Condividi:        

Sono nei guai! spyware?

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Sono nei guai! spyware?

Postdi adriarte » 26/02/06 18:28

Un saluto a tutti :cry:
Da alcuni giorni cerco in tutti i modi suggeriti di risolvere il problema, ma non sono riuscito

Lo sfondo del desktop è nero con una scritta su fondo rosso:

WARNING
Your computer might be infected by spyware, adware or similar malicious
programs!

Mi invita ad andare su questo indirizzo
http://www.topadwarereviews.com per scaricare
l'antispyware (in realtà si collega ad una pagina che non permette alcuna operazione)

Sul desktop si colloca anche un collegamento a tale sito con nome Adware review
Sulla barra a basso a dx a fianco dell'icona di Norton compaiono due icone:
1. Warning: spyware intrusion detected
2. spyware infection detected
che avviano entrambi un collegamento al sito suddetto

Potete aiutarmi ?
Allego :

Logfile of HijackThis v1.99.1
Scan saved at 18.19.02, on 26/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\Norton Internet Security\ISSVC.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Microsoft Hardware\Mouse\point32.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE
C:\WINDOWS\wupdmgr.exe
C:\WINDOWS\osaupd.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Symantec Shared\AdBlocking\NSMdtr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Federico\Desktop\Come eliminare malware\HijackThis\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SpySweeper] "C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Porta Symantec Fax Starter Edition.lnk = C:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesit.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesit.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: http://millent.millenet.it
O15 - Trusted Zone: http://milleserver.millenet.it
O15 - Trusted Zone: http://push.millenet.it
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsup ... SupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/securityadvisor/pest ... stscan.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFACBDC1-0AA5-43DE-AC82-1AA62D9ECDCE}: NameServer = 62.94.0.1
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programmi\Norton Internet Security\ISSVC.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe

Allego anche se può essere utile il report creato dal programma Spyware Doctor (purtroppo non consente di risvolvere il problema: dovrei acquistarlo):

Spyware Doctor Activity Report
Generated on 26/02/2006 13.00.27 Spyware Doctor Homepage PC Tools Homepage Technical Support


Scans (basic information only):

Scan Results:
scan start: 26/02/2006 13.00.47
scan stop: 26/02/2006 13.23.05
scanned items: 130561
found items: 146
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts file scanner, Browser Defaults, Favorites and ZoneMap Scanner, ActiveX Scanner, Browser Activity Scanner, Disk Scanner



