Sfonditalia e altro dialer oltre all'antivirus

pippokennedy · 21-07-2005, 07:31

Ho un problema su due diversi pc uno l'ho risolto tempo addietro ma mi si è riproposto su un altro pc......... e non ricordo la procedura
visto che da dove l'avevo appresa è scomparsa........

Il dialer è sfonditalia.....................
http://securityresponse.symantec.co...fonditalia.html

il metodo per toglierlo scomparso era su
http://www.p2pforum.it/forum/showthread.php?t=35419

l'altro è un altro dialer che fà apparire una schermata per scaricare un plugin di wmp e continue finestre..................
ora il problema è che ne gli antivirus online ne nod32 mi riescono a togliere Sfonditalia dall'altro pc...........
ad-aware non lo trova e se lo trova una volta cancellato ricompare...........
l'altro pc sempre affetto da un dialer ha un problema in piu
è vecchissimo e lento
monta windows 98
non mi fà istallare gli antivirus piu recenti..........
antivir non trova il dialer
ewido non ci si istalla
ad-aware non lo trova
spybot s&d non l'individua
inoltre sempre su stò pc
visto che di nuovi antivirus non se ne parla.........
norton2005 lo pianterebbe........
nod 32 non s'istalla su windows98
una volta pulito cosa ci istallo come antivirus?
basta Antivir?????
nel caso bisogni usare programmi che su windzoz 98 non vanno mi conviene
staccare l'hard disk e montarlo su pc con windows xp e pulirlo da lì????

andorra24 · 21-07-2005, 07:59

Prova ad usare questi 2 piccoli tool di rimozione: http://www.adwareaway.com/download/AdwareAway.exe
http://www.simplytech.it/ETRemover/ETRemover_v130.zip

Inoltre puoi postare il log di hijackthis.

pippokennedy · 21-07-2005, 10:26

ci proverò
hijackthis
funziona anche su windows 98 vero?????
stasera mi riportano il relitto e se riesco lo posto
cosa mi consigli come antivirus una volta pulito?
monta un celeron 400 mi pare.........
mettergli norton è un suicidio altri come nod 32 non si istallano lì
comunque nel caso passo l'hard disk nel mio pc
e provo a pulirlo da lì
dovrei far prima

andorra24 · 21-07-2005, 10:36

Quote:

Originariamente inviato da pippokennedy

ci proverò
hijackthis
funziona anche su windows 98 vero?????
stasera mi riportano il relitto e se riesco lo posto
cosa mi consigli come antivirus una volta pulito?
monta un celeron 400 mi pare.........
mettergli norton è un suicidio altri come nod 32 non si istallano lì
comunque nel caso passo l'hard disk nel mio pc
e provo a pulirlo da lì
dovrei far prima

Hijackthis va bene anche per win 98. Come antivirus per il dopo rimozione ti consiglierei kaspersky oppure bitdefender oppure f-prot che e' leggero.

pippokennedy · 23-07-2005, 13:37

Questo è il log

log di hijackthis.

Logfile of HijackThis v1.99.1
Scan saved at 13.33.55, on 23/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Programmi\Netropa\Onscreen Display\OSD.exe
C:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe
C:\Programmi\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\GEARSEC.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Sony Ericsson\Mobile\audevicemgr.exe
C:\WINDOWS\system32\mapiicon.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmi\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CapMan.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\ElogErr.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\BROADC~1.EXE
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\SCRFS.exe
C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\ewido\security suite\ewidoctrl.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\TinMessenger\TinMessenger.exe
c:\TinMessenger\TinTalk.exe
C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Aware.exe
C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\Oracolo\IMPOST~1\Temp\Rar$EX00.578\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Programmi\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmi\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [msnappau] "C:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe"
O4 - HKLM\..\Run: [ADSL_A2] A2Installed
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programmi\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Startup: ADSL Diagnostic Tools.LNK = C:\WINDOWS\system32\mapiicon.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Programmi\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Monitor conn. telefonica.lnk = ?
O4 - Global Startup: NOD32 FiX.lnk = C:\WINDOWS\system32\regedt32.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Programmi\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .wav: C:\Programmi\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido\security suite\ewidoguard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\GEARSEC.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Programmi\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe

non ci capisco nulla è grave?
premetto l'ho fatto inserendo il disco del pc con il dialer nel mio sistema
disco G

andorra24 · 23-07-2005, 13:59

Fixa:
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
Mi insospettisce questa voce:
O4 - Global Startup: Monitor conn. telefonica.lnk = ?
Ma tu usi il tin messenger? Sei sicuro che sia affidabile?

