|
|
|
|
Strumenti |
04-06-2005, 09:53 | #1 |
Member
Iscritto dal: Jun 2005
Messaggi: 171
|
"Il virus senza nome" per favore aiutatemi ho uno strano virus
salve a tutti,
ringrazio anticipatamente chiunque mi aiuti nel risolvere il seguente problema: ho scaricato un file che si è dimostrato essere un virus (o qualcos'altro) che si autoattiva e che è in grado di disattivarmi tutti i sistemi di sicurezza(antivirus e firewall). Ho gia utilizzato il tool della Symantec contro i BugBear, ma sembra che il mio "amico" nn sia un BugBear. Ho notato uno strano processo in Task Manager chiamato "wscntfy.exe" che ho provato a far terminare; purtroppo esso si riattiva e windows mi informa della mancanza di firewall e antivirus. potreste aiutarmi???? P.S. se volete mandatemi un parere sull'antivirus McAfee, dei pregi del quale dubito un tantino.... |
04-06-2005, 10:20 | #2 |
Senior Member
Iscritto dal: Feb 2003
Città: Torino
Messaggi: 3694
|
Benvenuto nel forum
dai un'occhiata qui: http://www.liutilities.com/products/...brary/wscntfy/ http://hijackthis.myblogsite.com/blog/wscntfyexe E' un servizio di Xp è si trova c:\windows\System32 folder. In other cases, wscntfy.exe is a virus, spyware, trojan or worm! vedi se riesci a fare una scansione on-line qui: http://it.trendmicro-europe.com/cons...all_launch.php |
04-06-2005, 12:28 | #3 |
Member
Iscritto dal: Jun 2005
Messaggi: 171
|
re
in effetti è un processo del SP2 di XP.
|
04-06-2005, 13:02 | #4 |
Senior Member
Iscritto dal: Oct 2004
Città: Milano
Messaggi: 2641
|
Scarica hijackthis da qui
http://www.majorgeeks.com/download3155.html avvialo e posta il log (copia incolla). Ciao
__________________
FOXYLADY è un MASCHIO!! Un amico è una persona che sa tutto di te e nonostante questo gli piaci |
04-06-2005, 13:10 | #5 |
Member
Iscritto dal: Jun 2005
Messaggi: 171
|
Ecco il Log:
Logfile of HijackThis v1.99.1 Scan saved at 14.09.57, on 04/06/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\windows\system32\svchost2.exe C:\Programmi\Alice ti aiuta\bin\mpbtn.exe C:\WINDOWS\system32\wscntfy.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\WinRAR\WinRAR.exe C:\DOCUME~1\Giuseppe\IMPOST~1\Temp\Rar$EX00.391\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\Pirelli\Access Gateway USB Network\CnxTrApp.dll",AppEntry -REG "Pirelli\Access Gateway USB" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [svchost] C:\windows\system32\svchost2.exe O4 - HKLM\..\RunServices: [svchost] C:\windows\system32\svchost2.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe O4 - Global Startup: GStartup.lnk = C:\Programmi\File comuni\GMT\GMT.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1116967545485 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0A668BB4-7B9D-4579-A9BD-668F843F5FCD}: NameServer = 80.19.114.21 151.99.125.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{0A668BB4-7B9D-4579-A9BD-668F843F5FCD}: NameServer = 80.19.114.21 151.99.125.1 O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Programmi\Network Associates\VirusScan\Avsynmgr.exe O23 - Service: McShield - Unknown owner - C:\Programmi\File comuni\Network Associates\McShield\Mcshield.exe |
04-06-2005, 13:20 | #6 |
Senior Member
Iscritto dal: Oct 2004
Città: Milano
Messaggi: 2641
|
Da fixare questo
O4 - Global Startup: GStartup.lnk = C:\Programmi\File comuni\GMT\GMT.exe Anche questi mi sembrtano sospetti C:\windows\system32\svchost2.exe O4 - HKLM\..\Run: [svchost] C:\windows\system32\svchost2.exe O4 - HKLM\..\RunServices: [svchost] C:\windows\system32\svchost2.exe Però è meglio se aspetti il parere di qualcuno più esperto di me. Ciao
__________________
FOXYLADY è un MASCHIO!! Un amico è una persona che sa tutto di te e nonostante questo gli piaci |
04-06-2005, 13:22 | #7 |
Member
Iscritto dal: Jun 2005
Messaggi: 171
|
svchost.exe c'è sempre stato penso che derivi dalla connessione in rete , mentre per l'altro chissa. aspetto il parere di qualcun'altro prima di fare mosse avventate. grazie mille!