Infection Name Location Risk
Azesearch Toolbar HKCR\Interface\{38252777-2500-456E-8B3D-A55850306DA2} High
Azesearch Toolbar HKCR\Interface\{38252777-2500-456E-8B3D-A55850306DA2}## High
Azesearch Toolbar HKCR\Interface\{38252777-2500-456E-8B3D-A55850306DA2}\ProxyStubClsid High
Azesearch Toolbar HKCR\Interface\{38252777-2500-456E-8B3D-A55850306DA2}\ProxyStubClsid## High
Azesearch Toolbar HKCR\Interface\{38252777-2500-456E-8B3D-A55850306DA2}\ProxyStubClsid32 High
Azesearch Toolbar HKCR\Interface\{38252777-2500-456E-8B3D-A55850306DA2}\ProxyStubClsid32## High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Preferiti\favorites\spyware removers\raze spyware.url High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Preferiti\favorites\spyware removers\reg freeze.url High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Preferiti\favorites\spyware removers\remedy antispy.url High
SexVideoPro Dialer : skymasters.biz\www High
SexVideoPro Dialer : archiviosex.net\www High
SexVideoPro Dialer : redfunny.com\www High
Azesearch Toolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A19EF336-01D4-48E6-926A-FE7E1C747AED} High
Azesearch Toolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A19EF336-01D4-48E6-926A-FE7E1C747AED}\iexplore High
Azesearch Toolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DA7FF3F8-08BE-4CAC-BC00-94D91C6AE7F4} High
Azesearch Toolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DA7FF3F8-08BE-4CAC-BC00-94D91C6AE7F4}\iexplore High
Azesearch Toolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F65B197F-8260-4D52-909A-F70118E646EB} High
Azesearch Toolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F65B197F-8260-4D52-909A-F70118E646EB}\iexplore High
Common Components for AZE nEtwork HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7BF3304-138B-4DD5-86EE-491BB6A2286C} Medium
Common Components for AZE nEtwork HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7BF3304-138B-4DD5-86EE-491BB6A2286C}\iexplore Medium
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\O9U3W1UV\ss[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\J913IAMD\layout_19[1].gif High
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\5HTMVB5A\index[2].htm High
CrackSpider C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\O1UV0163\pixel[1].gif Medium
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\UNM8R8I6\ilsearch[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\GPIZCP6R\layout_14[1].gif High
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\G9M7STU3\navcurve[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\CLIBSTIZ\style[1].css High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\UNM8R8I6\layout_16[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\G9M7STU3\layout_35[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\O1UV0163\layout_12[1].gif High
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\G9M7STU3\ss[1].gif High
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\CLIBSTIZ\88x31_2[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\O9U3W1UV\layout_29[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\8PUFCD2J\layout_13[1].gif High
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\OH2N01IJ\120x160_1[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\G9M7STU3\layout_11[1].gif High
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\8PUFCD2J\d[1].htm High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\O1UV0163\tab_bg_grad3[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\G9M7STU3\layout_21[1].gif High
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\CLIBSTIZ\left_h[1].gif High
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\G9M7STU3\ny_logo[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\CLIBSTIZ\counter[1].htm High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\GPIZCP6R\buy[1].gif High
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\J913IAMD\header[1].gif High
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\GPIZCP6R\freepda[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\J913IAMD\layout_32[1].gif High
CrackSpider C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\8PUFCD2J\searchbg1[1].gif Medium
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\OH2N01IJ\phazeddl[1].gif High
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\UNM8R8I6\net_weiss_animated[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\8PUFCD2J\spacer[2].gif High
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\UNM8R8I6\footer[1].gif High
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\CLIBSTIZ\all[1].htm High
VX2.Look2Me C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\CLIBSTIZ\popup[1].htm High
Azesearch Toolbar C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\UNM8R8I6\azesearch[1].bmp High
Azesearch Toolbar C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\OO8ETELW\install[1].htm High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\OH2N01IJ\logo[1].swf High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\W12R41M3\layout_07[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\CLIBSTIZ\layout_25[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\J913IAMD\layout_10[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\5HTMVB5A\layout_33[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\8PUFCD2J\vert_bg[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\CLIBSTIZ\layout_01[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\OH2N01IJ\layout_18[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\UNM8R8I6\no_star[1].gif High
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\OH2N01IJ\net002-1[1].gif High
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\J913IAMD\125x50[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\5HTMVB5A\layout_09[1].gif High
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\O9U3W1UV\lwbutton[1].gif High
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\O9U3W1UV\strbtm[1].gif High
Azesearch Toolbar C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\O9U3W1UV\drsmartload95a[1].exe High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\OO8ETELW\index_19[1].gif High
Azesearch Toolbar C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\W12R41M3\webload196[1].exe High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\OH2N01IJ\layout_30[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\O9U3W1UV\yes[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\GPIZCP6R\layout_19_1[1].gif High
Azesearch Toolbar C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\5HTMVB5A\sp2[1].swf High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\OH2N01IJ\layout_04[1].gif High
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\G9M7STU3\pixel[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\G9M7STU3\tab_bg_grad2[1].gif High
Azesearch Toolbar C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\O1UV0163\azebar[1].xml High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\O1UV0163\layout_20_1[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\UNM8R8I6\grad_bg[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\MYBZLGBF\topadwarereviews[1].htm High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\O8SGQHVS\star[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\O9U3W1UV\layout_03[1].gif High
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\8PUFCD2J\serws[1].js High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\5HTMVB5A\layout_15[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\CLIBSTIZ\no[2].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\GPIZCP6R\tab_bg_grad[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\8PUFCD2J\layout_20[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\O1UV0163\index_03[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\O1UV0163\spacer[2].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\CLIBSTIZ\index_05[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\MYBZLGBF\arrow[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\CLIBSTIZ\copyright[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\5HTMVB5A\index_12[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\O1UV0163\index_15b[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\UNM8R8I6\index_18[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\O1UV0163\scan[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\8PUFCD2J\new4[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\O9U3W1UV\index_22[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\UNM8R8I6\index_04[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\O8SGQHVS\index_20[1].gif High
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\O9U3W1UV\right_h[1].gif High
CrackSpider C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\O1UV0163\submit[1].gif Medium
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\MYBZLGBF\spybox1a[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\W12R41M3\scanbar2[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\J913IAMD\index_25[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\5HTMVB5A\5star[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\O9U3W1UV\layout_05[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\J913IAMD\index_10[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\W5UJO5IR\index_07[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\J913IAMD\layout_28[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\8PUFCD2J\topadwarereviews[1].htm High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\GPIZCP6R\index_02b[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\GPIZCP6R\index_15[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\UNM8R8I6\spy[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\8PUFCD2J\spywarebegone[1].htm High
Keylog-sters C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\CLIBSTIZ\cycounter[1].gif High
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\G9M7STU3\d[1].htm High
CrackSpider C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\8PUFCD2J\search[1].gif Medium
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\5HTMVB5A\layout_36[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\W12R41M3\layout_31[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\UNM8R8I6\layout_17[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\W12R41M3\layout_08[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\1XKQNJDP\index_02[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\1XKQNJDP\download[2].htm High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\8PUFCD2J\layout_34[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\W5UJO5IR\index_24[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\G9M7STU3\index_14[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\O9U3W1UV\index_06[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\OH2N01IJ\index_09[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\5HTMVB5A\topadwarereviews[1].htm High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\OH2N01IJ\spybox[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\GPIZCP6R\Free-SpyWareScan[1].exe High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\1XKQNJDP\index_11[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\G9M7STU3\bot3[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\G9M7STU3\index_01[1].gif High
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\CLIBSTIZ\d[1].htm High
Tracking Cookie(s) C:\Documents and Settings\Federico\Cookies\federico@cgi-bin[2].txt Medium
Advertising C:\Documents and Settings\Federico\Cookies\federico@com[2].txt Low
Regfreeze Hijacker C:\Documents and Settings\Federico\Cookies\federico@www.topadwarereviews[1].txt High
SexVideoPro Dialer C:\Documents and Settings\Federico\Menu Avvio\exsplorer.lnk High
Trojan.Downloader.RI C:\WINDOWS\system32\countrydial.exe Elevated
SexVideoPro Dialer D:\Documents and Settings\Federico\exsplorer.lnk High