pippokennedy · 23-07-2005, 14:44

Si ma non ho mai avuto problemi...........
questo è il log
dell'altro pc

Logfile of HijackThis v1.99.1
Scan saved at 14.40.43, on 07/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\ewido\security suite\ewidoctrl.exe
C:\Programmi\ewido\security suite\ewidoguard.exe
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe
C:\WINDOWS\System32\phq.exe
C:\Programmi\EnergyPlugIn\EnergyPlugin.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\System32\spoolvs.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\cmd.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\Soulseek\slsk.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\Computer\IMPOST~1\Temp\Rar$EX00.328\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oemji.com/side_search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oemji.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oemji.com/side_search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oemji.com/side_search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 64.39.14.226 onlineaccounts2.abbeynational.co.uk
O1 - Hosts: 64.39.14.226 www3.aibgbonline.co.uk
O1 - Hosts: 64.39.14.226 www.bank.alliance-leicester.co.uk
O1 - Hosts: 64.39.14.226 login.iblogin.com
O1 - Hosts: 64.39.14.226 ww2.bankofscotlandhalifax-online.co.uk
O1 - Hosts: 64.39.14.226 inet.barclays.co.uk
O1 - Hosts: 64.39.14.226 iibank.barclays.co.uk
O1 - Hosts: 64.39.14.226 iibank.cahoot.com
O1 - Hosts: 64.39.14.226 www3.coventrybuildingsociety.co.uk
O1 - Hosts: 64.39.14.226 ww.hsbc.co.uk
O1 - Hosts: 64.39.14.226 login.ebank.offshore.hsbc.co.je
O1 - Hosts: 64.39.14.226 ww3.online-offshore.lloydstsb.com
O1 - Hosts: 64.39.14.226 ww3.online-business.lloydstsb.co.uk
O1 - Hosts: 64.39.14.226 ww3.online.lloydstsb.co.uk
O1 - Hosts: 64.39.14.226 ww3.online.lloydstsb.co.uk
O1 - Hosts: 64.39.14.226 ww3.online-business.lloydstsb.co.uk
O1 - Hosts: 64.39.14.226 ob2.nationet.com
O1 - Hosts: 64.39.14.226 ww3.onlinebanking.natwestoffshore.com
O1 - Hosts: 64.39.14.226 ww1.nwolb.com
O1 - Hosts: 64.39.14.226 ww1.onlinebanking.iombank.com
O1 - Hosts: 64.39.14.226 ww1.www.rbsdigital.com
O1 - Hosts: 64.39.14.226 welcome.smile.co.uk
O1 - Hosts: 64.39.14.226 login.365online.com
O1 - Hosts: 64.39.14.226 wvw.citizensbankonline.com
O1 - Hosts: 64.39.14.226 esecure.regionsnet.com
O1 - Hosts: 64.39.14.226 rollb.associatedbank.com
O1 - Hosts: 64.39.14.226 upb.unionplanters.com
O1 - Hosts: 64.39.14.226 www.onlinebanking.huntington.com
O1 - Hosts: 64.39.14.226 inet.southtrustonlinebanking.com
O1 - Hosts: 64.39.14.226 logon.personal.wamu.com
O1 - Hosts: 64.39.14.226 login.compassweb.com
O1 - Hosts: 64.39.14.226 logon.firstmeritib.com
O1 - Hosts: 64.39.14.226 login.ccfcuonline.org
O1 - Hosts: 64.39.14.226 ww3.etimebanker.bankofthewest.com
O1 - Hosts: 64.39.14.226 ww2.onlinebanking.lasallebank.com
O1 - Hosts: 64.39.14.226 wvw.totallyfreebanking.com
O1 - Hosts: 64.39.14.226 www.online.wellsfargo.com
O1 - Hosts: 64.39.14.226 www.onlinebanking.bankofoklahoma.com
O1 - Hosts: 64.39.14.226 accounts4.keybank.com
O1 - Hosts: 64.39.14.226 logon.bankone.com
O1 - Hosts: 64.39.14.226 www.secure.tdbanknorth.com
O1 - Hosts: 64.39.14.226 www.secure.mvnt4.com
O1 - Hosts: 64.39.14.226 ww.mynfbonline.com
O1 - Hosts: 64.39.14.226 login.forumcuonline.com
