icone e1xplorer e finestra verde archiviosex

di **muffo** » 18/04/06 18:04

Ciao a tutti, dopo diverse scansioni con norton2005, webroot spy sweeper e spybot, mi rimangono delle icone "e1xplorer" in ogni parte del pc che non riesco a eliminare e, all'avvio mi appare sempre una finestra verde archiviosex.net, in più ho un messaggio costante di "virus alert!" in basso a destra sulla barra delle applicazioni..
mi potete dare una mano con parole semplici?
grazie mille

di **Dylan666** » 18/04/06 18:15

Cerca archiviosex.net in questo forum

di **muffo** » 18/04/06 18:33

Grazie Dylan, tutti mi nominano wuesto HijackThis, ma dove lo trovo??

di **Luke57** » 18/04/06 18:40

Ciao, qui lo scarichi:
http://www.pc-facile.com/HijackThis_s267/
poi scompatti il file .zip e metti l'eseguibile (.exe) in una cartella del disco fisso appositamente dedicata, tipo C\HJT, in modo che il programma possa fare un backup delle voci eventualmente rimosse.
Apri il programma, clcicchi su " do a system scan and save a log file", attendi l'elaborazione di un file di testo, selezioni e copi tutto il testo, posti il testo medesimo nel forum.

di **muffo** » 18/04/06 18:53

Ti ringrazio, copio sotto tutto quanto, ora che faccio??

Logfile of HijackThis v1.99.1
Scan saved at 19.52.34, on 18/04/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\WINNT\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Trust\WB-3500T USB2 Webcam\SnapTrap.exe
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\WINNT\System32\sysmon.exe
C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\mioengine.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINNT\System32\wuauclt.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [STICAP] C:\Programmi\Trust\WB-3500T USB2 Webcam\SnapTrap.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [Systems] C:\WINNT\System32\sysmon.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [DW4] "C:\Programmi\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - Startup: My 190.it.lnk = C:\Documents and Settings\nicola\Dati applicazioni\mioObjects\[objects]\69GWEU9386MTAR08.mio
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Spy Sweeper Fix.lnk = C:\Programmi\Webroot\Spy Sweeper\SpySweeperFix.bat
O8 - Extra context menu item: &Cerca con Google - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://C:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Link a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .pdf: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: http://www.1987324.com
O15 - Trusted Zone: http://www.archiviosex.net
O15 - Trusted Zone: http://www.otherchance.com
O15 - Trusted Zone: http://www.redfunny.com
O15 - Trusted Zone: http://www.sgrunt.biz
O15 - Trusted Zone: http://www.superspots.biz
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9925362144
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.66.155.171.43.downloads.estara ... 7OneCC.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5EC7012D-95A3-4B41-96C8-BF06A0D51C30}: NameServer = 213.205.36.70 213.205.32.70
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4F7069E-E56B-4500-8481-6D1C5E3881E5}: NameServer = 193.70.192.25,193.70.152.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{5EC7012D-95A3-4B41-96C8-BF06A0D51C30}: NameServer = 213.205.36.70 213.205.32.70
O18 - Protocol: bw+0 - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {D5CFEF8B-C209-414D-9066-BB49618933C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe

di **Luke57** » 18/04/06 19:16

Ciao, scarica deldomains da qui:
http://www.mvps.org/winhelp2002/DelDomains.inf
e metti il file .inf sul desktop
Apri hijackthis, clicchi “open the misc tools section”, “open process manager”, cerchi ed evidenzi i seguenti processi (se ci sono):
C:\WINNT\System32\sysmon.exe
Clicchi kill process
Torni al menu principale con back, premi scan cerchi e spunti le seguenti voci:
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll (file missing)
O4 - HKLM\..\Run: [Systems] C:\WINNT\System32\sysmon.exe
Tutte le voci 015
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.66.155.171.43.downloads.estara ... 6657&sessi onid=543619167_66.155.171.43_42422&=&req=1143124897797OneCC.cab
La voce 018 presumo che sia una sola…..
Premi” fix checked”
riparti in modalità provvisoria:
(Avviare il computer.Subito dopo il calcolo della RAM e prima che inizi a caricarsi Windows, iniziare a premere ripetutamente il tasto F8 sulla tastiera. Continuare a farlo fino a visualizzare il menu Opzioni avanzate di Windows. Usando i tasti freccia sulla tastiera, scorrere le opzioni e selezionare il menu Modalità Provvisoria, quindi premere Invio)
rendi visibili file e cartelle nascosti:
Seleziona strumenti>Opzioni Cartella
Seleziona Visualizza
Spunta "mostra file e cartelle nascoste"
Togli la spunta da "nascondi file di sistema protetti"
Click OK
Esegui deldomains con un click con il tasto dx sul file .inf e scegli Installa.
Cerchi poi ed elimini i seguenti file:
C:\WINNT\System32\sysmon.exe
Elimina poi tutti i file temporanei di windows temp e tmp (da start>cerca>tutti i file e cartelle, copi e incolli: *.temp;*.tmp, ed elimini tutti quelli trovati)
sulle opzioni Internet cancella la cache di IE ( sull’opzione elimina file temporanei spunta anche “elimina il contenuto non in linea”, i cookies, cronologia)
svuota il cestino.

di **muffo** » 18/04/06 19:52

no, di voci 018 ce ne sono parecchie, le devo spuntare?

di **muffo** » 18/04/06 20:31

Ok, ho seguito le istruzioni e sembra sia sparito tutto, tranne il messaggio di avviso "virus alert!" in basso a destra della barra di applicazioni che continua a dirmi "your computer is infected" e se ci clicco mi apre una pagina sul sito spywarequake

di **Dylan666** » 18/04/06 22:19

Ogni volta che elimini delle voci dopo devi resettare e trascriverci un nuovo log

di **muffo** » 18/04/06 23:21

scusate... ecco il nuovo log...

Logfile of HijackThis v1.99.1
Scan saved at 0.21.06, on 19/04/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\svchost.exe
C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Trust\WB-3500T USB2 Webcam\SnapTrap.exe
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\mioengine.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINNT\System32\wuauclt.exe
C:\HJT\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [STICAP] C:\Programmi\Trust\WB-3500T USB2 Webcam\SnapTrap.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [DW4] "C:\Programmi\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - Startup: My 190.it.lnk = C:\Documents and Settings\nicola\Dati applicazioni\mioObjects\[objects]\69GWEU9386MTAR08.mio
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Spy Sweeper Fix.lnk = C:\Programmi\Webroot\Spy Sweeper\SpySweeperFix.bat
O8 - Extra context menu item: &Cerca con Google - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://C:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Link a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .pdf: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9925362144
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5EC7012D-95A3-4B41-96C8-BF06A0D51C30}: NameServer = 213.205.36.70 213.205.32.70
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4F7069E-E56B-4500-8481-6D1C5E3881E5}: NameServer = 193.70.192.25,193.70.152.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{5EC7012D-95A3-4B41-96C8-BF06A0D51C30}: NameServer = 213.205.36.70 213.205.32.70
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe

di **Luke57** » 19/04/06 07:23

muffo ha scritto:Ok, ho seguito le istruzioni e sembra sia sparito tutto, tranne il messaggio di avviso "virus alert!" in basso a destra della barra di applicazioni che continua a dirmi "your computer is infected" e se ci clicco mi apre una pagina sul sito spywarequake

Ciao, usa questo per spywarequake:
http://www.superadblocker.com/

di **muffo** » 20/04/06 12:40

Grazie mille, penso di aver risolto tutto, siete fantastici!!!

di **td_2200** » 21/04/06 09:25

Ciao a tuti... mi trovo nella stessa situazione...
sono indeciso riguardo ai file da eliminare...
sono bastati a infettarmi il sistema i pochi minuti necessari a scaricare il AVG e Kerio... :aaah

Allego....

