\ljjkifd.dll[b8a91fe5ae80c918cbafbcb5768d043c][38925]
Clsid C:\WINDOWS\System32\sclgntfy.dll[5131246f42fc9e79ffe965a7f26b0fe0][19456]
Clsid c:\windows\system32\stobject.dll[5b5c6f98fa0826d0784833947543cb06][118272]
Clsid c:\windows\system32\tcflog.dll[d41d8cd98f00b204e9800998ecf8427e][0]
Clsid C:\WINDOWS\System32\wlnotify.dll[0ba62da9d9a556f6d3bc778908fa5659][86528]
Clsid C:\WINDOWS\System32\y4332.dll[f46c610413c5285e66491cd2341c4412][4752]
Proc C:\PROGRA~1\FILECO~1\fqqf\fqqfa.exe[4ee62a126582a183be42269722920c81][17408]
Proc C:\PROGRA~1\FILECO~1\fqqf\fqqfm.exe[17bc9aa337c706ebe515df7ecfcae6e2][9216]
Proc C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe[86ac1442724f36f77ce400b5c7b0df92][335872]
Proc C:\Programmi\Canon\CAL\CALMAIN.exe[a9acc4b9730b6d5b0bb2bffdc53f0812][86606]
Proc C:\Programmi\File comuni\{1C47D828-0775-1040-1003-030310080027}\Update.exe[d65df6644f7b0811aec7f83ef8c4b128][110592]
Proc C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[cd4a2a655e4dc0018e71640f210c9f1c][94208]
Proc C:\Programmi\File comuni\LightScribe\LSSrvc.exe[9696786759c4b43fa5c894747e893ea2][73728]
Proc C:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE[f925daaa220b8533832ffd53f072e32e][28160]
Proc C:\Programmi\FlyNet\CnxDslTb.exe[f7898ab1d1157ff0e85fea3452745b8f][462848]
Proc C:\Programmi\HP\hpcoretech\hpcmpmgr.exe[b75b654ee1da99876461b24597ae3ff3][241664]
Proc C:\Programmi\InCode Solutions\RemoveIT Pro XT2 - SE\removeit.exe[1b5757479e3b34b3d7974bea4dc31027][546304]
Proc C:\Programmi\Internet Explorer\iexplore.exe[17057e4ca4adab51c6222f0003f27e33][91136]
Proc C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe[61a3a9d5d98bf0331df5b716144a8100][36975]
Proc C:\Programmi\Messenger\msmsgs.exe[10a98fa310d1b6664f999378efd031ba][1077277]
Proc C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[882539219b40107d5bc0557e0088dd79][49152]
Proc C:\WINDOWS\DvzCommon\DvzMsgr.exe[36ef69ed29bc4c35df9b494f95e7bf82][24576]
Proc C:\WINDOWS\Explorer.EXE[1597bc081cd26a36d727887279429c7a][1003520]
Proc C:\WINDOWS\R2lvdmFubmkgQ3Jpc3RpbmE\command.exe[3e2c234dde711c6754f2df994fb3cc94][293888]
Proc C:\WINDOWS\System32\Ati2evxx.exe[9c4fe91992c4465e36cd2063c8eaec28][282624]
Proc C:\WINDOWS\System32\ctfmon.exe[9e907ffd27e55a7c8b85843ed22767a7][13312]
Proc C:\WINDOWS\System32\hphmon05.exe[e0dc768efdcf4adadc99233c85c8c83f][491520]
Proc C:\WINDOWS\System32\HPZipm12.exe[901c43516504cbe582e4c4193e00876a][65536]
Proc C:\WINDOWS\system32\lsass.exe[12adb791cea13fe038d63979a5fcae43][11776]
Proc C:\WINDOWS\system32\rundll32.exe[cc334a046437eaba500e4fb2b5f2dc4a][31744]
Proc C:\WINDOWS\system32\services.exe[47d6b593dbc04c586afe1078118dcfc0][101888]
Proc C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe[31c21d0a32e06d7a5dddfce78414b2a0][176128]
Proc C:\WINDOWS\system32\spoolsv.exe[4a06d428bc79100f9f79516adbfe152c][51200]
Proc C:\WINDOWS\system32\svchost.exe[e65c61da8f552c16be0c62320f256882][12800]
Proc C:\WINDOWS\System32\wuauclt.exe[2127aabd5373182fb8f42b685166dfe0][113664]
Proc C:\WINDOWS\System32\XCSyncML.exe[35443018549a73b8458b3cd6ebf91f86][135168]
