View Full Version : Sfonditalia e altro dialer oltre all'antivirus
pippokennedy
21-07-2005, 07:31
Ho un problema su due diversi pc uno l'ho risolto tempo addietro ma mi si è riproposto su un altro pc......... e non ricordo la procedura
visto che da dove l'avevo appresa è scomparsa........
Il dialer è sfonditalia.....................
http://securityresponse.symantec.co...fonditalia.html
il metodo per toglierlo scomparso era su
http://www.p2pforum.it/forum/showthread.php?t=35419
l'altro è un altro dialer che fà apparire una schermata per scaricare un plugin di wmp e continue finestre..................
ora il problema è che ne gli antivirus online ne nod32 mi riescono a togliere Sfonditalia dall'altro pc...........
ad-aware non lo trova e se lo trova una volta cancellato ricompare...........
l'altro pc sempre affetto da un dialer ha un problema in piu
è vecchissimo e lento
monta windows 98
non mi fà istallare gli antivirus piu recenti..........
antivir non trova il dialer
ewido non ci si istalla
ad-aware non lo trova
spybot s&d non l'individua
inoltre sempre su stò pc
visto che di nuovi antivirus non se ne parla.........
norton2005 lo pianterebbe........
nod 32 non s'istalla su windows98
una volta pulito cosa ci istallo come antivirus?
basta Antivir?????
nel caso bisogni usare programmi che su windzoz 98 non vanno mi conviene
staccare l'hard disk e montarlo su pc con windows xp e pulirlo da lì????
andorra24
21-07-2005, 07:59
Prova ad usare questi 2 piccoli tool di rimozione: http://www.adwareaway.com/download/AdwareAway.exe
http://www.simplytech.it/ETRemover/ETRemover_v130.zip
Inoltre puoi postare il log di hijackthis.
pippokennedy
21-07-2005, 10:26
ci proverò
hijackthis
funziona anche su windows 98 vero?????
stasera mi riportano il relitto e se riesco lo posto
cosa mi consigli come antivirus una volta pulito?
monta un celeron 400 mi pare.........
mettergli norton è un suicidio altri come nod 32 non si istallano lì
comunque nel caso passo l'hard disk nel mio pc
e provo a pulirlo da lì
dovrei far prima
andorra24
21-07-2005, 10:36
ci proverò
hijackthis
funziona anche su windows 98 vero?????
stasera mi riportano il relitto e se riesco lo posto
cosa mi consigli come antivirus una volta pulito?
monta un celeron 400 mi pare.........
mettergli norton è un suicidio altri come nod 32 non si istallano lì
comunque nel caso passo l'hard disk nel mio pc
e provo a pulirlo da lì
dovrei far prima
Hijackthis va bene anche per win 98. Come antivirus per il dopo rimozione ti consiglierei kaspersky oppure bitdefender oppure f-prot che e' leggero.
pippokennedy
23-07-2005, 13:37
Questo è il log
log di hijackthis.
Logfile of HijackThis v1.99.1
Scan saved at 13.33.55, on 23/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Programmi\Netropa\Onscreen Display\OSD.exe
C:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe
C:\Programmi\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\GEARSEC.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Sony Ericsson\Mobile\audevicemgr.exe
C:\WINDOWS\system32\mapiicon.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmi\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CapMan.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\ElogErr.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\BROADC~1.EXE
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\SCRFS.exe
C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\ewido\security suite\ewidoctrl.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\TinMessenger\TinMessenger.exe
c:\TinMessenger\TinTalk.exe
C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Aware.exe
C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\Oracolo\IMPOST~1\Temp\Rar$EX00.578\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Programmi\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmi\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [msnappau] "C:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe"
O4 - HKLM\..\Run: [ADSL_A2] A2Installed
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programmi\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Startup: ADSL Diagnostic Tools.LNK = C:\WINDOWS\system32\mapiicon.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Programmi\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Monitor conn. telefonica.lnk = ?
O4 - Global Startup: NOD32 FiX.lnk = C:\WINDOWS\system32\regedt32.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Programmi\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .wav: C:\Programmi\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido\security suite\ewidoguard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\GEARSEC.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Programmi\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
non ci capisco nulla è grave?
premetto l'ho fatto inserendo il disco del pc con il dialer nel mio sistema
disco G
andorra24
23-07-2005, 13:59
Fixa:
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
Mi insospettisce questa voce:
O4 - Global Startup: Monitor conn. telefonica.lnk = ?