Logfile of HijackThis v1.99.1
Scan saved at 10.17.32, on 21/04/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\explorer.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
F:\WINDOWS\system\svchost.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE
F:\WINDOWS\System32\ctfmon.exe
F:\Programmi\Mozilla Firefox\firefox.exe
F:\Hjack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.1987324.com?299
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: Shell=explorer.exe "F:\Programmi\File comuni\Microsoft Shared\Web Folders\ibm00021.exe"
F2 - REG:system.ini: UserInit=F:\WINDOWS\System32\userinit.exe,F:\WINDOWS\system\svchost.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Yahoo! Messenger] lbqv.exe
O4 - HKLM\..\Run: [Microsoft SDKb] winsqa.exe
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Microsoft (R) Windows Network Mapping Service] F:\WINDOWS\system\svchost.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Systems] F:\WINDOWS\System32\spoolsvc.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\RunServices: [Yahoo! Messenger] lbqv.exe
O4 - HKLM\..\RunServices: [Microsoft SDKb] winsqa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft SDKb] winsqa.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{01F56D1C-851B-489A-98C1-D9B8C524D001}: NameServer = 193.70.152.15 193.70.152.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{01F56D1C-851B-489A-98C1-D9B8C524D001}: NameServer = 193.70.152.15 193.70.152.25
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - F:\WINDOWS\System32\hwclock.exe (file missing)
O23 - Service: Windows Network Mapping Service (NetMap) - Unknown owner - F:\WINDOWS\system\svchost.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WsSec(wssec) (WsSec) - Unknown owner - F:\WINDOWS\system32\wssec.exe (file missing)

Grrrrrrazieeeee!!!!!

di **Luke57** » 21/04/06 10:06

Ciao, stampa la pagine, le istruzioni sono lunghe

scarica Cwshredder da qui:
http://www.trendmicro.com/ftp/products/ ... redder.exe
Avvia Hijackthis e cliccando su “open the misc tools selection” poi su “open process manager”, individui il processo, se c’è
F:\WINDOWS\system\svchost.exe
Clicchi kill process
Torni al menu principale, premi “scan”, cerchi e spunti le seguenti voci:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.1987324.com?299
F2 - REG:system.ini: Shell=explorer.exe "F:\Programmi\File comuni\Microsoft Shared\Web Folders\ibm00021.exe
F2 - REG:system.ini: UserInit=F:\WINDOWS\System32\userinit.exe,F:\WINDOWS\system\svchost.exe
O4 - HKLM\..\Run: [Yahoo! Messenger] lbqv.exe
O4 - HKLM\..\Run: [Microsoft SDKb] winsqa.exe
O4 - HKLM\..\Run: [Systems] F:\WINDOWS\System32\spoolsvc.exe
O4 - HKLM\..\Run: [Microsoft (R) Windows Network Mapping Service] F:\WINDOWS\system\svchost.exe
O4 - HKLM\..\RunServices: [Yahoo! Messenger] lbqv.exe
O4 - HKLM\..\RunServices: [Microsoft SDKb] lbqv.exe.exe
O4 - HKLM\..\RunServices: [Microsoft SDKb] winsqa.exe
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - F:\WINDOWS\System32\hwclock.exe (file missing)
O23 - Service: WsSec(wssec) (WsSec) - Unknown owner - F:\WINDOWS\system32\wssec.exe (file missing)
Premi “fix checked”
Vai su:
Start>esegui>sc stop hwclock (lo scrivi nello spazio bianco)>OK
Start>esegui>sc delete hwclock (lo scrivi nello spazio bianco)>OK
Start>esegui>sc stop WsSec (lo scrivi nello spazio bianco)>OK
Start>esegui>sc delete WsSec (lo scrivi nello spazio bianco)>OK
Riavvia in modalità provvisoria
(A. Avviare il computer.Subito dopo il calcolo della RAM e prima che inizi a caricarsi Windows, iniziare a premere ripetutamente il tasto F8 sulla tastiera. Continuare a farlo fino a visualizzare il menu Opzioni avanzate di Windows. Usando i tasti freccia sulla tastiera, scorrere le opzioni e selezionare il menu Modalità Provvisoria, quindi premere Invio)
Chiudi tutti i programmi, compreso l’antivirus, ed esegui CWShredder.exe (scegli “Fix”, non “Scan only”)
Rendi visibili file e cartelle nascosti (vai in start>impostazioni>pannello di controllo>opzioni cartella, e clicca su "visualizzazione". Seleziona "visualizza file e cartelle nascosti", "visualizza il contenuto delle cartelle di sistema" e deseleziona "nascondi file protetti e di sistema". Clicca su OK., cerchi ed elimini i seguenti file ( se ci sono):
F:\WINDOWS\system\svchost.exe
F:\WINDOWS\System32\spoolsvc.exe
lbqv.exe (da cercare)
lbqv.exe (da cercare)
F:\WINDOWS\System32\hwclock.exe
F:\WINDOWS\system32\wssec.exe
Poi elimina tuttii file temporanei di windows (temp e tmp, fai così start>cerca>tutti i file e cartelle, nello spazio bianco “nome del file o parte del nome” copi : *.temp; *.tmp ed elimini tutti quelli trovati), da opzioni internet cancelli tutti i file temporanei di IE (anche quelli non in linea), cronologia, cookies;
svuoti il cestino.
Da pannello di controllo, installazioni\applicazioni, cerchi ed elimini tutti i programmi che non hai installato tu.
Posta nuovo log per controllo