O1 - Hosts: 64.39.14.226 www.eds.usersonlnet.com
O1 - Hosts: 64.39.14.226 www.onlineid.bankofamerica.com
O1 - Hosts: 64.39.14.226 wvw.e-gold.com
O1 - Hosts: 64.39.14.226 pcbs.peoples.com
O1 - Hosts: 64.39.14.226 www.global1.onlinebank.com
O1 - Hosts: 64.39.14.226 ww2.mybranch.lafcu.com
O1 - Hosts: 64.39.14.226 login.webbanking.comerica.com
O1 - Hosts: 64.39.14.226 web.banking.firsttennessee.com
O1 - Hosts: 64.39.14.226 logon.members1st.org
O1 - Hosts: 64.39.14.226 www.cib.ibanking-services.com
O1 - Hosts: 64.39.14.226 www.miwebbusbank.ebanking-services.com
O1 - Hosts: 64.39.14.226 wvw.paypal.com
O1 - Hosts: 64.39.14.226 www.signin.ebay.com
O1 - Hosts: 64.39.14.226 wvw.etrade.com
O1 - Hosts: 64.39.14.226 ww4.fleethomelink.fleet.com
O1 - Hosts: 64.39.14.226 ww3.connect.skyfi.com
O1 - Hosts: 64.39.14.226 www6.usbank.com
O1 - Hosts: 64.39.14.226 www.bvi.bancodevalencia.es
O1 - Hosts: 64.39.14.226 extrant.banesto.es
O1 - Hosts: 64.39.14.226 banesnt.banesto.es
O1 - Hosts: 64.39.14.226 activia.caixagalicia.es
O1 - Hosts: 64.39.14.226 www.bancae.caixapenedes.com
O1 - Hosts: 64.39.14.226 login.caixasabadell.net
O1 - Hosts: 64.39.14.226 oii.cajamadrid.es
O1 - Hosts: 64.39.14.226 login.cajamar.es
O1 - Hosts: 64.39.14.226 login.ccm.es
O1 - Hosts: 64.39.14.226 ww.unicaja.es
O1 - Hosts: 64.39.14.226 www5.bancopopular.es
O1 - Hosts: 64.39.14.226 ww3.bbvanet.com
O1 - Hosts: 64.39.14.226 ww.bayernlb.de
O1 - Hosts: 64.39.14.226 ww2.berliner-volksbank.de
O1 - Hosts: 64.39.14.226 ww7.homebanking-berlin.de
O1 - Hosts: 64.39.14.226 portal09.commerzbanking.de
O1 - Hosts: 64.39.14.226 www.meine.deutsche-bank.de
O1 - Hosts: 64.39.14.226 ww2.dresdner-privat.de
O1 - Hosts: 64.39.14.226 ww.e-banking.helaba.de
O1 - Hosts: 64.39.14.226 ww.hsh-nordbank.de
O1 - Hosts: 64.39.14.226 www.my.hypovereinsbank.de
O1 - Hosts: 64.39.14.226 ww3.homebanking-berlin.de
O1 - Hosts: 64.39.14.226 ww3.homebanking-berlin.de
O1 - Hosts: 64.39.14.226 www.banking.lbbw.de
O1 - Hosts: 64.39.14.226 lrp.sparkasse-banking.de
O1 - Hosts: 64.39.14.226 ww3.homebanking-niedersachsen.de
O1 - Hosts: 64.39.14.226 www.onlinebanking.norisbank.de
O1 - Hosts: 64.39.14.226 www.banking.postbank.de
O1 - Hosts: 64.39.14.226 wvw.internetbanking.gad.de
O1 - Hosts: 64.39.14.226 ww1.portal.izb.de
O1 - Hosts: 64.39.14.226 wvw.kunden-service.lbs.de
O1 - Hosts: 64.39.14.226 ibanking.seb.de
O1 - Hosts: 64.39.14.226 bw7.sparkasse-banking.de
O1 - Hosts: 64.39.14.226 ww2.homebanking-sparkasse.de
O1 - Hosts: 64.39.14.226 ww2.vr-networld-ebanking.de
O1 - Hosts: 64.39.14.226 ww.bics.fr
O1 - Hosts: 64.39.14.226 www.co.caixabank.fr
O1 - Hosts: 64.39.14.226 ww.creditmutuel.fr
O1 - Hosts: 64.39.14.226 internetbank.intesabci.it
O1 - Hosts: 64.39.14.226 ww.extensive.bancalombarda.it
O2 - BHO: (no name) - {3C92DBF1-2603-37D0-6F31-6BAD2A4699A9} - C:\WINDOWS\System32\qzspcov.dll (file missing)
O2 - BHO: (no name) - {FBD7D6E2-241E-6D97-71C3-61FD6F620EF3} - C:\WINDOWS\System32\tvxxwrjv.dll (file missing)
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [msnappau] "C:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe"
O4 - HKLM\..\Run: [LOCAL WEB DRIVERS FOR WIN32] phq.exe
O4 - HKLM\..\Run: [EnergyPlugIn] C:\Programmi\EnergyPlugIn\EnergyPlugin.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Programmi\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [mouse] mouse.exe