Ma tu usi il tin messenger? Sei sicuro che sia affidabile?
pippokennedy
23-07-2005, 14:44
Si ma non ho mai avuto problemi...........
questo è il log
dell'altro pc
Logfile of HijackThis v1.99.1
Scan saved at 14.40.43, on 07/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\ewido\security suite\ewidoctrl.exe
C:\Programmi\ewido\security suite\ewidoguard.exe
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe
C:\WINDOWS\System32\phq.exe
C:\Programmi\EnergyPlugIn\EnergyPlugin.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\System32\spoolvs.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\cmd.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\Soulseek\slsk.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\Computer\IMPOST~1\Temp\Rar$EX00.328\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oemji.com/side_search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oemji.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oemji.com/side_search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oemji.com/side_search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 64.39.14.226 onlineaccounts2.abbeynational.co.uk
O1 - Hosts: 64.39.14.226 www3.aibgbonline.co.uk
O1 - Hosts: 64.39.14.226 www.bank.alliance-leicester.co.uk
O1 - Hosts: 64.39.14.226 login.iblogin.com
O1 - Hosts: 64.39.14.226 ww2.bankofscotlandhalifax-online.co.uk
O1 - Hosts: 64.39.14.226 inet.barclays.co.uk
O1 - Hosts: 64.39.14.226 iibank.barclays.co.uk
O1 - Hosts: 64.39.14.226 iibank.cahoot.com
O1 - Hosts: 64.39.14.226 www3.coventrybuildingsociety.co.uk
O1 - Hosts: 64.39.14.226 ww.hsbc.co.uk
O1 - Hosts: 64.39.14.226 login.ebank.offshore.hsbc.co.je
O1 - Hosts: 64.39.14.226 ww3.online-offshore.lloydstsb.com
O1 - Hosts: 64.39.14.226 ww3.online-business.lloydstsb.co.uk
O1 - Hosts: 64.39.14.226 ww3.online.lloydstsb.co.uk
O1 - Hosts: 64.39.14.226 ww3.online.lloydstsb.co.uk
O1 - Hosts: 64.39.14.226 ww3.online-business.lloydstsb.co.uk
O1 - Hosts: 64.39.14.226 ob2.nationet.com
O1 - Hosts: 64.39.14.226 ww3.onlinebanking.natwestoffshore.com
O1 - Hosts: 64.39.14.226 ww1.nwolb.com
O1 - Hosts: 64.39.14.226 ww1.onlinebanking.iombank.com
O1 - Hosts: 64.39.14.226 ww1.www.rbsdigital.com
O1 - Hosts: 64.39.14.226 welcome.smile.co.uk
O1 - Hosts: 64.39.14.226 login.365online.com
O1 - Hosts: 64.39.14.226 wvw.citizensbankonline.com
O1 - Hosts: 64.39.14.226 esecure.regionsnet.com
O1 - Hosts: 64.39.14.226 rollb.associatedbank.com
O1 - Hosts: 64.39.14.226 upb.unionplanters.com
O1 - Hosts: 64.39.14.226 www.onlinebanking.huntington.com
O1 - Hosts: 64.39.14.226 inet.southtrustonlinebanking.com
O1 - Hosts: 64.39.14.226 logon.personal.wamu.com
O1 - Hosts: 64.39.14.226 login.compassweb.com
O1 - Hosts: 64.39.14.226 logon.firstmeritib.com
O1 - Hosts: 64.39.14.226 login.ccfcuonline.org
O1 - Hosts: 64.39.14.226 ww3.etimebanker.bankofthewest.com
O1 - Hosts: 64.39.14.226 ww2.onlinebanking.lasallebank.com
O1 - Hosts: 64.39.14.226 wvw.totallyfreebanking.com
O1 - Hosts: 64.39.14.226 www.online.wellsfargo.com
O1 - Hosts: 64.39.14.226 www.onlinebanking.bankofoklahoma.com
O1 - Hosts: 64.39.14.226 accounts4.keybank.com
O1 - Hosts: 64.39.14.226 logon.bankone.com