di **td_2200** » 21/04/06 13:58

parrebbe essere tutto ok...

Logfile of HijackThis v1.99.1
Scan saved at 14.57.10, on 21/04/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
F:\Programmi\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\Programmi\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE
F:\WINDOWS\System32\ctfmon.exe
F:\Programmi\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
F:\Hjack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft SDKb] winsqa.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\WINDOWS\web\related.htm
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - F:\Programmi\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: Windows Network Mapping Service (NetMap) - Unknown owner - F:\WINDOWS\system\svchost.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe

di **Luke57** » 22/04/06 07:59

Ciao, è rimasto questo
O4 - HKCU\..\Run: [Microsoft SDKb] winsqa.exe
fissalo con hijackthis.
Poi scarica stinger 260 da qui:
http://vil.nai.com/vil/stinger/
( è standalone non va installato) e fai una scansione dalla modalità provvisoria
Fai poi una scansione on line qui:
http://www.kaspersky.com/downloads/kws/kavwebscan.html

di **Hil215** » 23/04/06 11:00

Ciao ragazzi anche io ho lo stesso problema da un paio di giorni ho scansionato con ad aware, search & destroy, avg..
vi posto il log di hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 11.52.14, on 23/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\siswlsvc.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\cmutil60.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Programmi\Winamp3\winampa.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia Premium\EDICT.EXE
C:\Programmi\File comuni\Windows\services32.exe
C:\WINDOWS\system32\cmd.exe
C:\Programmi\File comuni\services.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Utente\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Shorty - {11A4CA8C-A8B9-49c2-A6D3-3F64C9EEBAE6} - C:\Programmi\DNS\Catcher.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [86d0de93c82d] C:\WINDOWS\system32\cmutil60.exe
O4 - HKLM\..\Run: [pfsvgae] C:\Program Files\pfsvgae.exe
O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Programmi\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [rzycau] C:\WINDOWS\system32\iksukkz.exe r
O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [services32] C:\Programmi\File comuni\Windows\mc-58-12-0000137.exe
O4 - HKCU\..\Run: [DNS] C:\Programmi\File comuni\mc-58-12-0000137.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O15 - Trusted Zone: http://www.1987324.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5248AA54-F53A-4620-BFD6-CB800CBAD726}: NameServer = 62.211.69.150 212.48.4.15
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winozn32 - C:\WINDOWS\SYSTEM32\winozn32.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\WINDOWS\system32\siswlsvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe

ditemi voi cosa devo fare..
grazie

di **davipo** » 23/04/06 14:07

Ciao, ho anch'io il problema di archiviosex.net, questo è il mio log:

Logfile of HijackThis v1.99.1
Scan saved at 14.29.27, on 23/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
F:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
F:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
F:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
F:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\CTsvcCDA.EXE
F:\Programmi\ewido anti-malware\ewidoctrl.exe
F:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
F:\Programmi\Norton AntiVirus\navapsvc.exe
F:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
F:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe
F:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
F:\Programmi\Analog Devices\SoundMAX\smax4.exe
F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\matteo\Messenger Plus! 3\MsgPlus.exe
F:\Programmi\QuickTime\qttask.exe
C:\matteo\Java\jre1.5.0_02\bin\jusched.exe
F:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
F:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
F:\Programmi\File comuni\Symantec Shared\ccApp.exe
F:\WINDOWS\system32\spoolsvc.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Programmi\Messenger\msmsgs.exe
F:\Programmi\Internet Explorer\iexplore.exe
F:\Programmi\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
F:\Programmi\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
F:\Programmi\MSN Messenger\msnmsgr.exe
F:\Program Files\FinePixViewer\QuickDCF.exe
F:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\davide\Boinc\boincmgr.exe
F:\PROGRA~1\INCRED~1\bin\IMApp.exe
F:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\davide\Boinc\boinc.exe
F:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
F:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
F:\Programmi\Hewlett-Packard\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\MATTEO\MOZILLA\FIREFOX.EXE
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... x_homepage
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - F:\Programmi\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\programmi\google\googletoolbar2.dll
O2 - BHO: (no name) - {B54857DF-4373-58C6-E9E9-2A784E9E6D47} - F:\DOCUME~1\davide\DATIAP~1\IDOLBO~1\five title.exe (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - F:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Diagnostica SpeedTouch USB] "F:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [PinnacleDriverCheck] F:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [SoundMAXPnP] F:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "F:\Programmi\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [REGSHAVE] F:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [MessengerPlus3] "C:\matteo\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\matteo\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Programmi\D-Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [Beep Drive Sect Dupe] F:\Documents and Settings\All Users\Dati applicazioni\Logo Bleh Beep Drive\LoveAudio.exe
O4 - HKLM\..\Run: [HP Software Update] F:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "F:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Systems] F:\WINDOWS\system32\spoolsvc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "F:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [InstantTray] F:\Programmi\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [IW_Drop_Icon] F:\Programmi\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc
O4 - HKCU\..\Run: [msnmsgr] "F:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IncrediMail] F:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - Startup: BOINC Manager.lnk = C:\davide\Boinc\boincmgr.exe
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = F:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = F:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://f:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://f:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://f:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://f:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://f:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.1987324.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Matteo\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E489A71-1FB2-46D2-8D06-392CD6112222}: NameServer = 213.205.32.70 213.205.36.70
O17 - HKLM\System\CS1\Services\Tcpip\..\{0E489A71-1FB2-46D2-8D06-392CD6112222}: NameServer = 213.205.32.70 213.205.36.70
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O21 - SSODL: IEFilter - {129DC7A8-1AFF-4526-B86C-F380C453250C} - F:\WINDOWS\system32\IEFilter.dll
O23 - Service: Adobe LM Service - Adobe Systems - F:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - F:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - F:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - F:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - F:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - F:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - F:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPBBCSvc - Symantec Corporation - F:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - F:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe

ho bisogno del vostro aiuto per favore, grazie.

di **Luke57** » 23/04/06 14:17

@ Hil215
Ciao, scarica stinger 260 da qui:
http://vil.nai.com/vil/stinger/
è standalone, non va installato
1)riparti in modalità provvisoria:
(Avviare il computer.Subito dopo il calcolo della RAM e prima che inizi a caricarsi Windows, iniziare a premere ripetutamente il tasto F8 sulla tastiera. Continuare a farlo fino a visualizzare il menu Opzioni avanzate di Windows. Usando i tasti freccia sulla tastiera, scorrere le opzioni e selezionare il menu Modalità Provvisoria, quindi premere Invio)
2)rendi visibili file e cartelle nascosti:
Seleziona strumenti>Opzioni Cartella
Seleziona Visualizza
Spunta "mostra file e cartelle nascoste"
Togli la spunta da "nascondi file di sistema protetti"
Click OK
3) esegui Stinger 260 e fai una scansione completa
4) apri hijackthis, clicca “open the misc tools section”, “open process manager”, cerca, se ci sono ed evidenzai questi processi:
C:\WINDOWS\system32\cmutil60.exe
C:\Programmi\File comuni\Windows\services32.exe
C:\Programmi\File comuni\services.exe
Clicca “kill proces”
5)Torna al menu principale con back, premi “scan”, cerchi e spunti, se ci sono tutte, le seguenti voci:
O2 - BHO: Shorty - {11A4CA8C-A8B9-49c2-A6D3-3F64C9EEBAE6} - C:\Programmi\DNS\Catcher.dll
O4 - HKLM\..\Run: [86d0de93c82d] C:\WINDOWS\system32\cmutil60.e
O4 - HKLM\..\Run: [pfsvgae] C:\Program Files\pfsvgae.exe
O4 - HKLM\..\Run: [rzycau] C:\WINDOWS\system32\iksukkz.exe r
O4 - HKCU\..\Run: [services32] C:\Programmi\File comuni\Windows\mc-58-12-0000137.exe
O4 - HKCU\..\Run: [DNS] C:\Programmi\File comuni\mc-58-12-0000137.exe
O15 - Trusted Zone: http://www.1987324.com
O20 - Winlogon Notify: winozn32 - C:\WINDOWS\SYSTEM32\winozn32.dll
Premi “fix checked”
6) cerchi ed elimini, se ci sono, i seguenti file:
C:\WINDOWS\system32\cmutil60.exe
C:\Programmi\File comuni\Windows\services32.exe
C:\Programmi\File comuni\services.exe
C:\Programmi\DNS\Catcher.dll
C:\WINDOWS\system32\iksukkz.exe r
C:\Programmi\File comuni\Windows\mc-58-12-0000137.exe
C:\Programmi\File comuni\mc-58-12-0000137.exe
C:\WINDOWS\SYSTEM32\winozn32.dll
7)Elimina poi tutti i file temporanei di windows temp e tmp (da start>cerca>tutti i file e cartelle, copi e incolli: *.temp;*.tmp, ed elimini tutti quelli trovati)