|
04-06-2005, 13:42 | #8 | |
Senior Member
Iscritto dal: Dec 2004
Città: Magenta(MI)
Messaggi: 1513
|
Quote:
Disabilita il "ripristino di sistema" In modalità protetta cancella il file svchost2.exe (quello giusto si chiama scvhost.exe) ed è necessario un giro di spybot in quanto GMT.exe è un file di gator. |
|
04-06-2005, 14:06 | #9 |
Member
Iscritto dal: Jun 2005
Messaggi: 171
|
che significa che devo disattivare il ripristino di sistema?
|
04-06-2005, 14:10 | #10 | |
Senior Member
Iscritto dal: Dec 2004
Città: Magenta(MI)
Messaggi: 1513
|
Quote:
http://service1.symantec.com/SUPPORT...20823151930924 |
|
04-06-2005, 14:12 | #11 |
Member
Iscritto dal: Jun 2005
Messaggi: 171
|
grazie!
sembra che il problema sia stato risolto!!!
vi ringrazio tutti per la disponibilita e la pazienza che avete dimostrato. spero di esservi utile in un prossimo futuro (ho i miei dubbi) |
04-06-2005, 14:20 | #12 | |
Senior Member
Iscritto dal: Dec 2004
Città: Magenta(MI)
Messaggi: 1513
|
Quote:
Più partecipi al forum e più impari. ciao |
|
04-06-2005, 14:23 | #13 |
Member
Iscritto dal: Jun 2005
Messaggi: 171
|
un'ultima domanda: secondo voi il McAfee è un buon antivirus?
|
04-06-2005, 14:30 | #14 |
Senior Member
Iscritto dal: Dec 2004
Città: Magenta(MI)
Messaggi: 1513
|
Si lo è.
Ma,come tutti gli antivirus, non garantisce una protezione al 100%. Dovrebbe essere affiancato da un firewall (quello di McAfee è molto buono) e da uno spyware (consiglio quello di Microsoft ex Giant). Da non dimenticare anche qualche antivirus on line da lanciare ogni tanto. Il Panda antivirus per esempio. Nel bagaglio per la sicurezza non dovrebbero anche mancare: -Ad aware PE della Lavasoft(gratis) -Spybot (gratis) -Ccleaner (gratis) -Spyblaster (gratis) -Mwav (gratis) insomma in po' di roba utile. ciauzzzzz |
04-06-2005, 21:08 | #15 | |
Senior Member
Iscritto dal: May 2002
Messaggi: 3122
|
Quote:
allora piccolo sunto ANTIVIRUS AGGIORNATO Engine REAL TIME FIREWALL OBBLIGATORIO TE DICO PER ESPERIENZA ANTI SPY/MALWARE AGGIORNAMENTO SERVICE PACK 2 E TUTTE LE PATCH SICUREZZA ALMENO 1 PROGRAMMA PROTEZIONE PRIVACY |
|
26-02-2006, 14:53 | #16 |
Member
Iscritto dal: Oct 2003
Città: Bologna
Messaggi: 261
|
Mi sa che ho preso lo stesso virus...mi killa avast e il sygate...mi disabilita gli aggiornamenti automatici di windows e non riesco ad aprire il task manager. Qualcuno mi può aiutare? Io non so piu cosa fare...sono andato anche in modalita provvisoria ho fatto la scansione con avast con ad-aware e con spybot-sd....questo è il log di haijackthis
Logfile of HijackThis v1.99.1 Scan saved at 15.43.28, on 26/02/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\spoolsv.exe C:\windows\Explorer.EXE C:\WINDOWS\svchost.exe C:\windows\SOUNDMAN.EXE C:\Programmi\MessengerPlus! 3\MsgPlus.exe C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe C:\Programmi\Logitech\iTouch\iTouch.exe C:\Programmi\File comuni\Real\Update_OB\realsched.exe C:\WINDOWS\system32\rmctrl.