Potete aiutarmi? Ringrazio

Adriano



Indice del forum -> Sicurezza e Privacy
Inserisci un nuovo Topic
Oggetto
Corpo del messaggio

Emoticons





Guarda altre Emoticons


Colore font: Default Rosso scuro Rosso Arancione Marrone Giallo Verde Oliva Ciano Blu Blu scuro Indigo Viola Bianco Nero Dimensione font: Minuscolo Piccolo Normale Largo Enorme Chiudi i Tags


:cry:
Da alcuni giorni cerca in tutti i modi suggeriti di risolvere il problema, ma non sono riuscito

Lo sfondo del desktop è nero con una scritta su fondo rosso:

WARNING
Your computer might be infected by spyware, adware or similar malicious
programs!

Mi invita ad andare su questo indirizzo
http://www.topadwarereviews.com per scaricare
l'antispyware (in realtà si collega ad una pagina che non permette alcuna operazione)

Sul desktop si colloca anche un collegamento a tale sito con nome Adware review
Sulla barra a basso a dx a fianco dell'icona di Norton compaiono due icone:
1. Warning: spyware intrusion detected
2. spyware infection detected
che avviano entrambi un collegamento al sito suddetto

Potete aiutarmi ?
Allego :

Logfile of HijackThis v1.99.1
Scan saved at 18.19.02, on 26/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\Norton Internet Security\ISSVC.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Microsoft Hardware\Mouse\point32.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE
C:\WINDOWS\wupdmgr.exe
C:\WINDOWS\osaupd.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Symantec Shared\AdBlocking\NSMdtr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Federico\Desktop\Come eliminare malware\HijackThis\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SpySweeper] "C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Porta Symantec Fax Starter Edition.lnk = C:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesit.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesit.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: http://millent.millenet.it
O15 - Trusted Zone: http://milleserver.millenet.it
O15 - Trusted Zone: http://push.millenet.it
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsup ... SupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/securityadvisor/pest ... stscan.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFACBDC1-0AA5-43DE-AC82-1AA62D9ECDCE}: NameServer = 62.94.0.1
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programmi\Norton Internet Security\ISSVC.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe

Allego anche se può essere utile il report creato dal programma Spyware Doctor (purtroppo non consente di risvolvere il problema: dovrei acquistarlo):

Spyware Doctor Activity Report
Generated on 26/02/2006 13.00.27 Spyware Doctor Homepage PC Tools Homepage Technical Support


Scans (basic information only):

Scan Results:
scan start: 26/02/2006 13.00.47
scan stop: 26/02/2006 13.23.05
scanned items: 130561
found items: 146
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts file scanner, Browser Defaults, Favorites and ZoneMap Scanner, ActiveX Scanner, Browser Activity Scanner, Disk Scanner