sulle opzioni Internet cancella la cache di IE ( sull’opzione elimina file temporanei spunta anche “elimina il contenuto non in linea”, i cookies, cronologia)
9)svuota il cestino.
10)Riavvii e fai poi una scansione on line qui:
http://www.bitdefender.com/scan8/ie.html
Posta nuovo log per controllo

di **Luke57** » 23/04/06 15:20

@ Davipo
Ciao, apri hijackthis, clicca “open the misc tools section”, “open process manager”, cerca, se ci sono, ed evidenzi questo processo:
F:\WINDOWS\system32\spoolsvc.exe
Premi kill process
2)Torna al menu principale con back, premi “scan”, cerchi e spunti, se ci sono tutte, le seguenti voci:
O2 - BHO: (no name) - {B54857DF-4373-58C6-E9E9-2A784E9E6D47} - F:\DOCUME~1\davide\DATIAP~1\IDOLBO~1\five title.exe (file missing)
O4 - HKLM\..\Run: [Systems] F:\WINDOWS\system32\spoolsvc.exe
O15 - Trusted Zone: http://www.1987324.com
O21 - SSODL: IEFilter - {129DC7A8-1AFF-4526-B86C-F380C453250C} - F:\WINDOWS\system32\IEFilter.dll
Premi fix checked
3)riparti in modalità provvisoria:
(Avviare il computer.Subito dopo il calcolo della RAM e prima che inizi a caricarsi Windows, iniziare a premere ripetutamente il tasto F8 sulla tastiera. Continuare a farlo fino a visualizzare il menu Opzioni avanzate di Windows. Usando i tasti freccia sulla tastiera, scorrere le opzioni e selezionare il menu Modalità Provvisoria, quindi premere Invio)
4)rendi visibili file e cartelle nascosti:
Seleziona strumenti>Opzioni Cartella
Seleziona Visualizza
Spunta "mostra file e cartelle nascoste"
Togli la spunta da "nascondi file di sistema protetti"
Click OK
5)cerchi ed elimini, se ci sono, i seguenti file:
F:\WINDOWS\system32\spoolsvc.exe
F:\WINDOWS\system32\IEFilter.dll
F:\DOCUME~1\davide\DATIAP~1\IDOLBO~1\five title.exe (file missing)
6)Elimina poi tutti i file temporanei di windows temp e tmp (da start>cerca>tutti i file e cartelle, copi e incolli: *.temp;*.tmp, ed elimini tutti quelli trovati)
7)sulle opzioni Internet cancella la cache di IE ( sull’opzione elimina file temporanei spunta anche “elimina il contenuto non in linea”, i cookies, cronologia)

svuota il cestino.
9) scansiona con antivirus aggiornato
10) posta nuovo log per controllo

icone e1xplorer e finestra verde archiviosex

icone e1xplorer e finestra verde archiviosex

e1xplorer

Topic correlati a "icone e1xplorer e finestra verde archiviosex":

Chi c’è in linea