O1 - Hosts: 64.39.14.226 www.secure.tdbanknorth.com
O1 - Hosts: 64.39.14.226 www.secure.mvnt4.com
O1 - Hosts: 64.39.14.226 ww.mynfbonline.com
O1 - Hosts: 64.39.14.226 login.forumcuonline.com
O1 - Hosts: 64.39.14.226 www.eds.usersonlnet.com
O1 - Hosts: 64.39.14.226 www.onlineid.bankofamerica.com
O1 - Hosts: 64.39.14.226 wvw.e-gold.com
O1 - Hosts: 64.39.14.226 pcbs.peoples.com
O1 - Hosts: 64.39.14.226 www.global1.onlinebank.com
O1 - Hosts: 64.39.14.226 ww2.mybranch.lafcu.com
O1 - Hosts: 64.39.14.226 login.webbanking.comerica.com
O1 - Hosts: 64.39.14.226 web.banking.firsttennessee.com
O1 - Hosts: 64.39.14.226 logon.members1st.org
O1 - Hosts: 64.39.14.226 www.cib.ibanking-services.com
O1 - Hosts: 64.39.14.226 www.miwebbusbank.ebanking-services.com
O1 - Hosts: 64.39.14.226 wvw.paypal.com
O1 - Hosts: 64.39.14.226 www.signin.ebay.com
O1 - Hosts: 64.39.14.226 wvw.etrade.com
O1 - Hosts: 64.39.14.226 ww4.fleethomelink.fleet.com
O1 - Hosts: 64.39.14.226 ww3.connect.skyfi.com
O1 - Hosts: 64.39.14.226 www6.usbank.com
O1 - Hosts: 64.39.14.226 www.bvi.bancodevalencia.es
O1 - Hosts: 64.39.14.226 extrant.banesto.es
O1 - Hosts: 64.39.14.226 banesnt.banesto.es
O1 - Hosts: 64.39.14.226 activia.caixagalicia.es
O1 - Hosts: 64.39.14.226 www.bancae.caixapenedes.com
O1 - Hosts: 64.39.14.226 login.caixasabadell.net
O1 - Hosts: 64.39.14.226 oii.cajamadrid.es
O1 - Hosts: 64.39.14.226 login.cajamar.es
O1 - Hosts: 64.39.14.226 login.ccm.es
O1 - Hosts: 64.39.14.226 ww.unicaja.es
O1 - Hosts: 64.39.14.226 www5.bancopopular.es
O1 - Hosts: 64.39.14.226 ww3.bbvanet.com
O1 - Hosts: 64.39.14.226 ww.bayernlb.de
O1 - Hosts: 64.39.14.226 ww2.berliner-volksbank.de
O1 - Hosts: 64.39.14.226 ww7.homebanking-berlin.de
O1 - Hosts: 64.39.14.226 portal09.commerzbanking.de
O1 - Hosts: 64.39.14.226 www.meine.deutsche-bank.de
O1 - Hosts: 64.39.14.226 ww2.dresdner-privat.de
O1 - Hosts: 64.39.14.226 ww.e-banking.helaba.de
O1 - Hosts: 64.39.14.226 ww.hsh-nordbank.de
O1 - Hosts: 64.39.14.226 www.my.hypovereinsbank.de
O1 - Hosts: 64.39.14.226 ww3.homebanking-berlin.de
O1 - Hosts: 64.39.14.226 ww3.homebanking-berlin.de
O1 - Hosts: 64.39.14.226 www.banking.lbbw.de
O1 - Hosts: 64.39.14.226 lrp.sparkasse-banking.de
O1 - Hosts: 64.39.14.226 ww3.homebanking-niedersachsen.de
O1 - Hosts: 64.39.14.226 www.onlinebanking.norisbank.de
O1 - Hosts: 64.39.14.226 www.banking.postbank.de
O1 - Hosts: 64.39.14.226 wvw.internetbanking.gad.de
O1 - Hosts: 64.39.14.226 ww1.portal.izb.de
O1 - Hosts: 64.39.14.226 wvw.kunden-service.lbs.de
O1 - Hosts: 64.39.14.226 ibanking.seb.de
O1 - Hosts: 64.39.14.226 bw7.sparkasse-banking.de
O1 - Hosts: 64.39.14.226 ww2.homebanking-sparkasse.de
O1 - Hosts: 64.39.14.226 ww2.vr-networld-ebanking.de
O1 - Hosts: 64.39.14.226 ww.bics.fr
O1 - Hosts: 64.39.14.226 www.co.caixabank.fr
O1 - Hosts: 64.39.14.226 ww.creditmutuel.fr
O1 - Hosts: 64.39.14.226 internetbank.intesabci.it
O1 - Hosts: 64.39.14.226 ww.extensive.bancalombarda.it
O2 - BHO: (no name) - {3C92DBF1-2603-37D0-6F31-6BAD2A4699A9} - C:\WINDOWS\System32\qzspcov.dll (file missing)
O2 - BHO: (no name) - {FBD7D6E2-241E-6D97-71C3-61FD6F620EF3} - C:\WINDOWS\System32\tvxxwrjv.dll (file missing)