Infection Name Location Risk
Azesearch Toolbar HKCR\Interface\{38252777-2500-456E-8B3D-A55850306DA2} High
Azesearch Toolbar HKCR\Interface\{38252777-2500-456E-8B3D-A55850306DA2}## High
Azesearch Toolbar HKCR\Interface\{38252777-2500-456E-8B3D-A55850306DA2}\ProxyStubClsid High
Azesearch Toolbar HKCR\Interface\{38252777-2500-456E-8B3D-A55850306DA2}\ProxyStubClsid## High
Azesearch Toolbar HKCR\Interface\{38252777-2500-456E-8B3D-A55850306DA2}\ProxyStubClsid32 High
Azesearch Toolbar HKCR\Interface\{38252777-2500-456E-8B3D-A55850306DA2}\ProxyStubClsid32## High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Preferiti\favorites\spyware removers\raze spyware.url High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Preferiti\favorites\spyware removers\reg freeze.url High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Preferiti\favorites\spyware removers\remedy antispy.url High
SexVideoPro Dialer : skymasters.biz\www High
SexVideoPro Dialer : archiviosex.net\www High
SexVideoPro Dialer : redfunny.com\www High
Azesearch Toolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A19EF336-01D4-48E6-926A-FE7E1C747AED} High
Azesearch Toolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A19EF336-01D4-48E6-926A-FE7E1C747AED}\iexplore High
Azesearch Toolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DA7FF3F8-08BE-4CAC-BC00-94D91C6AE7F4} High
Azesearch Toolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DA7FF3F8-08BE-4CAC-BC00-94D91C6AE7F4}\iexplore High
Azesearch Toolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F65B197F-8260-4D52-909A-F70118E646EB} High
Azesearch Toolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F65B197F-8260-4D52-909A-F70118E646EB}\iexplore High
Common Components for AZE nEtwork HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7BF3304-138B-4DD5-86EE-491BB6A2286C} Medium
Common Components for AZE nEtwork HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7BF3304-138B-4DD5-86EE-491BB6A2286C}\iexplore Medium
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\O9U3W1UV\ss[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\J913IAMD\layout_19[1].gif High
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\5HTMVB5A\index[2].htm High
CrackSpider C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\O1UV0163\pixel[1].gif Medium
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\UNM8R8I6\ilsearch[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\GPIZCP6R\layout_14[1].gif High
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\G9M7STU3\navcurve[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\CLIBSTIZ\style[1].css High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\UNM8R8I6\layout_16[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\G9M7STU3\layout_35[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\O1UV0163\layout_12[1].gif High
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\G9M7STU3\ss[1].gif High
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\CLIBSTIZ\88x31_2[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\O9U3W1UV\layout_29[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\8PUFCD2J\layout_13[1].gif High
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\OH2N01IJ\120x160_1[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\G9M7STU3\layout_11[1].gif High
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\8PUFCD2J\d[1].htm High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\O1UV0163\tab_bg_grad3[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\G9M7STU3\layout_21[1].gif High
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\CLIBSTIZ\left_h[1].gif High
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\G9M7STU3\ny_logo[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\CLIBSTIZ\counter[1].htm High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\GPIZCP6R\buy[1].gif High
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\J913IAMD\header[1].gif High
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\GPIZCP6R\freepda[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\J913IAMD\layout_32[1].gif High
CrackSpider C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\8PUFCD2J\searchbg1[1].gif Medium
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\OH2N01IJ\phazeddl[1].gif High
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\UNM8R8I6\net_weiss_animated[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\8PUFCD2J\spacer[2].gif High
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\UNM8R8I6\footer[1].gif High
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\CLIBSTIZ\all[1].htm High
VX2.Look2Me C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\CLIBSTIZ\popup[1].htm High
Azesearch Toolbar C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\UNM8R8I6\azesearch[1].bmp High
Azesearch Toolbar C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\OO8ETELW\install[1].htm High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\OH2N01IJ\logo[1].swf High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\W12R41M3\layout_07[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\CLIBSTIZ\layout_25[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\J913IAMD\layout_10[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\5HTMVB5A\layout_33[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\8PUFCD2J\vert_bg[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\CLIBSTIZ\layout_01[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\OH2N01IJ\layout_18[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\UNM8R8I6\no_star[1].gif High
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\OH2N01IJ\net002-1[1].gif High
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\J913IAMD\125x50[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\5HTMVB5A\layout_09[1].gif High
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\O9U3W1UV\lwbutton[1].gif High
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\O9U3W1UV\strbtm[1].gif High
Azesearch Toolbar C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\O9U3W1UV\drsmartload95a[1].exe High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\OO8ETELW\index_19[1].gif High
Azesearch Toolbar C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\W12R41M3\webload196[1].exe High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\OH2N01IJ\layout_30[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\O9U3W1UV\yes[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\GPIZCP6R\layout_19_1[1].gif High
Azesearch Toolbar C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\5HTMVB5A\sp2[1].swf High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\OH2N01IJ\layout_04[1].gif High
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\G9M7STU3\pixel[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\G9M7STU3\tab_bg_grad2[1].gif High
Azesearch Toolbar C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\O1UV0163\azebar[1].xml High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\O1UV0163\layout_20_1[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\UNM8R8I6\grad_bg[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\MYBZLGBF\topadwarereviews[1].htm High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\O8SGQHVS\star[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\O9U3W1UV\layout_03[1].gif High
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\8PUFCD2J\serws[1].js High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\5HTMVB5A\layout_15[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\CLIBSTIZ\no[2].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\GPIZCP6R\tab_bg_grad[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\8PUFCD2J\layout_20[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\O1UV0163\index_03[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\O1UV0163\spacer[2].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\CLIBSTIZ\index_05[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\MYBZLGBF\arrow[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\CLIBSTIZ\copyright[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\5HTMVB5A\index_12[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\O1UV0163\index_15b[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\UNM8R8I6\index_18[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\O1UV0163\scan[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\8PUFCD2J\new4[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\O9U3W1UV\index_22[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\UNM8R8I6\index_04[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\O8SGQHVS\index_20[1].gif High
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\O9U3W1UV\right_h[1].gif High
CrackSpider C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\O1UV0163\submit[1].gif Medium
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\MYBZLGBF\spybox1a[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\W12R41M3\scanbar2[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\J913IAMD\index_25[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\5HTMVB5A\5star[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\O9U3W1UV\layout_05[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\J913IAMD\index_10[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\W5UJO5IR\index_07[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\J913IAMD\layout_28[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\8PUFCD2J\topadwarereviews[1].htm High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\GPIZCP6R\index_02b[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\GPIZCP6R\index_15[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\UNM8R8I6\spy[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\8PUFCD2J\spywarebegone[1].htm High
Keylog-sters C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\CLIBSTIZ\cycounter[1].gif High
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\G9M7STU3\d[1].htm High
CrackSpider C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\8PUFCD2J\search[1].gif Medium
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\5HTMVB5A\layout_36[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\W12R41M3\layout_31[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\UNM8R8I6\layout_17[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\W12R41M3\layout_08[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\1XKQNJDP\index_02[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\1XKQNJDP\download[2].htm High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\8PUFCD2J\layout_34[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\W5UJO5IR\index_24[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\G9M7STU3\index_14[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\O9U3W1UV\index_06[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\OH2N01IJ\index_09[1].gif High
Regfreeze Hijacker C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\5HTMVB5A\topadwarereviews[1].htm High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\OH2N01IJ\spybox[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\GPIZCP6R\Free-SpyWareScan[1].exe High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\1XKQNJDP\index_11[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\G9M7STU3\bot3[1].gif High
Rogue Anti-Spyware Products C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\G9M7STU3\index_01[1].gif High
Known Bad Sites C:\Documents and Settings\Federico\Impostazioni locali\Temporary Internet Files\Content.IE5\CLIBSTIZ\d[1].htm High
Tracking Cookie(s) C:\Documents and Settings\Federico\Cookies\federico@cgi-bin[2].txt Medium
Advertising C:\Documents and Settings\Federico\Cookies\federico@com[2].txt Low
Regfreeze Hijacker C:\Documents and Settings\Federico\Cookies\federico@www.topadwarereviews[1].txt High
SexVideoPro Dialer C:\Documents and Settings\Federico\Menu Avvio\exsplorer.lnk High
Trojan.Downloader.RI C:\WINDOWS\system32\countrydial.exe Elevated
SexVideoPro Dialer D:\Documents and Settings\Federico\exsplorer.lnk High