Proc C:\WINDOWS\System32\YSTEM3~1\chkdsk.exe[d690d4fa8229dacd910494e70fb6dc0d][71680]
Proc C:\WINDOWS\volume.exe[bb7350bee5a44bbab1239951636595bc][11096]
Proc F:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe[8fb740d758b14b1bc950cc347c21e461][32768]
Proc F:\Programmi\Digital Imaging\bin\hpotdd01.exe[7d750887e39563620bc5f057295a501d][40960]
Proc F:\Programmi\lg_fwupdate\fwupdate.exe[10eb7eb5b4e1b9c4392317d492f1749f][229376]
Proc F:\Programmi\ScsiAccess.exe[54196cdac7e1d81d71c652e100b99e77][181312]
Proc F:\Programmi\SetPoint\SetPoint.exe[ea26ccd4753382a44db846f10dc34010][438272]
RegRun c:\progra~1\fileco~1\fqqf\fqqfm.exe[17bc9aa337c706ebe515df7ecfcae6e2][9216]
RegRun c:\programmi\ati technologies\ati control panel\atiptaxx.exe[86ac1442724f36f77ce400b5c7b0df92][335872]
RegRun c:\programmi\file comuni\ahead\lib\nerocheck.exe[c93ab037a8c792d5f8a1a9fc88a7c7c5][155648]
RegRun c:\programmi\file comuni\ahead\lib\nmbgmonitor.exe[cd4a2a655e4dc0018e71640f210c9f1c][94208]
RegRun c:\programmi\flynet\cnxdsltb.exe[f7898ab1d1157ff0e85fea3452745b8f][462848]
RegRun c:\programmi\hewlett-packard\hp software update\hpwuschd2.exe[19b4cf5d39c66024ca40282bf458f2c4][49152]
RegRun c:\programmi\hp\hpcoretech\hpcmpmgr.exe[b75b654ee1da99876461b24597ae3ff3][241664]
RegRun c:\programmi\java\jre1.5.0_06\bin\jusched.exe[61a3a9d5d98bf0331df5b716144a8100][36975]
RegRun c:\programmi\messenger\msmsgs.exe [10a98fa310d1b6664f999378efd031ba][1077277]
RegRun c:\programmi\scansoft\omnipagese2.0\opwarese2.exe[882539219b40107d5bc0557e0088dd79][49152]
RegRun c:\windows\system32\ctfmon.exe[9e907ffd27e55a7c8b85843ed22767a7][13312]
RegRun c:\windows\system32\hphmon05.exe[e0dc768efdcf4adadc99233c85c8c83f][491520]
RegRun c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe[31c21d0a32e06d7a5dddfce78414b2a0][176128]
RegRun c:\windows\system32\xcsyncml.exe[35443018549a73b8458b3cd6ebf91f86][135168]
RegRun c:\windows\system32\ystem3~1\chkdsk.exe [d690d4fa8229dacd910494e70fb6dc0d][71680]
RegRun c:\windows\volume.exe [bb7350bee5a44bbab1239951636595bc][11096]
RegRun f:\programmi\{5372b9a6-6e51-4f90-9b40-e0a3b8475c4e}\hphupd05.exe[8449ff37309653e99a6f38aa5cb7cb78][49152]
RegRun f:\programmi\cyberlink dvd solution\powerdvd\pdvdserv.exe[8fb740d758b14b1bc950cc347c21e461][32768]
RegRun f:\programmi\digital imaging\bin\hpotdd01.exe[7d750887e39563620bc5f057295a501d][40960]
RegRun f:\programmi\lg_fwupdate\fwupdate.exe[10eb7eb5b4e1b9c4392317d492f1749f][229376]
Service c:\programmi\canon\cal\calmain.exe[a9acc4b9730b6d5b0bb2bffdc53f0812][86606]
Service c:\programmi\file comuni\adobe systems shared\service\adobelmsvc.exe[6dcbe41762cff1a00aaab4f5c07b5f28][72704]
Service c:\programmi\file comuni\lightscribe\lssrvc.exe[9696786759c4b43fa5c894747e893ea2][73728]
Service c:\programmi\nero\nero 7\nero backitup\nbservice.exe[7db7924793b9bd0ec991ad321664c486][208896]
Service c:\windows\downlo~1\qxqlb5\wo385te.exe[e90f35b2d0e9d133e66b434d7ce2feb3][57344]
Service c:\windows\r2lvdmfubmkgq3jpc3rpbme\command.exe[3e2c234dde711c6754f2df994fb3cc94][293888]
Service c:\windows\system32\alg.exe[f42e163ae91f81c12077aff17958d03b][40960]