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [msnappau] "C:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe"
O4 - HKLM\..\Run: [LOCAL WEB DRIVERS FOR WIN32] phq.exe
O4 - HKLM\..\Run: [EnergyPlugIn] C:\Programmi\EnergyPlugIn\EnergyPlugin.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Programmi\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [mouse] mouse.exe
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\System32\itDDD.exe
O4 - HKLM\..\Run: [Microsoft Update] wuamk032.exe
O4 - HKLM\..\Run: [Services] C:\WINDOWS\system32\1.tmp
O4 - HKLM\..\Run: [Internet2 Optimizer] wkfix.exe
O4 - HKLM\..\Run: [Micromedia Flash Update] wdfmrg.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Network Access] winssh.exe
O4 - HKLM\..\Run: [Microsoft Update 23] spoolvs.exe
O4 - HKLM\..\Run: [OSS] C:\windows\system32\rlvknlg.exe -boot
O4 - HKLM\..\RunServices: [LOCAL WEB DRIVERS FOR WIN32] phq.exe
O4 - HKLM\..\RunServices: [mouse] mouse.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuamk032.exe
O4 - HKLM\..\RunServices: [Internet2 Optimizer] wkfix.exe
O4 - HKLM\..\RunServices: [Micromedia Flash Update] wdfmrg.exe
O4 - HKLM\..\RunServices: [Network Access] winssh.exe
O4 - HKLM\..\RunServices: [Microsoft Update 23] spoolvs.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LOCAL WEB DRIVERS FOR WIN32] phq.exe
O4 - HKCU\..\Run: [zqqf] C:\PROGRA~1\COMMON~1\zqqf\zqqfm.exe
O4 - HKCU\..\Run: [Internet2 Optimizer] wkfix.exe
O4 - Global Startup: NOD32 FiX.lnk = C:\WINDOWS\system32\regedt32.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.realarea.biz
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.sfonditalia.biz
O15 - Trusted Zone: www.skymasters.biz
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int10.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {15320607-1001-1831-1000-118599957123} - ms-its:mhtml:file://C:\PATH.MHT!http://195.225.176.5//d//izbgfxv//dspsclu//zpavtau//irkqpg//IT//arct.chm::/painter.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/Bridge-c139.cab
O16 - DPF: {16E166F9-35E8-4CA5-B50D-5CEFABF45B09} - http://www.sfonditalia.biz/dialers/1746/AUTO_1746_N.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5302AB70} - http://dialers.dialoff.com/100302/it/games1/games1.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (Damage Cleanup Server Control) - http://213.158.72.33/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/606731.exe
O16 - DPF: {F57D27AE-CE57-4BC8-B232-EA57747BE5B7} - ms-its:mhtml:file://C:\PATH.MHT!http://195.225.176.5//d//zngibps//ejwfdrt//hrsomjh//irkqpg//IT//arct.chm::/painter.dll
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/SpSp29952.41optYplkOmji/SpySpotterCabInstall.cab
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energyfactor.com/dialer/it/activex_1317_it.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{512E53DD-42EF-4E70-B925-823FB314C6F2}: NameServer = 85.37.17.9 151.99.125.1
O18 - Filter: text/html - {35934C6E-98E5-4E02-88AA-503DE8F6BA08} - C:\Documents and Settings\Computer\Impostazioni locali\Dati applicazioni\microsoft\internet explorer\V0.32.dat
O20 - Winlogon Notify: -lyvjcwhk - C:\WINDOWS\System32\jglyvj.dll