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\Programmi\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\winlog.exe C:\PROGRA~1\FREEME~1\fmempro.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe C:\Programmi\Skype\Phone\Skype.exe C:\windows\system32\winlog.exe C:\Programmi\MSN Messenger\msnmsgr.exe C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programmi\Logitech\SetPoint\SetPoint.exe C:\windows\system32\nvsvc32.exe C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE C:\Programmi\Xfire\Xfire.exe C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\UAService7.exe C:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE C:\windows\system32\wscntfy.exe C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe C:\Programmi\Alwil Software\Avast4\ashWebSv.exe C:\Programmi\Alwil Software\Avast4\setup\avast01.setup C:\DOCUME~1\Luca\IMPOST~1\Temp\Rar$EX05.812\procexp.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Luca\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti F3 - REG:win.ini: load=svchost.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Programmi\NVIDIA Corporation\nTune\\nTune.exe" clear O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [BHR4.1] C:\Programmi\Zamaan's Software\Browser Hijack Retaliator 4.1\BHR4.1.exe O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmi\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [key2] C:\windows\system32\winlog.exe O4 - HKCU\..\Run: [FreeMem Pro] "C:\PROGRA~1\FREEME~1\fmempro.exe" autostart O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe O4 - HKCU\..\Run: [Steam] C:\Programmi\Valve\Steam\\Steam.exe -silent O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [key2] C:\windows\system32\winlog.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background O4 - Startup: Diskeeper 10 Professional Edition Registration.lnk = C:\Programmi\Diskeeper Corporation\Diskeeper\ESIRegister.exe O4 - Startup: Xfire.lnk = C:\Programmi\Xfire\Xfire.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmi\VisualRoute\vrie.dll O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmi\VisualRoute\vrie.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross18.com/cabs/A18X.ocx O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/14c52928...dxIE601_it.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1136385502484 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.co...p/PhtPkMSN.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.virgilio.it/down...derActiveX.cab O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe e su questo link non riesco ad andarci http://service1.symantec.com/SUPPOR...020823151930924 |
26-02-2006, 15:58 | #17 | |
Member
Iscritto dal: Jan 2006
Messaggi: 158
|
Quote:
FIXA: C:\WINDOWS\svchost.exe C:\WINDOWS\system32\winlog.exe C:\windows\system32\winlog.exe O4 - HKLM\..\Run: [key2] C:\windows\system32\winlog.exe O4 - HKCU\..\Run: [key2] C:\windows\system32\winlog.exe ciao |
|
05-05-2007, 15:14 | #18 |
Junior Member
Iscritto dal: May 2007
Messaggi: 11
|
stesso problema
ho lo stesso problema.