Service c:\windows\system32\ati2evxx.exe[9c4fe91992c4465e36cd2063c8eaec28][282624]
Service c:\windows\system32\ati2sgag.exe[8b0acb9ad9d903e6e6b36c7667ca3664][114688]
Service c:\windows\system32\cisvc.exe[cc3326bceb3eb483fc9009ee8157cf60][5120]
Service c:\windows\system32\clipsrv.exe[b58526a600c0432556e367325a7f9f43][30720]
Service c:\windows\system32\dllhost.exe [ff21ffe05d7fbe3530da7a62558f868d][4608]
Service c:\windows\system32\dmadmin.exe [38a8d4f0ef1caecf5cbdc3025db3f45f][205312]
Service c:\windows\system32\hpzipm12.exe[901c43516504cbe582e4c4193e00876a][65536]
Service c:\windows\system32\imapi.exe[061b607294acc57f9df729533cf978f5][118784]
Service c:\windows\system32\locator.exe[2447a1bb9e75218356299d15f2089980][68096]
Service c:\windows\system32\lsass.exe[12adb791cea13fe038d63979a5fcae43][11776]
Service c:\windows\system32\mnmsrvc.exe[c41c17a16f60dc3aedfe47861fa4c91d][32768]
Service c:\windows\system32\msdtc.exe[eb31a912ea9cbf22fcd0c8341d0c34e3][6144]
Service c:\windows\system32\msiexec.exe [70aa92ecb069ecee5d379c04acbc5c0b][63488]
Service c:\windows\system32\netdde.exe[6b2be31ef6bfeeeac5671641d568e97d][108032]
Service c:\windows\system32\rsvp.exe[dce0d20f8fb66df41d53734bff9d66f0][132608]
Service c:\windows\system32\scardsvr.exe[03b2d624a7c42f88d3d14bf6739e60ee][95232]
Service c:\windows\system32\services.exe[47d6b593dbc04c586afe1078118dcfc0][101888]
Service c:\windows\system32\sessmgr.exe[5a124c95f9717254828283b2999a40a1][131072]
Service c:\windows\system32\smlogsvc.exe[3e9f5c1f44b24064aac3b316b9a89df7][89088]
Service c:\windows\system32\spoolsv.exe[4a06d428bc79100f9f79516adbfe152c][51200]
Service c:\windows\system32\svchost.exe [e65c61da8f552c16be0c62320f256882][12800]
Service c:\windows\system32\tlntsvr.exe[d49d99e55f940691cb31743b45768823][62464]
Service c:\windows\system32\ups.exe[642cffcba61ddd2bca8d349d7fb4b8b0][16384]
Service c:\windows\system32\vssvc.exe[428090dce6071e33d4a5d163c215abd8][279552]
Service c:\windows\system32\wbem\wmiapsrv.exe[f3f7d74fb50f68e9c6ebd205877460f4][117248]
Service f:\programmi\scsiaccess.exe[54196cdac7e1d81d71c652e100b99e77][181312]
Startup c:\documents and settings\all users\menu avvio\programmi\esecuzione automatica\desktop.ini[d6a6856702e3f0953e7246a9b4a9fe35][84]
Startup c:\documents and settings\giovanni\menu avvio\programmi\esecuzione automatica\desktop.ini[d6a6856702e3f0953e7246a9b4a9fe35][84]
Startup c:\programmi\adobe\acrobat 7.0\reader\reader_sl.exe[43362b96870ce8649f4f2ec893da93f0][29696]
Startup c:\programmi\file comuni\adobe\calibration\adobe gamma loader.exe[c2ff17734176cd15221c10044ef0ba1a][113664]
Startup c:\windows\dvzcommon\dvzmsgr.exe[36ef69ed29bc4c35df9b494f95e7bf82][24576]
Startup f:\programmi\desktop messenger\8876480\program\ldmconf.exe[9c964c7c72fd732b1a0eec80421edaed][450560]
Startup f:\programmi\microsoft office\office\osa9.exe[e40f34b5ae0554eed895b270a5b9914f][65588]
Startup f:\programmi\setpoint\setpoint.exe[ea26ccd4753382a44db846f10dc34010][438272]
System.ini c:\windows\system32\svchost.exe [e65c61da8f552c16be0c62320f256882][12800]