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\System32\itDDD.exe
O4 - HKLM\..\Run: [Microsoft Update] wuamk032.exe
O4 - HKLM\..\Run: [Services] C:\WINDOWS\system32\1.tmp
O4 - HKLM\..\Run: [Internet2 Optimizer] wkfix.exe
O4 - HKLM\..\Run: [Micromedia Flash Update] wdfmrg.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Network Access] winssh.exe
O4 - HKLM\..\Run: [Microsoft Update 23] spoolvs.exe
O4 - HKLM\..\Run: [OSS] C:\windows\system32\rlvknlg.exe -boot
O4 - HKLM\..\RunServices: [LOCAL WEB DRIVERS FOR WIN32] phq.exe
O4 - HKLM\..\RunServices: [mouse] mouse.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuamk032.exe
O4 - HKLM\..\RunServices: [Internet2 Optimizer] wkfix.exe
O4 - HKLM\..\RunServices: [Micromedia Flash Update] wdfmrg.exe
O4 - HKLM\..\RunServices: [Network Access] winssh.exe
O4 - HKLM\..\RunServices: [Microsoft Update 23] spoolvs.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LOCAL WEB DRIVERS FOR WIN32] phq.exe
O4 - HKCU\..\Run: [zqqf] C:\PROGRA~1\COMMON~1\zqqf\zqqfm.exe
O4 - HKCU\..\Run: [Internet2 Optimizer] wkfix.exe
O4 - Global Startup: NOD32 FiX.lnk = C:\WINDOWS\system32\regedt32.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.realarea.biz
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.sfonditalia.biz
O15 - Trusted Zone: www.skymasters.biz
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int10.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {15320607-1001-1831-1000-118599957123} - ms-its:mhtml:file://C:\PATH.MHT!http://195.225.176.5//d//izbgfxv//ds...::/painter.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Me...ridge-c139.cab
O16 - DPF: {16E166F9-35E8-4CA5-B50D-5CEFABF45B09} - http://www.sfonditalia.biz/dialers/1746/AUTO_1746_N.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...a/LSSupCtl.cab
O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5302AB70} - http://dialers.dialoff.com/100302/it/games1/games1.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (Damage Cleanup Server Control) - http://213.158.72.33/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/606731.exe
O16 - DPF: {F57D27AE-CE57-4BC8-B232-EA57747BE5B7} - ms-its:mhtml:file://C:\PATH.MHT!http://195.225.176.5//d//zngibps//ej...::/painter.dll
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spysp...CabInstall.cab
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energyfactor.com/dia...ex_1317_it.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{512E53DD-42EF-4E70-B925-823FB314C6F2}: NameServer = 85.37.17.9 151.99.125.1
O18 - Filter: text/html - {35934C6E-98E5-4E02-88AA-503DE8F6BA08} - C:\Documents and Settings\Computer\Impostazioni locali\Dati applicazioni\microsoft\internet explorer\V0.32.dat
O20 - Winlogon Notify: -lyvjcwhk - C:\WINDOWS\System32\jglyvj.dll
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido\security suite\ewidoguard.exe
O23 - Service: Externtelecom - Unknown owner - C:\WINDOWS\extel.exe (file missing)
O23 - Service: Mouse Click Monitor (mousecm) - Unknown owner - C:\WINDOWS\System32\mousecm.exe (file missing)
O23 - Service: Net Functions Library (Netlib) - Unknown owner - C:\WINDOWS\System32\Netlib.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