Potete aiutarmi? Ringrazio :)

Adriano

Opzioni
HTML è DISATTIVATO
BBCode è ATTIVO
Gli Smilies sono ATTIVI Disabilita il BBCode in questo messaggio
Disabilita gli Smilies in questo messaggio
Avvisami quando viene inviata una risposta



Tutti i fusi orari sono GMT + 1 ora

Vai a: Seleziona un forum Assistenza Software----------------Software WindowsSistemi Operativi WindowsApplicazioni Office WindowsSoftware LinuxAudio/Video e masterizzazione Assistenza Hardware----------------Assistenza HardwareModding, overclocking e coolingReti, ADSL e wireless Laboratorio----------------DiscussioniSicurezza e PrivacyAbuse & spamProgrammazione Altro----------------Forum off-topic




Powered by phpBB © 2001, 2005 phpBB Group


[ Info & Contatti | Linkaci | Loghi | Invia News | About us | RSS ]

© 2000-2006 pc-facile.com
adriarte
Newbie
 
Post: 4
Iscritto il: 26/02/06 16:14

Sponsor
 

Postdi fabrizius » 26/02/06 19:00

:eeh: calma con i log :P

comincia a svuotare i files temp che ne hai un casino...
fatti aiutare da Ccleaner--->prima vai in opzioni--->avanzate--->togli la spunta elimina files temp solo se piu vecchi di 48 ore

Guardo il log...
fabrizius
Utente Senior
 
Post: 1220
Iscritto il: 20/05/05 13:55

Postdi fabrizius » 26/02/06 19:07

se vuoi farlo manualmente,
Assicurati di avere accesso a cartelle e file nascosti
(Pannello di controllo---> Opzioni Cartella ---> Visualizzazione--->metti la spunta su"visualizza file e cartelle nascoste"--->disattiva nascondi file e cartelle di sistema)
vai in C:\Documents and Settings\Federico\Impostazionilocali\Temporary Internet e Temp,svuotale tutte e due...
fabrizius
Utente Senior
 
Post: 1220
Iscritto il: 20/05/05 13:55

Postdi fabrizius » 26/02/06 19:31

Allora per il log hijackthis prova a fare cosi

Vai nel task manager (Ctrl+Alt+Del)e termina questi processi (se ci sono)
wupdmgr.exe
osaupd.exe
ShowWnd.exe

Poi cerca ed elimina i relativi files
ATTENTIONE esiste un file leggittimo di windows con lo stesso nome ma si trova in C:\...\ system32\wupdmgr.exe
quello che devi eliminare é :C:\WINDOWS\wupdmgr.exe[

PS:se non ci riesci dalla modalità normale prova in modalitàprovvisoriaAvvia il computer in modalità provvisoria
(Riavviare il sistema--->Immediatamente al termine del caricamento del BIOS premere ripetutamente il tasto F8 fin quando non appare il menu Opzioni avanzate di Windows--->Vai su Modalità provvisoria e premi Invio).
Una volta in mod. provvisoria rifai lo stesso procedimento ed in piu con hijackthis fixa queste voci:
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)

Vediamo un po dopo queste operazioni cosa ci rimane

PS: ShowWnd.exe puoi andarlo ad eliminare anche direttamente nel registro in caso di difficoltà,ma con le dovute precauzioni
fabrizius
Utente Senior
 
Post: 1220
Iscritto il: 20/05/05 13:55

Postdi fabrizius » 26/02/06 19:46

Installa anche questi programmi ,aggioranli e fai la scansione del sistema

Ad-Aware
SpybotS&D
CWShredder
Guida all'uso

Svuota tutto il possibile,cookie,temporanei,prefecht,cestino etc...