Startup folder: (8)
Startup name: Adobe Gamma.lnk
Command: C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
Startup name: desktop.ini
Command: C:\Documents and Settings\Giovanni\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
Startup name: Avvio veloce di Adobe Reader.lnk
Command: C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Startup name: DataViz Messenger.lnk
Command: C:\WINDOWS\DvzCommon\DvzMsgr.exe
Startup name: desktop.ini
Command: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
Startup name: Logitech Desktop Messenger.lnk
Command: F:\Programmi\Desktop Messenger\8876480\Program\LDMConf.exe
Startup name: Logitech SetPoint.lnk
Command: F:\Programmi\SetPoint\SetPoint.exe
Startup name: Microsoft Office.lnk
Command: F:\Programmi\Microsoft Office\Office\OSA9.EXE

Win.ini Startup: (1)
Path: No additional driver found!

Win.ini Startup: (1)
Path: No additional driver found!

Keyboard drivers: (1)
Name: No Keyboard Filter driver found!

Services: (88)
Service Name: Accesso periferica Human Interface [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Accesso rete [Stopped],
Path: C:\WINDOWS\System32\lsass.exe
Service Name: Accesso secondario [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Acquisizione di immagini di Windows (WIA) [Running],
Path: C:\WINDOWS\System32\svchost.exe -k imgsvc
Service Name: Adobe LM Service [Stopped],
Path: "C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe"
Service Name: Aggiornamenti automatici [Running],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Applicazione di sistema COM+ [Stopped],
Path: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Service Name: Archivi rimovibili [Stopped],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Archiviazione protetta [Running],
Path: C:\WINDOWS\system32\lsass.exe
Service Name: Ati HotKey Poller [Running],
Path: C:\WINDOWS\System32\Ati2evxx.exe
Service Name: ATI Smart [Stopped],
Path: C:\WINDOWS\system32\ati2sgag.exe
Service Name: Audio Windows [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Auto Connection Manager di Accesso remoto [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Avvisi [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k LocalService
Service Name: Avvisi e registri di prestazioni [Stopped],
Path: C:\WINDOWS\system32\smlogsvc.exe
Service Name: Browser di computer [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Canon Camera Access Library 8 [Running],
Path: C:\Programmi\Canon\CAL\CALMAIN.exe
Service Name: Client DHCP [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Client DNS [Running],
Path: C:\WINDOWS\System32\svchost.exe -k NetworkService
Service Name: ClipBook [Stopped],
Path: C:\WINDOWS\system32\clipsrv.exe
Service Name: Command Service [Running],
Path: C:\WINDOWS\R2lvdmFubmkgQ3Jpc3RpbmE\command.exe
Service Name: Compatibilità di Cambio rapido utente [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Condivisione desktop remoto di NetMeeting [Stopped],
Path: C:\WINDOWS\System32\mnmsrvc.exe
Service Name: Connection Manager di Accesso remoto [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Connessioni di rete [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Copia replicata del volume [Stopped],
Path: C:\WINDOWS\System32\vssvc.exe
Service Name: DDE di rete [Stopped],
Path: C:\WINDOWS\system32\netdde.exe
Service Name: DDE DSDM di rete [Stopped],
Path: C:\WINDOWS\system32\netdde.exe
Service Name: Distributed Transaction Coordinator [Stopped],
Path: C:\WINDOWS\System32\msdtc.exe
Service Name: Estensioni driver di Strumentazione gestione Windows [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Firewall della connessione Internet (ICF) / Condivisione connessione Internet (ICS) [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Gestione account di protezione (SAM) [Running],
Path: C:\WINDOWS\system32\lsass.exe
Service Name: Gestione applicazione [Stopped],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Gestione dischi logici [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Gestione sessione di assistenza mediante desktop remoto [Stopped],
Path: C:\WINDOWS\system32\sessmgr.exe
Service Name: Gruppo di continuità [Stopped],
Path: C:\WINDOWS\System32\ups.exe
Service Name: Guida in linea e supporto tecnico [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Helper NetBIOS di TCP/IP [Running],
Path: C:\WINDOWS\System32\svchost.exe -k LocalService
Service Name: Helper smart card [Stopped],
Path: C:\WINDOWS\System32\SCardSvr.exe
Service Name: Host di periferiche Plug and Play universali [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k LocalService
Service Name: LightScribeService Direct Disc Labeling Service [Running],
Path: C:\Programmi\File comuni\LightScribe\LSSrvc.exe
Service Name: Manutenzione collegamenti distribuiti client [Running],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Messenger [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: MS Software Shadow Copy Provider [Stopped],
Path: C:\WINDOWS\System32\dllhost.exe /Processid:{AB51922C-FCC4-4360-8F8D-8130A0F05CA7}
Service Name: NBService [Stopped],
Path: C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
Service Name: Network Monitor [Stopped],
Path: C:\Programmi\Network Monitor\netmon.exe service
Service Name: NLA (Network Location Awareness) [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Notifica eventi di sistema [Running],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Ora di Windows [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Plug and Play [Running],
Path: C:\WINDOWS\system32\services.exe
Service Name: Pml Driver HPZ12 [Running],
Path: C:\WINDOWS\System32\HPZipm12.exe
Service Name: Provider supporto protezione LM NT [Stopped],
Path: C:\WINDOWS\System32\lsass.exe
Service Name: QoS RSVP [Stopped],
Path: C:\WINDOWS\System32\rsvp.exe
Service Name: Registro di sistema remoto [Running],
Path: C:\WINDOWS\system32\svchost.exe -k LocalService
Service Name: Registro eventi [Running],
Path: C:\WINDOWS\system32\services.exe
Service Name: Rilevamento hardware shell [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Routing e Accesso remoto [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: RPC (Remote Procedure Call) [Running],
Path: C:\WINDOWS\system32\svchost -k rpcss
Service Name: RPC Locator [Stopped],
Path: C:\WINDOWS\System32\locator.exe
Service Name: Scheda WMI Performance [Stopped],
Path: C:\WINDOWS\System32\wbem\wmiapsrv.exe
Service Name: ScsiAccess [Running],
Path: F:\Programmi\ScsiAccess.exe
Service Name: Server [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Servizi di crittografia [Running],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Servizi IPSEC [Running],
Path: C:\WINDOWS\System32\lsass.exe
Service Name: Servizi terminal [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Servizio amministrativo di Gestione disco logico [Stopped],
Path: C:\WINDOWS\System32\dmadmin.exe /com
Service Name: Servizio COM di masterizzazione CD IMAPI [Stopped],
Path: C:\WINDOWS\System32\imapi.exe
Service Name: Servizio di indicizzazione [Stopped],
Path: C:\WINDOWS\System32\cisvc.exe
Service Name: Servizio di rilevamento SSDP [Running],
Path: C:\WINDOWS\System32\svchost.exe -k LocalService
Service Name: Servizio di segnalazione errori [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Servizio Gateway di livello applicazione [Running],
Path: C:\WINDOWS\System32\alg.exe
Service Name: Servizio nomi files [Stopped],
Path: C:\WINDOWS\Downlo~1\qxqlb5\wo385te.exe
Service Name: Servizio Numero di serie per dispositivi multimediali portatili [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Servizio Ripristino configurazione di sistema [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Servizio trasferimento intelligente in background [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Sistema di eventi COM+ [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: smart card [Stopped],
Path: C:\WINDOWS\System32\SCardSvr.exe
Service Name: Spooler di stampa [Running],
Path: C:\WINDOWS\system32\spoolsv.exe
Service Name: Strumentazione gestione Windows [Running],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Telefonia [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Telnet [Stopped],
Path: C:\WINDOWS\System32\tlntsvr.exe
Service Name: Temi [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Upload Manager [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Utilità di pianificazione [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: WebClient [Running],
Path: C:\WINDOWS\System32\svchost.exe -k LocalService
Service Name: Windows Installer [Stopped],
Path: C:\WINDOWS\System32\msiexec.exe /V
Service Name: Workstation [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Zero Configuration reti senza fili [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Finished...