andorra24 · 23-07-2005, 15:19

Fixa:
C:\WINDOWS\System32\phq.exe
C:\Programmi\EnergyPlugIn\EnergyPlugin.exe
C:\WINDOWS\System32\spoolvs.exe
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {3C92DBF1-2603-37D0-6F31-6BAD2A4699A9} - C:\WINDOWS\System32\qzspcov.dll (file missing)
O2 - BHO: (no name) - {FBD7D6E2-241E-6D97-71C3-61FD6F620EF3} - C:\WINDOWS\System32\tvxxwrjv.dll (file missing)
O4 - HKLM\..\Run: [LOCAL WEB DRIVERS FOR WIN32] phq.exe
O4 - HKLM\..\Run: [EnergyPlugIn] C:\Programmi\EnergyPlugIn\EnergyPlugin.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Programmi\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [mouse] mouse.exe
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\System32\itDDD.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuamk032.exe
O4 - HKLM\..\Run: [Services] C:\WINDOWS\system32\1.tmp
O4 - HKLM\..\RunServices: [Internet2 Optimizer] wkfix.exe
O4 - HKLM\..\Run: [Micromedia Flash Update] wdfmrg.exe
O4 - HKLM\..\Run: [Network Access] winssh.exe
O4 - HKLM\..\Run: [Microsoft Update 23] spoolvs.exe
O4 - HKLM\..\Run: [OSS] C:\windows\system32\rlvknlg.exe -boot
O4 - HKLM\..\RunServices: [LOCAL WEB DRIVERS FOR WIN32] phq.exe
O4 - HKLM\..\RunServices: [mouse] mouse.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuamk032.exe
O4 - HKLM\..\RunServices: [Internet2 Optimizer] wkfix.exe
O4 - HKLM\..\RunServices: [Micromedia Flash Update] wdfmrg.exe
O4 - HKLM\..\RunServices: [Network Access] winssh.exe
O4 - HKLM\..\RunServices: [Microsoft Update 23] spoolvs.exe
O4 - HKCU\..\Run: [LOCAL WEB DRIVERS FOR WIN32] phq.exe
O4 - HKCU\..\Run: [zqqf] C:\PROGRA~1\COMMON~1\zqqf\zqqfm.exe
O4 - HKCU\..\Run: [Internet2 Optimizer] wkfix.exe
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.realarea.biz
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.sfonditalia.biz
O15 - Trusted Zone: www.skymasters.biz
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/606731.exe
O16 - DPF: {F57D27AE-CE57-4BC8-B232-EA57747BE5B7} - ms-its:mhtml:file://C:\PATH.MHT!http://195.225.176.5//d//zngibps//e...m::/painter.dll
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spys...rCabInstall.cab
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energyfactor.com/di...vex_1317_it.exe
O18 - Filter: text/html - {35934C6E-98E5-4E02-88AA-503DE8F6BA08} - C:\Documents and Settings\Computer\Impostazioni locali\Dati applicazioni\microsoft\internet explorer\V0.32.dat
O20 - Winlogon Notify: -lyvjcwhk - C:\WINDOWS\System32\jglyvj.dll
O23 - Service: Externtelecom - Unknown owner - C:\WINDOWS\extel.exe (file missing)
O23 - Service: Mouse Click Monitor (mousecm) - Unknown owner - C:\WINDOWS\System32\mousecm.exe (file missing)
O23 - Service: Net Functions Library (Netlib) - Unknown owner - C:\WINDOWS\System32\Netlib.exe (file missing)