ecco il log Logfile of HijackThis v1.99.1 Scan saved at 16.13.08, on 05/05/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\windows\system32\winlogon.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\khooker.exe C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe C:\Programmi\FSI\F-Prot\F-Sched.exe C:\Programmi\QuickTime\qttask.exe C:\Programmi\AC Milan Alerts\ACMilanAlerts.exe C:\Programmi\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe C:\Programmi\Webshots\WebshotsTray.exe C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe C:\Programmi\FSI\F-Prot\fpavupdm.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\slrundll.exe C:\Programmi\GetRight\GetRight.exe C:\Programmi\GetRight\GetRight.exe C:\Programmi\FSI\F-Prot\F-StopW.exe C:\WINDOWS\TEMP\smwzba.exe C:\Programmi\Mozilla Firefox\firefox.exe C:\Programmi\MSN Messenger\msnmsgr.exe C:\Programmi\AdunanzA\eMule_AdnzA.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Programmi\LIUtilities\WinTasks\wintasks.exe C:\Programmi\File comuni\Real\Update_OB\realsched.exe C:\WINDOWS\system32\wscntfy.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\WinRAR\WinRAR.exe C:\DOCUME~1\DARIUS~1.DAR\IMPOST~1\Temp\Rar$EX00.309\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Programmi\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Programmi\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Programmi\FSI\F-Prot\F-Sched.exe STARTUP O4 - HKLM\..\Run: [F-StopW] C:\Programmi\FSI\F-Prot\F-StopW.EXE O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmi\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [zzdoaa.exe] C:\DOCUME~1\DARIUS~1.DAR\IMPOST~1\Temp\zzdoaa.exe O4 - HKLM\..\Run: [monlaqpe] "c:\windows\system32\monlaqpe.exe" O4 - HKLM\..\Run: [ztzkra.exe] C:\WINDOWS\TEMP\ztzkra.exe O4 - HKLM\..\Run: [smwzba.exe] C:\WINDOWS\TEMP\smwzba.exe O4 - HKCU\..\Run: [AC Milan Alerts] "C:\Programmi\AC Milan Alerts\ACMilanAlerts.exe" O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Uniblue Registry Booster2] C:\Programmi\Uniblue\RegistryBooster2\RegistryBooster.exe /S O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Darius.DARIO\Dati applicazioni\Mozilla\Firefox\Profiles\urrci3e4.Dario\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Darius.DARIO\Dati applicazioni\Mozilla\Firefox\Profiles/urrci3e4.Dario\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}" O4 - Startup: Webshots.lnk = C:\Programmi\Webshots\WebshotsTray.exe O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?2f2a230cb0b64395a6435963bf9533fd O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?2f2a230cb0b64395a6435963bf9533fd O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Browser Adjustment - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~2\Agnitum\OUTPOS~1\Plugins\BrowserBar\ie_bar.dll (file missing) O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1151660867498 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\FILECO~1\Skype\SKYPE4~1.DLL O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~2\Grisoft\AVGFRE~1\avgamsvr.exe (file missing) O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~2\Grisoft\AVGFRE~1\avgupsvc.exe (file missing) O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Programmi\FSI\F-Prot\fpavupdm.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Smart Card Client (SCardClnt) - Unknown owner - C:\WINDOWS\System32\SCardClnt.exe (file missing) O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe Grazie. |
05-05-2007, 17:27 | #19 |
Bannato
Iscritto dal: Sep 2006
Città: Palermo
Messaggi: 1241
|
@ Dariooooo
FIXA : C:\WINDOWS\TEMP\smwzba.exe O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [zzdoaa.exe] C:\DOCUME~1\DARIUS~1.DAR\IMPOST~1\Temp\zzdoaa.exe O4 - HKLM\..\Run: [ztzkra.exe] C:\WINDOWS\TEMP\ztzkra.exe O4 - HKLM\..\Run: [smwzba.exe] C:\WINDOWS\TEMP\smwzba.exe O9 - Extra button: Browser Adjustment - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~2\Agnitum\OUTPOS~1\Plugins\BrowserBar\ie_bar.dll (file missing) E SOPRATTUTTO QUESTO CHE è UNA BELLA BACKDOOR O23 - Service: Smart Card Client (SCardClnt) - Unknown owner - C:\WINDOWS\System32\SCardClnt.exe (file missing) Dopo aver fatto ciò fai una scansione on-line con bitdefender : http://www.bitdefender.com/scan8/ie.html Facci sapere Ciao Ultima modifica di Gianky....! :D :) : 05-05-2007 alle 18:00. |
05-05-2007, 17:47 | #20 |
Senior Member
Iscritto dal: Feb 2007
Città: Spira, Zanarkand
Messaggi: 394
|
@Ciccio6
disabilita il system restore fixa (magari in mod provvisoria): F3 - REG:win.ini: load=svchost.exe O4 - HKLM\..\Run: [key2] C:\windows\system32\winlog.exe O4 - HKCU\..\Run: [key2] C:\windows\system32\winlog.exe poi scarica the avenger e inserisci questo script: Files to delete: C:\WINDOWS\svchost.exe C:\WINDOWS\system32\winlog.exe dimmi se hai risolto così |
Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 01:02.