Volendo puoi fare anche uno scan online

Trend Micro--->Antispyware
fabrizius
Utente Senior
 
Post: 1220
Iscritto il: 20/05/05 13:55

Postdi adriarte » 26/02/06 22:22

vai in C:\Documents and Settings\Federico\Impostazionilocali\Temporary Internet e Temp,svuotale tutte e due...

non mi è stato possibile uno svuotamento completo delle due cartelle:
- nella Temp sono rimasti 4 file
- nella Temporary Internet Files sono rimasti 13 files

Non fa nulla?
Grazie
Adriano
adriarte
Newbie
 
Post: 4
Iscritto il: 26/02/06 16:14

Postdi fabrizius » 26/02/06 23:42

quelli puoi eliminarli dalla modalità provvisoria...
ma i problemi sono risolti?riscontri ancora problemi?
fabrizius
Utente Senior
 
Post: 1220
Iscritto il: 20/05/05 13:55

Postdi adriarte » 27/02/06 20:37

:D :D :D
tutto risolto !!!!!!!!!!!!!!!!!!!
ti ringrazio tantissimo per il tuo aiuto molto professionaleCiao
Adriano
adriarte
Newbie
 
Post: 4
Iscritto il: 26/02/06 16:14

Postdi fabrizius » 27/02/06 20:44

ciao...
di niente ;)
fabrizius
Utente Senior
 
Post: 1220
Iscritto il: 20/05/05 13:55

Postdi crik91 » 08/03/06 17:36

Ragazzi avrei lo stesso problema potete aiutarmi?Aiutooooooo!Grazie per ora
crik91
Utente Senior
 
Post: 700
Iscritto il: 07/02/06 10:02
Località: Prato

Postdi crik91 » 08/03/06 22:49

Questi sono i miei log...

Logfile of HijackThis v1.99.1
Scan saved at 22.48.53, on 08/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Virtual CD v4 SDK\system\vcssecs.exe
C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\apps\ABoard\AOSD.exe
C:\Programmi\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programmi\D-Tools\daemon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Gioele\Desktop\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/r ... key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\it.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lexmark.com/MD/?func=newreg& ... os=5&src=1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PBITV2 - {4E7BD74F-2B8D-469E-A0E8-EB65B685FA7D} - C:\WINDOWS\system32\pbitv2.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Encarta Web Companion Oggetto helper - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: PBITV2 - {4E7BD74F-2B8D-469E-A0E8-EB65B685FA7D} - C:\WINDOWS\system32\pbitv2.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] C:\Programmi\File comuni\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmi\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\Aethra\ADSL EB1070 USB\CnxTrApp.dll",AppEntry -REG "Aethra\ADSL EB1070 USB"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\it.htm
O15 - Trusted Zone: http://www.archiviosex.net
O15 - Trusted Zone: http://www.redfunny.com
O15 - Trusted Zone: http://www.skymasters.biz
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.virgilio.it/downloa ... ctiveX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{399F101C-F754-46D7-9B45-0F9287793646}: NameServer = 85.37.17.5 85.38.28.77
O17 - HKLM\System\CS1\Services\Tcpip\..\{399F101C-F754-46D7-9B45-0F9287793646}: NameServer = 85.37.17.5 85.38.28.77
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: winakd32 - C:\WINDOWS\SYSTEM32\winakd32.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Programmi\Virtual CD v4 SDK\system\vcssecs.exe
crik91
Utente Senior
 
Post: 700
Iscritto il: 07/02/06 10:02
Località: Prato

Postdi lucas/s » 09/03/06 01:11

Ciao,esegui queste operazioni

scarica Vundo Fix http://www.atribune.org/downloads/VundoFix.exe
salvalo sul desktop

* Doppio click su VundoFix.exe ed estrai i file
* Verrà creata una nuova cartella sul desktop(VundoFix).
* Dopo che hai estratto i file,riavvia il pc in modalità provvisoria
* Quando sei in modalità provvisoria,apri la cartella vundofix e clicca su KillVundo.bat
* A questo punto ti si apre una finestra dos,fai attenzione a quello che ti scrivo
VundoFix V2.15 by Atri
By using VundoFix you agree that you are doing so at your own risk
Press enter to continue...