andorra24 · 23-07-2005, 15:26

Inoltre non mi fido delle voci 01 e ti consiglio di provvedere :
O1 - Hosts: 64.39.14.226 onlineaccounts2.abbeynational.co.uk
O1 - Hosts: 64.39.14.226 www3.aibgbonline.co.uk
O1 - Hosts: 64.39.14.226 www.bank.alliance-leicester.co.uk
O1 - Hosts: 64.39.14.226 login.iblogin.com
O1 - Hosts: 64.39.14.226 ww2.bankofscotlandhalifax-online.co.uk
O1 - Hosts: 64.39.14.226 inet.barclays.co.uk
O1 - Hosts: 64.39.14.226 iibank.barclays.co.uk
O1 - Hosts: 64.39.14.226 iibank.cahoot.com
O1 - Hosts: 64.39.14.226 www3.coventrybuildingsociety.co.uk
O1 - Hosts: 64.39.14.226 ww.hsbc.co.uk
O1 - Hosts: 64.39.14.226 login.ebank.offshore.hsbc.co.je
O1 - Hosts: 64.39.14.226 ww3.online-offshore.lloydstsb.com
O1 - Hosts: 64.39.14.226 ww3.online-business.lloydstsb.co.uk
O1 - Hosts: 64.39.14.226 ww3.online.lloydstsb.co.uk
O1 - Hosts: 64.39.14.226 ww3.online.lloydstsb.co.uk
O1 - Hosts: 64.39.14.226 ww3.online-business.lloydstsb.co.uk
O1 - Hosts: 64.39.14.226 ob2.nationet.com
O1 - Hosts: 64.39.14.226 ww3.onlinebanking.natwestoffshore.com
O1 - Hosts: 64.39.14.226 ww1.nwolb.com
O1 - Hosts: 64.39.14.226 ww1.onlinebanking.iombank.com
O1 - Hosts: 64.39.14.226 ww1.www.rbsdigital.com
O1 - Hosts: 64.39.14.226 welcome.smile.co.uk
O1 - Hosts: 64.39.14.226 login.365online.com
O1 - Hosts: 64.39.14.226 wvw.citizensbankonline.com
O1 - Hosts: 64.39.14.226 esecure.regionsnet.com
O1 - Hosts: 64.39.14.226 rollb.associatedbank.com
O1 - Hosts: 64.39.14.226 upb.unionplanters.com
O1 - Hosts: 64.39.14.226 www.onlinebanking.huntington.com
O1 - Hosts: 64.39.14.226 inet.southtrustonlinebanking.com
O1 - Hosts: 64.39.14.226 logon.personal.wamu.com
O1 - Hosts: 64.39.14.226 login.compassweb.com
O1 - Hosts: 64.39.14.226 logon.firstmeritib.com
O1 - Hosts: 64.39.14.226 login.ccfcuonline.org
O1 - Hosts: 64.39.14.226 ww3.etimebanker.bankofthewest.com
O1 - Hosts: 64.39.14.226 ww2.onlinebanking.lasallebank.com
O1 - Hosts: 64.39.14.226 wvw.totallyfreebanking.com
O1 - Hosts: 64.39.14.226 www.online.wellsfargo.com
O1 - Hosts: 64.39.14.226 www.onlinebanking.bankofoklahoma.com
O1 - Hosts: 64.39.14.226 accounts4.keybank.com
O1 - Hosts: 64.39.14.226 logon.bankone.com
O1 - Hosts: 64.39.14.226 www.secure.tdbanknorth.com
O1 - Hosts: 64.39.14.226 www.secure.mvnt4.com
O1 - Hosts: 64.39.14.226 ww.mynfbonline.com
O1 - Hosts: 64.39.14.226 login.forumcuonline.com
O1 - Hosts: 64.39.14.226 www.eds.usersonlnet.com
O1 - Hosts: 64.39.14.226 www.onlineid.bankofamerica.com
O1 - Hosts: 64.39.14.226 wvw.e-gold.com
O1 - Hosts: 64.39.14.226 pcbs.peoples.com
O1 - Hosts: 64.39.14.226 www.global1.onlinebank.com
O1 - Hosts: 64.39.14.226 ww2.mybranch.lafcu.com
O1 - Hosts: 64.39.14.226 login.webbanking.comerica.com
O1 - Hosts: 64.39.14.226 web.banking.firsttennessee.com
O1 - Hosts: 64.39.14.226 logon.members1st.org
O1 - Hosts: 64.39.14.226 www.cib.ibanking-services.com
O1 - Hosts: 64.39.14.226 www.miwebbusbank.ebanking-services.com
O1 - Hosts: 64.39.14.226 wvw.paypal.com
O1 - Hosts: 64.39.14.226 www.signin.ebay.com
O1 - Hosts: 64.39.14.226 wvw.etrade.com
O1 - Hosts: 64.39.14.226 ww4.fleethomelink.fleet.com
O1 - Hosts: 64.39.14.226 ww3.connect.skyfi.com
O1 - Hosts: 64.39.14.226 www6.usbank.com
O1 - Hosts: 64.39.14.226 www.bvi.bancodevalencia.es
O1 - Hosts: 64.39.14.226 extrant.banesto.es
O1 - Hosts: 64.39.14.226 banesnt.banesto.es
O1 - Hosts: 64.39.14.226 activia.caixagalicia.es
O1 - Hosts: 64.39.14.226 www.bancae.caixapenedes.com
O1 - Hosts: 64.39.14.226 login.caixasabadell.net
O1 - Hosts: 64.39.14.226 oii.cajamadrid.es
O1 - Hosts: 64.39.14.226 login.cajamar.es
O1 - Hosts: 64.39.14.226 login.ccm.es
O1 - Hosts: 64.39.14.226 ww.unicaja.es
O1 - Hosts: 64.39.14.226 www5.bancopopular.es
O1 - Hosts: 64.39.14.226 ww3.bbvanet.com
O1 - Hosts: 64.39.14.226 ww.bayernlb.de
O1 - Hosts: 64.39.14.226 ww2.berliner-volksbank.de
O1 - Hosts: 64.39.14.226 ww7.homebanking-berlin.de
O1 - Hosts: 64.39.14.226 portal09.commerzbanking.de
O1 - Hosts: 64.39.14.226 www.meine.deutsche-bank.de
O1 - Hosts: 64.39.14.226 ww2.dresdner-privat.de
O1 - Hosts: 64.39.14.226 ww.e-banking.helaba.de
O1 - Hosts: 64.39.14.226 ww.hsh-nordbank.de
O1 - Hosts: 64.39.14.226 www.my.hypovereinsbank.de
O1 - Hosts: 64.39.14.226 ww3.homebanking-berlin.de
O1 - Hosts: 64.39.14.226 ww3.homebanking-berlin.de
O1 - Hosts: 64.39.14.226 www.banking.lbbw.de
O1 - Hosts: 64.39.14.226 lrp.sparkasse-banking.de
O1 - Hosts: 64.39.14.226 ww3.homebanking-niedersachsen.de
O1 - Hosts: 64.39.14.226 www.onlinebanking.norisbank.de
O1 - Hosts: 64.39.14.226 www.banking.postbank.de
O1 - Hosts: 64.39.14.226 wvw.internetbanking.gad.de
O1 - Hosts: 64.39.14.226 ww1.portal.izb.de
O1 - Hosts: 64.39.14.226 wvw.kunden-service.lbs.de
O1 - Hosts: 64.39.14.226 ibanking.seb.de
O1 - Hosts: 64.39.14.226 bw7.sparkasse-banking.de
O1 - Hosts: 64.39.14.226 ww2.homebanking-sparkasse.de
O1 - Hosts: 64.39.14.226 ww2.vr-networld-ebanking.de
O1 - Hosts: 64.39.14.226 ww.bics.fr
O1 - Hosts: 64.39.14.226 www.co.caixabank.fr
O1 - Hosts: 64.39.14.226 ww.creditmutuel.fr
O1 - Hosts: 64.39.14.226 internetbank.intesabci.it
O1 - Hosts: 64.39.14.226 ww.extensive.bancalombarda.it

