|
|||||||
|
|
|
 |
|
|
Strumenti |
17-10-2006, 21:02
|
#1 |
|
Senior Member
Iscritto dal: Sep 2004
Messaggi: 9237
|
Aiuto Ad-Watch non si ferma !!! AIUTATEMI !!!!!
Ho avviato Ad-Watch.
Stà bloccando continuamente questa cosa: 17/10/2006 20.59.45 - Modifica del registro di sistema rilevata Radice:HKEY_LOCAL_MACHINE Chiave:SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Valore:Shell Dati:Explorer.exe Nuovi dati:Explorer.exe C:\WINDOWS\system32\fservice.exe Penso che sia un virus... Vi Posto il log di HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 21.00.30, on 17/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\gearsec.exe C:\Programmi\File comuni\LightScribe\LSSrvc.exe C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\services.exe C:\Programmi\MessengerPlus! 3\MsgPlus.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\sndman.exe C:\WINDOWS\msncomm.exe C:\Programmi\ATI Technologies\ATI.ACE\CLI.EXE C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\msncomm.exe C:\Programmi\ATI Technologies\ATI.ACE\cli.exe C:\Programmi\MSN Messenger\msnmsgr.exe C:\Programmi\eMule\emule.exe C:\PROGRA~1\Ad-Aware\Ad-Watch.exe C:\Programmi\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O1 - Hosts: 212.227.64.159 www.winmx.com O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com O1 - Hosts: 127.255.255.255 www.alcohol-soft.com O1 - Hosts: 127.255.255.255 images.alcohol-soft.com O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Programmi\Download Accelerator\DAPBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: MSims - {4D64DAE1-DF1E-45E8-9372-84CA698335FA} - C:\WINDOWS\system32\kaboom.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Web Quick - {872ED12E-C4C2-42BB-833A-9B237F275CB3} - C:\WINDOWS\system32\WebQuick.dll O2 - BHO: Dredge - {EB870508-E2B7-4169-8120-760F69703776} - C:\WINDOWS\system32\kaboom.dll (file missing) O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Programmi\Download Accelerator\DAPIEBar.dll O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SmartGuardian] C:\Programmi\Smart Guardian\ITESmart.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Ad-Aware\Ad-Watch.exe" O4 - HKCU\..\Run: [ExtremeTWRF] "C:\WINDOWS\system32\\extwrf.exe" O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DOWNLO~1\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DOWNLO~1\dapextie2.htm O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DOWNLO~1\DAP.EXE O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...nner371050.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.johannrain-softwareentwic...itdefender.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2A48C0DA-4191-4FFC-8FB5-2BAC5A7EA53F}: NameServer = 192.168.0.1 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe Sapete come posso eliminarlo ?!? In System e System32 non c'è il file fservice.exe. Aiutatemi grazie a tutti.
__________________
Case:CM Stacker Ali:Silverstone Zeus 650W Mobo:Asus P5Q-Deluxe Bios 1406 Cpu:Intel E8600 Cooling:Cpu: Noctua NH-U12F Ram:Corsair Dominator 2x2Gb Pc8500 C5DF Scheda Video:Asus Gtx-280 Hardisk:WD Raptor 74Gb - WD 1Tb - Barracuda 500Gb - Hitachi 1Tb Monitor:Samsung SM2232BW |
|
|
17-10-2006, 21:38
|
#2 |
|
Bannato
Iscritto dal: Sep 2006
Città: Palermo
Messaggi: 1241
|
buona salute!!!!
 secondo Hijack i file service.exe e msncomm.exe sono trojan-backdoor!!!  quindi fixali... ciao e fai 1 scansione on-line da qui : http://www.kaspersky.com/virusscanner spero di esserti stato di aiuto 
|
|
|
|
17-10-2006, 21:40
|
#3 |
|
Bannato
Iscritto dal: Sep 2006
Città: Palermo
Messaggi: 1241
|
quel services.exe da eliminare si trova in C/windows/services.exe!!!
e nn quello in C/windows/system 32/services.exe.. ciao |
|
|
|
18-10-2006, 08:45
|
#5 |
|
Senior Member
Iscritto dal: Sep 2004
Messaggi: 9237
|
Ragazzi provvedo subito.
Vi ringrazio per il vostro tempestivo aiuto. Spero di risolvere... Vi terrò aggiornati  Grazie ancora a tutti.
__________________
Case:CM Stacker Ali:Silverstone Zeus 650W Mobo:Asus P5Q-Deluxe Bios 1406 Cpu:Intel E8600 Cooling:Cpu: Noctua NH-U12F Ram:Corsair Dominator 2x2Gb Pc8500 C5DF Scheda Video:Asus Gtx-280 Hardisk:WD Raptor 74Gb - WD 1Tb - Barracuda 500Gb - Hitachi 1Tb Monitor:Samsung SM2232BW |
|
|
|
18-10-2006, 09:01
|
#6 | |
|
Senior Member
Iscritto dal: Feb 2003
Città: Perugia [Città della Pieve]
Messaggi: 7279
|
Quote:
__________________
2 cdj 850, 2 technics 1200 mkII, 1 mixer djm 700 s, 1 monocuffia sony mdr-xc5000, una collezione di vinili appena cominciata...
 ...Let the music play... |
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 06:28.