[Luke57]

Ciao, invia un altro log di hiajckthis fatto in modalità normale.

[aievedrim]

sempre problemi con questo serwab..

aiutatemi

Logfile of HijackThis v1.99.1
Scan saved at 5.36.06, on 28/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\ewido anti-spyware 4.0\ewido.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\ricky\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\it.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Programmi\Deskbar\deskbar.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Virgilio Toolbar - {D3403F28-7D39-435F-A8CB-45016C29E48E} - C:\Programmi\Virgilio Toolbar\VirgilioBand.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [spywareremover] C:\Programmi\SpywareRemover\SpywareRemover.exe -boot
O4 - HKLM\..\Run: [!ewido] "C:\Programmi\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\it.htm
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\hr6u05j9e.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

[andorra24]

Ciao, come prima cosa lancia questo tool di rimozione dell'adware look2me perche' ne sei affetto:
http://www.atribune.org/content/view/28/

Adesso veniamo al log di hijackthis. Metti la spunta nella casellina accanto alle seguenti voci e dopo esserti disconnesso da internet e aver chiuso tutti i programmi aperti premi fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Programmi\Deskbar\deskbar.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Virgilio Toolbar - {D3403F28-7D39-435F-A8CB-45016C29E48E} - C:\Programmi\Virgilio Toolbar\VirgilioBand.dll (file missing)
O4 - HKLM\..\Run: [spywareremover] C:\Programmi\SpywareRemover\SpywareRemover.exe -boot
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\hr6u05j9e.dll

Disinstalla (se risulta installato) SpywareRemover perche' non e' affidabile.

Cerca ed elimina (se presenti) i seguenti files:
C:\Programmi\Deskbar\deskbar.dll (elimina anche l'intera cartella Deskbar)
C:\Programmi\SpywareRemover\SpywareRemover.exe (poi elimina anche la cartella SpywareRemover)
C:\WINDOWS\system32\hr6u05j9e.dll

[aievedrim]

PROBLEMA RISOLTO
TI RINGRAZIO MOLTISSIMO

[andorra24]

PROBLEMA RISOLTO
TI RINGRAZIO MOLTISSIMO

Molto bene.

[Mariuk]

Salve ragazzi, ho beccato anche io serwab e ho smanettato un po con antivirus e anti adware prima di trovarvi. Sembra che ho dei rimasugli di qualcosa in giro ma non riesco a trovarli, e soprattutto non riesco a levare il file c: dfndrff_e23