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido\security suite\ewidoguard.exe
O23 - Service: Externtelecom - Unknown owner - C:\WINDOWS\extel.exe (file missing)
O23 - Service: Mouse Click Monitor (mousecm) - Unknown owner - C:\WINDOWS\System32\mousecm.exe (file missing)
O23 - Service: Net Functions Library (Netlib) - Unknown owner - C:\WINDOWS\System32\Netlib.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
andorra24
23-07-2005, 15:19
Fixa:
C:\WINDOWS\System32\phq.exe
C:\Programmi\EnergyPlugIn\EnergyPlugin.exe
C:\WINDOWS\System32\spoolvs.exe
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {3C92DBF1-2603-37D0-6F31-6BAD2A4699A9} - C:\WINDOWS\System32\qzspcov.dll (file missing)
O2 - BHO: (no name) - {FBD7D6E2-241E-6D97-71C3-61FD6F620EF3} - C:\WINDOWS\System32\tvxxwrjv.dll (file missing)
O4 - HKLM\..\Run: [LOCAL WEB DRIVERS FOR WIN32] phq.exe
O4 - HKLM\..\Run: [EnergyPlugIn] C:\Programmi\EnergyPlugIn\EnergyPlugin.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Programmi\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [mouse] mouse.exe
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\System32\itDDD.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuamk032.exe
O4 - HKLM\..\Run: [Services] C:\WINDOWS\system32\1.tmp
O4 - HKLM\..\RunServices: [Internet2 Optimizer] wkfix.exe
O4 - HKLM\..\Run: [Micromedia Flash Update] wdfmrg.exe
O4 - HKLM\..\Run: [Network Access] winssh.exe
O4 - HKLM\..\Run: [Microsoft Update 23] spoolvs.exe
O4 - HKLM\..\Run: [OSS] C:\windows\system32\rlvknlg.exe -boot
O4 - HKLM\..\RunServices: [LOCAL WEB DRIVERS FOR WIN32] phq.exe
O4 - HKLM\..\RunServices: [mouse] mouse.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuamk032.exe
O4 - HKLM\..\RunServices: [Internet2 Optimizer] wkfix.exe
O4 - HKLM\..\RunServices: [Micromedia Flash Update] wdfmrg.exe
O4 - HKLM\..\RunServices: [Network Access] winssh.exe
O4 - HKLM\..\RunServices: [Microsoft Update 23] spoolvs.exe
O4 - HKCU\..\Run: [LOCAL WEB DRIVERS FOR WIN32] phq.exe
O4 - HKCU\..\Run: [zqqf] C:\PROGRA~1\COMMON~1\zqqf\zqqfm.exe
O4 - HKCU\..\Run: [Internet2 Optimizer] wkfix.exe
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.realarea.biz
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.sfonditalia.biz
O15 - Trusted Zone: www.skymasters.biz
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/606731.exe
O16 - DPF: {F57D27AE-CE57-4BC8-B232-EA57747BE5B7} - ms-its:mhtml:file://C:\PATH.MHT!http://195.225.176.5//d//zngibps//e...m::/painter.dll
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spys...rCabInstall.cab
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energyfactor.com/di...vex_1317_it.exe
O18 - Filter: text/html - {35934C6E-98E5-4E02-88AA-503DE8F6BA08} - C:\Documents and Settings\Computer\Impostazioni locali\Dati applicazioni\microsoft\internet explorer\V0.32.dat
O20 - Winlogon Notify: -lyvjcwhk - C:\WINDOWS\System32\jglyvj.dll
O23 - Service: Externtelecom - Unknown owner - C:\WINDOWS\extel.exe (file missing)
O23 - Service: Mouse Click Monitor (mousecm) - Unknown owner - C:\WINDOWS\System32\mousecm.exe (file missing)
O23 - Service: Net Functions Library (Netlib) - Unknown owner - C:\WINDOWS\System32\Netlib.exe (file missing)