-a questo punto premi invio una volta
-poi vedrai:
Please Type in the filepath as instructed by the forum staff
and then press enter:

-a questo punto digita il percorso seguente(controlla di digitarlo esattamente)
C:\WINDOWS\SYSTEM32\winakd32.dll
-Premi invio,
-poi vedrai:
Please type in the second filepath as instructed by the forum
staff then press enter:

a questo punto digita il percorso seguente come te l'ho messo quindi anche il .*
C:\WINDOWS\SYSTEM32\32dkaniw.*
Premi invio continuare con il fix.

* Mentre il fix andrà avanti apri hijackthis,clicca sul 2 pulsante
* Metti le spunte nelle caselle che corrisponde a queste stringhe e clicca su FIX CHECKED per eliminarle

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\it.htm

O2 - BHO: PBITV2 - {4E7BD74F-2B8D-469E-A0E8-EB65B685FA7D} - C:\WINDOWS\system32\pbitv2.dll

O3 - Toolbar: PBITV2 - {4E7BD74F-2B8D-469E-A0E8-EB65B685FA7D} - C:\WINDOWS\system32\pbitv2.dll

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\it.htm

O15 - Trusted Zone: http://www.archiviosex.net

O15 - Trusted Zone: http://www.redfunny.com

O15 - Trusted Zone: http://www.skymasters.biz

O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone

O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone

O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone

O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone

O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone

O17 - HKLM\System\CCS\Services\Tcpip\..\{399F101C-F754-46D7-9B45-0F9287793646}: NameServer = 85.37.17.5 85.38.28.77

O17 - HKLM\System\CS1\Services\Tcpip\..\{399F101C-F754-46D7-9B45-0F9287793646}: NameServer = 85.37.17.5 85.38.28.77

O20 - Winlogon Notify: winakd32 - C:\WINDOWS\SYSTEM32\winakd32.dll


Elimina il file in rosso
C:\WINDOWS\system32\pbitv2.dll

Riavvia il pc e posta un log aggiornato ciao
lucas/s
Utente Senior
 
Post: 224
Iscritto il: 04/02/06 00:33

Postdi crik91 » 09/03/06 21:09

Il computer non voleva avviarsi normalmente!!!
Ho dovuto selezionare l'avvio con l'ultima configurazione di sistema sicuramente finzionante!!!
è uguale?
comunque il seguente file non c'era:
C:\WINDOWS|SYSTEM32\pbitv.dll

Ecco i miei log...

Logfile of HijackThis v1.99.1
Scan saved at 21.06.06, on 09/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programmi\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\apps\ABoard\AOSD.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programmi\D-Tools\daemon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Virtual CD v4 SDK\system\vcssecs.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Gioele\Desktop\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/r ... key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\it.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lexmark.com/MD/?func=newreg& ... os=5&src=1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PBITV2 - {4E7BD74F-2B8D-469E-A0E8-EB65B685FA7D} - C:\WINDOWS\system32\pbitv2.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Encarta Web Companion Oggetto helper - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: PBITV2 - {4E7BD74F-2B8D-469E-A0E8-EB65B685FA7D} - C:\WINDOWS\system32\pbitv2.dll (file missing)
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] C:\Programmi\File comuni\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmi\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\Aethra\ADSL EB1070 USB\CnxTrApp.dll",AppEntry -REG "Aethra\ADSL EB1070 USB"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.archiviosex.net
O15 - Trusted Zone: http://www.redfunny.com
O15 - Trusted Zone: http://www.skymasters.biz
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.virgilio.it/downloa ... ctiveX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{399F101C-F754-46D7-9B45-0F9287793646}: NameServer = 85.37.17.5 85.38.28.77
O17 - HKLM\System\CS3\Services\Tcpip\..\{399F101C-F754-46D7-9B45-0F9287793646}: NameServer = 85.37.17.5 85.38.28.77
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: winakd32 - winakd32.dll (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Programmi\Virtual CD v4 SDK\system\vcssecs.exe
crik91
Utente Senior
 