vi posto il log di hijack this, sperando che possa aiutare


Logfile of HijackThis v1.99.1
Scan saved at 11.32.12, on 06/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Logitech\Video\LogiTray.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\AGEIA Technologies\TrayIcon.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\dfndrff_e23.exe
C:\Programmi\File comuni\Teleca Shared\CapabilityManager.exe
C:\Programmi\Logitech\Video\FxSvr2.exe
C:\Programmi\File comuni\{C01542F1-0BAF-1040-0819-050116060027}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\programmi\valve\steam\steam.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Programmi\WiFiConnector\NintendoWFCReg.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Macromedia\Flash Communication Server MX\FlashComAdmin.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Programmi\Macromedia\Flash Communication Server MX\FlashCom.exe
C:\Programmi\File comuni\Teleca Shared\Generic.exe
C:\Programmi\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Documents and Settings\Mario\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nintendo.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~2\PRINTV~1\PRINTH~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmi\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmi\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Programmi\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programmi\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\RunOnce: [AAW] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\programmi\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: E3TV Tray App.lnk = ?
O4 - Startup: Eurobarre.lnk = C:\Programmi\eurobarre\eb.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Esegui il programma di registrazione della chiave USB Wi-Fi Nintendo.lnk = C:\Programmi\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: ImTranslator - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: ImTranslator - {AE436396-55E7-4ec4-AD6D-45E88A530A4C} - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html (HKCU)
O9 - Extra 'Tools' menuitem: ImTranslator - {AE436396-55E7-4ec4-AD6D-45E88A530A4C} - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html (HKCU)
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/in ... all_it.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d ... o-eula.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/ ... 2D2D2D.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://goblinfurioso.spaces.msn.com//Ph ... nPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/610481.exe
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab
O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77} - http://zllin.info/ism/us050/ism.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2934EA5-50EB-4041-91EA-7DFB1452DE43}: NameServer = 195.110.128.1,212.48.4.11
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Flash Communication Server (FlashCom) - Macromedia, Inc. - C:\Programmi\Macromedia\Flash Communication Server MX\FlashCom.exe
O23 - Service: Flash Communication Admin Service (FlashComAdmin) - Macromedia, Inc. - C:\Programmi\Macromedia\Flash Communication Server MX\FlashComAdmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: WindowsCommandsys (TiServ) - Unknown owner - C:\AppServ\www\Runtime.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

windows per ora è in modalità normale con il ripristino disattivato

[andorra24]

Ciao, Apri hijackthis, premi su ''open the misc tools section'', poi premi ''open process manager'', individua le voci indicate sotto e premi ''kill process'':

C:\dfndrff_e23.exe
C:\Programmi\File comuni\{C01542F1-0BAF-1040-0819-050116060027}\Update.exe

Poi vai in basso e premi il tasto back e subito dopo il tasto scan. Metti la spunta nella casellina accanto alle voci indicate sotto e premi ''fix checked'' :

O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~2\PRINTV~1\PRINTH~1.DLL
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/in ... all_it.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d ... o-eula.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/ ... 2D2D2D.exe
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/610481.exe
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab
O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77} - http://zllin.info/ism/us050/ism.exe
O23 - Service: WindowsCommandsys (TiServ) - Unknown owner - C:\AppServ\www\Runtime.exe (file missing)

Vai su start/risorse del computer/strumenti/opzioni cartella/visualizzazione e metti la spunta su visualizza cartelle file nascosti e togli la spunta da ''nascondi i file protetti di sistema''.

Scarica killbox da qui: http://www.killbox.net/downloads/KillBox.exe
Elimina i seguenti files:
C:\dfndrff_e23.exe
C:\Programmi\File comuni\{C01542F1-0BAF-1040-0819-050116060027}\Update.exe
C:\PROGRA~2\PRINTV~1\PRINTH~1.DLL (elimina la cartella PRINTVIEW)
C:\AppServ\www\Runtime.exe (elimina la cartella AppServ)

Fai una scansione con superantispyware:
http://www.superantispyware.com/downloa ... PYWAREFREE

[zorro12342004]

Diabolico Andorra 24 sei un diavoletto complimenti ,é il mio primo forum,quindi scusatemi se non controllo bene le mie azioni
HO UNA DOMANDA DA PORRE :Il mio pc da tempo si connette automaticamente ad un numero 899 ma non riesco a capire come faccia, ho controllato tutto connessioni diverse dalla mia programmi programmini scaricati , ho anche eliminato dopo molte fatiche un file che si riproduce automaticamente si chiama XRYC:EXE ma nulla da fare non riesco a tracciare questa maledetta connessione.
esiste un programma capace di risolvere il problema?
dopo di questo ho installato SPYBOOT e NOD 32 ho eliminato molti cavallucci ma non dialer e il pc continua a connettersi all'899
AIUTOOOOOO!!!!!!!!!!!!!!!!!!!

[Jaffaht]

Salve a tutti, mi chiamo yoel ed essendo affetto da questo serwab, ho cercato su google e ho trovato voi.

Mi sono iscritto APPOSTA(scusate l'"arroganza") ma davvero non so più come fare.
Prima di scrivere qui adesso, ho scaricato ben 2 antivirus(ho fatto due scan con antivir e uno online su un sito francese che mi ha rivelato ben 26 trojan ma non ha potuto eliminarli perchè in uso, d'oh!)
Quindi ho cercato di fare il possibile: ho scaricato un programmino per eliminare i file temporanei ed i cookies, vedendo che parecchi virus erano lì, qualcosa è successo ma non tanto. Quindi come via definitiva ho disinstallato msn messenger(ho ricevuto il virus da lì e l'ho "mandato" tramite msn stesso) e Firefox(all'apertura apre sul desktop 4 file "misteriosi"...)