andorra24
23-07-2005, 15:26
Inoltre non mi fido delle voci 01 e ti consiglio di provvedere :
O1 - Hosts: 64.39.14.226 onlineaccounts2.abbeynational.co.uk
O1 - Hosts: 64.39.14.226 www3.aibgbonline.co.uk
O1 - Hosts: 64.39.14.226 www.bank.alliance-leicester.co.uk
O1 - Hosts: 64.39.14.226 login.iblogin.com
O1 - Hosts: 64.39.14.226 ww2.bankofscotlandhalifax-online.co.uk
O1 - Hosts: 64.39.14.226 inet.barclays.co.uk
O1 - Hosts: 64.39.14.226 iibank.barclays.co.uk
O1 - Hosts: 64.39.14.226 iibank.cahoot.com
O1 - Hosts: 64.39.14.226 www3.coventrybuildingsociety.co.uk
O1 - Hosts: 64.39.14.226 ww.hsbc.co.uk
O1 - Hosts: 64.39.14.226 login.ebank.offshore.hsbc.co.je
O1 - Hosts: 64.39.14.226 ww3.online-offshore.lloydstsb.com
O1 - Hosts: 64.39.14.226 ww3.online-business.lloydstsb.co.uk
O1 - Hosts: 64.39.14.226 ww3.online.lloydstsb.co.uk
O1 - Hosts: 64.39.14.226 ww3.online.lloydstsb.co.uk
O1 - Hosts: 64.39.14.226 ww3.online-business.lloydstsb.co.uk
O1 - Hosts: 64.39.14.226 ob2.nationet.com
O1 - Hosts: 64.39.14.226 ww3.onlinebanking.natwestoffshore.com
O1 - Hosts: 64.39.14.226 ww1.nwolb.com
O1 - Hosts: 64.39.14.226 ww1.onlinebanking.iombank.com
O1 - Hosts: 64.39.14.226 ww1.www.rbsdigital.com
O1 - Hosts: 64.39.14.226 welcome.smile.co.uk
O1 - Hosts: 64.39.14.226 login.365online.com
O1 - Hosts: 64.39.14.226 wvw.citizensbankonline.com
O1 - Hosts: 64.39.14.226 esecure.regionsnet.com
O1 - Hosts: 64.39.14.226 rollb.associatedbank.com
O1 - Hosts: 64.39.14.226 upb.unionplanters.com
O1 - Hosts: 64.39.14.226 www.onlinebanking.huntington.com
O1 - Hosts: 64.39.14.226 inet.southtrustonlinebanking.com
O1 - Hosts: 64.39.14.226 logon.personal.wamu.com
O1 - Hosts: 64.39.14.226 login.compassweb.com
O1 - Hosts: 64.39.14.226 logon.firstmeritib.com
O1 - Hosts: 64.39.14.226 login.ccfcuonline.org
O1 - Hosts: 64.39.14.226 ww3.etimebanker.bankofthewest.com
O1 - Hosts: 64.39.14.226 ww2.onlinebanking.lasallebank.com
O1 - Hosts: 64.39.14.226 wvw.totallyfreebanking.com
O1 - Hosts: 64.39.14.226 www.online.wellsfargo.com
O1 - Hosts: 64.39.14.226 www.onlinebanking.bankofoklahoma.com
O1 - Hosts: 64.39.14.226 accounts4.keybank.com
O1 - Hosts: 64.39.14.226 logon.bankone.com
O1 - Hosts: 64.39.14.226 www.secure.tdbanknorth.com
O1 - Hosts: 64.39.14.226 www.secure.mvnt4.com
O1 - Hosts: 64.39.14.226 ww.mynfbonline.com
O1 - Hosts: 64.39.14.226 login.forumcuonline.com
O1 - Hosts: 64.39.14.226 www.eds.usersonlnet.com
O1 - Hosts: 64.39.14.226 www.onlineid.bankofamerica.com
O1 - Hosts: 64.39.14.226 wvw.e-gold.com
O1 - Hosts: 64.39.14.226 pcbs.peoples.com
O1 - Hosts: 64.39.14.226 www.global1.onlinebank.com
O1 - Hosts: 64.39.14.226 ww2.mybranch.lafcu.com
O1 - Hosts: 64.39.14.226 login.webbanking.comerica.com
O1 - Hosts: 64.39.14.226 web.banking.firsttennessee.com
O1 - Hosts: 64.39.14.226 logon.members1st.org
O1 - Hosts: 64.39.14.226 www.cib.ibanking-services.com
O1 - Hosts: 64.39.14.226 www.miwebbusbank.ebanking-services.com
O1 - Hosts: 64.39.14.226 wvw.paypal.com
O1 - Hosts: 64.39.14.226 www.signin.ebay.com
O1 - Hosts: 64.39.14.226 wvw.etrade.com
O1 - Hosts: 64.39.14.226 ww4.fleethomelink.fleet.com
O1 - Hosts: 64.39.14.226 ww3.connect.skyfi.com
O1 - Hosts: 64.39.14.226 www6.usbank.com