Post: 700
Iscritto il: 07/02/06 10:02
Località: Prato

Postdi Luke57 » 09/03/06 21:35

Ciao, scarica scarica DelDomains.inf da qui --> http://www.mvps.org/winhelp2002/DelDomains.inf e mettilo sul desktop.
Durante la scansione con HJT, chiudi la connessione con Internet, chiudi tutti i browser e le applicazioni aperte.
fai girare HJT e premi “ do a system scan only”
cerca nell'elenco le seguenti voci metti il segno di spunta a ognuna di esse:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/r ... key=SEARCH
O2 - BHO: PBITV2 - {4E7BD74F-2B8D-469E-A0E8-EB65B685FA7D} - C:\WINDOWS\system32\pbitv2.dll (file missing)
O3 - Toolbar: PBITV2 - {4E7BD74F-2B8D-469E-A0E8-EB65B685FA7D} - C:\WINDOWS\system32\pbitv2.dll (file missing)
Tutte le voci 015
O20 - Winlogon Notify: winakd32 - winakd32.dll (file missing)
premi fix checked
Riparti in modalità provvisoria:
(Avviare il computer.Subito dopo il calcolo della RAM e prima che inizi a caricarsi Windows, iniziare a premere ripetutamente il tasto F8 sulla tastiera. Continuare a farlo fino a visualizzare il menu Opzioni avanzate di Windows. Usando i tasti freccia sulla tastiera, scorrere le opzioni e selezionare il menu Modalità Provvisoria, quindi premere Invio)
Avvia Gestione risorse e imposta la visualizzazione completa dei file e cartelle nascosti,(Seleziona strumenti>Opzioni Cartella
Seleziona Visualizza
Spunta "mostra file e cartelle nascoste"
Togli la spunta da "nascondi file di sistema protetti"
Click Ok)
cerca e cancella i seguenti file, se ci sono (penso di no, comunque)
C:\WINDOWS\system32\pbitv2.dll
winakd32.dll
Click dx su DelDoamins.inf e scegli "installa"
Vai su pannello di controllo, "installazione applicazioni" e rimuovi tutte le applicazioni che non conosci e che non hai installato tu
Cancella file temporanei di windows (temp e tmp) - da start>cerca>tutti i file e cartelle, copi e incolli: *.temp;*.tmp, ed elimini tutti quelli trovati-
Sulle opzioni di internet cancella la cache di IE ( da generale> elimina file temporanei -spunta anche “elimina il contenuto non in linea”, elimina i cookies, cancella la cronologia)
Svuota il cestino
Riparti in modalità normale e posta nuovo log di hijackthis.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Postdi crik91 » 09/03/06 22:04

Fatto.
Eccoli:
Logfile of HijackThis v1.99.1
Scan saved at 22.03.29, on 09/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Virtual CD v4 SDK\system\vcssecs.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\apps\ABoard\AOSD.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programmi\D-Tools\daemon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Gioele\Desktop\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\it.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lexmark.com/MD/?func=newreg& ... os=5&src=1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Encarta Web Companion Oggetto helper - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] C:\Programmi\File comuni\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmi\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\Aethra\ADSL EB1070 USB\CnxTrApp.dll",AppEntry -REG "Aethra\ADSL EB1070 USB"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.virgilio.it/downloa ... ctiveX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{399F101C-F754-46D7-9B45-0F9287793646}: NameServer = 85.37.17.5 85.38.28.77
O17 - HKLM\System\CS3\Services\Tcpip\..\{399F101C-F754-46D7-9B45-0F9287793646}: NameServer = 85.37.17.5 85.38.28.77
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Programmi\Virtual CD v4 SDK\system\vcssecs.exe
crik91
Utente Senior
 
Post: 700
Iscritto il: 07/02/06 10:02
Località: Prato

Postdi Luke57 » 09/03/06 22:32

Ciao, ci sono ancora alcune voci 015 che non se ne vanno con hijackthis. Prova CWShredder
• Download:
http://www.trendmicro.com/ftp/products/ ... redder.exe
Riavvia il computer in Modalità provvisoria, chiudi tutti i programmi, compreso l’antivirus, ed esegui CWShredder.exe (scegli “Fix”, non "scan only") e guarda un pò che trova.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Postdi Gaara8888 » 10/03/06 15:00

Ciao amico ho avuto anch io il tuo stesso problema e l'ho risolto con una semplice scansione con Ewido seguita da una pulizia manuale delle chiavi Run e Run Once nel registro...
quindi non è niente di grave!
Gaara8888
Utente Junior
 
Post: 11
Iscritto il: 10/03/06 14:11

Postdi crik91 » 10/03/06 15:36

Puoi spiegarti meglio per piacere...
Cosa dovrei fare?
crik91
Utente Senior
 
Post: 700
Iscritto il: 07/02/06 10:02
Località: Prato

Postdi lucas/s » 10/03/06 16:05

Allora scaricati questo file
http://www.mvps.org/winhelp2002/DelDomains.inf
basta che salvi la pagina sul desktop
Disconetteti e chiudi tutte le applicazioni
Seleziona il file DelDomains.inf che hai sul desktop,tasto destro del mouse e dal menù scegli "Installa"
Start>esegui digita msconfig
clicca su OK
Nel tag generale gentilmente spunta la voce "Avvio normale" altrimenti dal log non si vede niente(poi lo rimetti come vuoi tu)clicca su Applica>Ok,ti chiederà di riavvia per rendere effettive le modifiche
Riavvia e posta un nuovo log grazie ciao
lucas/s
Utente Senior
 
Post: 224
Iscritto il: 04/02/06 00:33

Postdi Gaara8888 » 10/03/06 17:59

Anzi no mi correggo per levarlo ho usato F-Secure nella versione trial e ho pulito a mano le chiavi del regedit infette...senza usare programmi complicati :)
Gaara8888
Utente Junior
 
Post: 11
Iscritto il: 10/03/06 14:11

Prossimo

Torna a Sicurezza e Privacy


Topic correlati a "Sono nei guai! spyware?":


Chi c’è in linea

Visitano il forum: Nessuno e 47 ospiti