Il problema però persiste: l'apertura di pagine di browser(sia firefox che IE) incontrollata e piuttosto fastidiosa(durante questo post già due volte). Inoltre ho paura a riaprire messenger(anche se è la nuova versione ora, Live!) perchè potrei riinviare a tutti i miei contatti sto maledetto.

Ho anche scaricato Hijackthis ma perfavore ne capisco poco e il poco che ho capito è: "fatti aiutare".

Spero mi possiate aiutare, grazie in anticipo.

[Jaffaht]

Ragazzi la situazione si sta aggravando, e tanto anche:

1)Il PC diventa estremamente lento in qualsiasi processo, e la maggior parte dei programmi quando parte già dice "Non risponde"

2)Ogni volta che elimino un virus(16 rilevati appena acceso) se ne forma subito un altro e il "detection" si blocca.

Spero mi sappiate aiutare il prima possibile davvero.

[sine_moi2]

ciao, sto avendo lo stesso problema, ecco il mio .log, cs dv fare????

Logfile of HijackThis v1.99.0
Scan saved at 15.48.36, on 09/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\system32\lsyss.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drivers\svc\spoolsv.exe
C:\Programmi\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\alrs.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programmi\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\Programmi\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\winsis32.exe
C:\WINDOWS\System32\winsi32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programmi\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
c:\windows\pwr.exe
c:\windows\pwr.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\winsysdir.exe
c:\windows\pwr.exe
c:\windows\pwr.exe
c:\windows\pwr.exe
c:\windows\pwr.exe
c:\windows\pwr.exe
c:\windows\pwr.exe
c:\windows\pwr.exe
c:\windows\pwr.exe
c:\windows\pwr.exe
c:\windows\pwr.exe
C:\Programmi\Microsoft Office\Office10\WINWORD.EXE
c:\windows\pwr.exe
C:\Documents and Settings\LUCA\Impostazioni locali\Temp\Directory temporanea 8 per hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.email.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Programmi\Deskbar\deskbar.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\System32\tuvtqqp.dll
O2 - BHO: (no name) - {E22C51F5-7ABC-4F67-886E-C517EA6BB8D1} - C:\WINDOWS\System32\pmnli.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programmi\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programmi\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmi\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [CamMonitor] C:\Programmi\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] winsis32.exe
O4 - HKLM\..\Run: [usbn] C:\WINDOWS\system32\usbn.exe -go -c77 -w
O4 - HKLM\..\Run: [Window_Protect] winsi32.exe
O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\System32\ntsystem.exe
O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] winsis32.exe
O4 - HKLM\..\RunServices: [Window_Protect] winsi32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NTSF MICROSOFT SYSTEM] winsis32.exe
O4 - HKCU\..\Run: [Window_Protect] winsi32.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programmi\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Startup: iMesh.lnk = C:\Programmi\iMesh\Client\iMeshClient.exe
O4 - Global Startup: GStartup.lnk = C:\Programmi\File comuni\GMT\GMT.exe
O4 - Global Startup: Windows Update.hta
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://C:oo.mht!http://198.88.20.155/targ.chm::/win32.exe
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPU ... 10,0,911,0
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.virgilio.it/downloa ... ctiveX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C5B72CC-B7C0-41E2-93DE-5F5EA0C657D4}: NameServer = 193.12.150.2 212.247.152.2
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Microsoft Windows System32 - Unknown - C:\WINDOWS\winsysdir.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Panda Firewall Service - Unknown - C:\Programmi\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service - Unknown - C:\Programmi\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
O23 - Service: Remote Plugin Service - Unknown - C:\WINDOWS\system32\lsyss.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Microsoft Windows Als Service - Unknown - C:\WINDOWS\alrs.exe

ciao e grazie

[andorra24]

sine_moi2 hai parecchie infezioni nel pc. Fai alcune scansioni e dopo riposta un nuovo log di hijackthis:

http://www.superantispyware.com/downloa ... PYWAREFREE
http://www.ewido.net/en/onlinescan/
http://collectiontricks.p2pforum.it/mod ... idedito=23

[sine_moi2]

si, ho visto, e cmq sn riuscito ad eliminare x ora con AVG 27 troian, xò ora mi da problemi proprio hijackthis, mi fa lo scan am quando vado a salvere il .log si kiude da solo, mi puoi dire intato dal vekkoo elenco quali dv eliminare????

mille grazie davvero^^

[andorra24]

@sine_moi2

Apri hijackthis, premi su ''open the misc tools section'', poi premi ''open process manager'', individua le voci indicate sotto e premi ''kill process'':

C:\WINDOWS\system32\lsyss.exe
C:\WINDOWS\alrs.exe
C:\WINDOWS\System32\winsis32.exe
C:\WINDOWS\System32\winsi32.exe
c:\windows\pwr.exe
C:\WINDOWS\winsysdir.exe