O1 - Hosts: 64.39.14.226 www.bvi.bancodevalencia.es
O1 - Hosts: 64.39.14.226 extrant.banesto.es
O1 - Hosts: 64.39.14.226 banesnt.banesto.es
O1 - Hosts: 64.39.14.226 activia.caixagalicia.es
O1 - Hosts: 64.39.14.226 www.bancae.caixapenedes.com
O1 - Hosts: 64.39.14.226 login.caixasabadell.net
O1 - Hosts: 64.39.14.226 oii.cajamadrid.es
O1 - Hosts: 64.39.14.226 login.cajamar.es
O1 - Hosts: 64.39.14.226 login.ccm.es
O1 - Hosts: 64.39.14.226 ww.unicaja.es
O1 - Hosts: 64.39.14.226 www5.bancopopular.es
O1 - Hosts: 64.39.14.226 ww3.bbvanet.com
O1 - Hosts: 64.39.14.226 ww.bayernlb.de
O1 - Hosts: 64.39.14.226 ww2.berliner-volksbank.de
O1 - Hosts: 64.39.14.226 ww7.homebanking-berlin.de
O1 - Hosts: 64.39.14.226 portal09.commerzbanking.de
O1 - Hosts: 64.39.14.226 www.meine.deutsche-bank.de
O1 - Hosts: 64.39.14.226 ww2.dresdner-privat.de
O1 - Hosts: 64.39.14.226 ww.e-banking.helaba.de
O1 - Hosts: 64.39.14.226 ww.hsh-nordbank.de
O1 - Hosts: 64.39.14.226 www.my.hypovereinsbank.de
O1 - Hosts: 64.39.14.226 ww3.homebanking-berlin.de
O1 - Hosts: 64.39.14.226 ww3.homebanking-berlin.de
O1 - Hosts: 64.39.14.226 www.banking.lbbw.de
O1 - Hosts: 64.39.14.226 lrp.sparkasse-banking.de
O1 - Hosts: 64.39.14.226 ww3.homebanking-niedersachsen.de
O1 - Hosts: 64.39.14.226 www.onlinebanking.norisbank.de
O1 - Hosts: 64.39.14.226 www.banking.postbank.de
O1 - Hosts: 64.39.14.226 wvw.internetbanking.gad.de
O1 - Hosts: 64.39.14.226 ww1.portal.izb.de
O1 - Hosts: 64.39.14.226 wvw.kunden-service.lbs.de
O1 - Hosts: 64.39.14.226 ibanking.seb.de
O1 - Hosts: 64.39.14.226 bw7.sparkasse-banking.de
O1 - Hosts: 64.39.14.226 ww2.homebanking-sparkasse.de
O1 - Hosts: 64.39.14.226 ww2.vr-networld-ebanking.de
O1 - Hosts: 64.39.14.226 ww.bics.fr
O1 - Hosts: 64.39.14.226 www.co.caixabank.fr
O1 - Hosts: 64.39.14.226 ww.creditmutuel.fr
O1 - Hosts: 64.39.14.226 internetbank.intesabci.it
O1 - Hosts: 64.39.14.226 ww.extensive.bancalombarda.it
pippokennedy
23-07-2005, 15:58
Che vuol dire Fixa???
e sopratutto come?
utilizzando cosa devo provvedere?
andorra24
23-07-2005, 16:24
Metti la spunta accanto a tutte le voci che ti ho detto e poi clicca ''fix checked'' in modo da rimuoverle.
Per quanto riguarda tutte le voci inserite in 01 devi sapere che in questa sezione si trovano i cosiddetti hosts file redirection. Molti malware utilizzano questo metodo per costringere l’utente a visitare determinati siti, infatti modificando il file host si possono ottenere reindirizzamenti all’insaputa dello user. Se gli indirizzamenti presenti nel file Hosts non sono stati inseriti da chi usa il pc bisogna procedere con il Fix delle righe.
pippokennedy
23-07-2005, 17:55
Ti ringrazio stò pulendo il secondo pc
per quanto riguarda il primo......
il log che ho fatto sul mio pc
comprende anche il disco G: che è il disco dell'altro pc??????
altrimenti non vorrei aver scandito solo il mio pc
che non ha nulla................
andorra24
23-07-2005, 18:17
Ti consiglio anche di effettuare una scansione con questo: http://www.ewido.net/en/
E' molto utile in caso di spyware/adware/trojans/dialer
juninho85
24-07-2005, 11:14
'azz questo log:eek:
vBulletin® v3.6.4, Copyright ©2000-2025, Jelsoft Enterprises Ltd.