Poi vai in basso e premi il tasto back e subito dopo il tasto scan. Metti la spunta nella casellina accanto alle voci indicate sotto e premi ''fix checked'' :

R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Programmi\Deskbar\deskbar.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\System32\tuvtqqp.dll
O2 - BHO: (no name) - {E22C51F5-7ABC-4F67-886E-C517EA6BB8D1} - C:\WINDOWS\System32\pmnli.dll
O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] winsis32.exe
O4 - HKLM\..\Run: [usbn] C:\WINDOWS\system32\usbn.exe -go -c77 -w
O4 - HKLM\..\Run: [Window_Protect] winsi32.exe
O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\System32\ntsystem.exe
O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] winsis32.exe
O4 - HKLM\..\RunServices: [Window_Protect] winsi32.exe
O4 - HKCU\..\Run: [NTSF MICROSOFT SYSTEM] winsis32.exe
O4 - HKCU\..\Run: [Window_Protect] winsi32.exe
O4 - Startup: iMesh.lnk = C:\Programmi\iMesh\Client\iMeshClient.exe
O4 - Global Startup: GStartup.lnk = C:\Programmi\File comuni\GMT\GMT.exe
O4 - Global Startup: Windows Update.hta
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://C:oo.mht!http://198.88.20.155/targ.chm::/win32.exe
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll
O23 - Service: Microsoft Windows System32 - Unknown - C:\WINDOWS\winsysdir.exe
O23 - Service: Remote Plugin Service - Unknown - C:\WINDOWS\system32\lsyss.exe
O23 - Service: Microsoft Windows Als Service - Unknown - C:\WINDOWS\alrs.exe

Vai su start/risorse del computer/strumenti/opzioni cartella/visualizzazione e metti la spunta su visualizza cartelle file nascosti e togli la spunta da ''nascondi i file protetti di sistema''.

Scarica killbox da qui: http://www.killbox.net/downloads/KillBox.exe
Elimina i seguenti files:
C:\WINDOWS\system32\lsyss.exe
C:\WINDOWS\alrs.exe
C:\WINDOWS\System32\winsis32.exe
C:\WINDOWS\System32\winsi32.exe
c:\windows\pwr.exe
C:\WINDOWS\winsysdir.exe
C:\Programmi\Deskbar\deskbar.dll (elimina l'intera cartella Deskbar)
C:\WINDOWS\System32\tuvtqqp.dll
C:\WINDOWS\System32\pmnli.dll
C:\WINDOWS\system32\usbn.exe
C:\WINDOWS\System32\ntsystem.exe
C:\Programmi\File comuni\GMT\GMT.exe (elimina la cartella GMT)
C:\WINDOWS\System32\vbsys2.dll

Comunque e' fondamentale che tu faccia le scansioni che ti ho linkato in precedenza perche' hai davvero una marea di infezioni nel pc.

[sine_moi2]

grazie andorra, facendo alcune scansioni cn avg, eliminando 20 trojan e seguendo le istruzioni ke mi hai impartito il problema sembra essersi risolto, anche se con killbox non sono riuscito ad eliminare le seguenti voci :

c:\windows\pwr.exe
C:\WINDOWS\System32\tuvtqqp.dll
C:\WINDOWS\System32\pmnli.dll

aspetto tue risposte e grazie di tutto

[andorra24]

scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip
Decomprimi l'archivio

Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla la scritta in neretto:

Files to delete:
c:\windows\pwr.exe
C:\WINDOWS\System32\tuvtqqp.dll
C:\WINDOWS\System32\pmnli.dll

Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente.
Nel file C:\Avenger.txt vedrai se questi 3 files sono stati eliminati.

[sine_moi2]

fatto andorra, missione compiuta.....grazie di tutto, specialmente per la pazienza....ciao ciao

[sine_moi2]

andorra, mi dispiace disturbarti ankora, ma il file pwr.exe mi si rigenera sempre......come faccio ad eliminarlo completamente??
ti metto qui sotto la mia ultima scansione

Logfile of HijackThis v1.99.0
Scan saved at 18.16.39, on 10/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\csscv.exe
C:\WINDOWS\system32\lscas.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\dfndrff_e26.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Messenger\msmsgs.exe
C:\Documents and Settings\LUCA\Impostazioni locali\Temp\Directory temporanea 23 per hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.email.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programmi\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [CamMonitor] C:\Programmi\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e26.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e26.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programmi\Yahoo!\Messenger\ypager.exe" -quiet
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPU ... 10,0,911,0
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.virgilio.it/downloa ... ctiveX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C5B72CC-B7C0-41E2-93DE-5F5EA0C657D4}: NameServer = 193.12.150.2 212.247.152.2
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Remote Administrator Services - Unknown - C:\WINDOWS\system32\lscas.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe


aspetto tue risposte grazie