pippokennedy · 23-07-2005, 15:58

Che vuol dire Fixa???
e sopratutto come?
utilizzando cosa devo provvedere?

andorra24 · 23-07-2005, 16:24

Metti la spunta accanto a tutte le voci che ti ho detto e poi clicca ''fix checked'' in modo da rimuoverle.
Per quanto riguarda tutte le voci inserite in 01 devi sapere che in questa sezione si trovano i cosiddetti hosts file redirection. Molti malware utilizzano questo metodo per costringere l’utente a visitare determinati siti, infatti modificando il file host si possono ottenere reindirizzamenti all’insaputa dello user. Se gli indirizzamenti presenti nel file Hosts non sono stati inseriti da chi usa il pc bisogna procedere con il Fix delle righe.

pippokennedy · 23-07-2005, 17:55

Ti ringrazio stò pulendo il secondo pc
per quanto riguarda il primo......
il log che ho fatto sul mio pc
comprende anche il disco G: che è il disco dell'altro pc??????
altrimenti non vorrei aver scandito solo il mio pc
che non ha nulla................

andorra24 · 23-07-2005, 18:17

Ti consiglio anche di effettuare una scansione con questo: http://www.ewido.net/en/
E' molto utile in caso di spyware/adware/trojans/dialer

juninho85 · 24-07-2005, 11:14

'azz questo log

21-07-2005, 07:31	#1
pippokennedy Senior Member Iscritto dal: Jun 2004 Città: Velletri ---- Trattative Concluse: 42 Stato Civile: Single Messaggi: 1296	Sfonditalia e altro dialer oltre all'antivirus Ho un problema su due diversi pc uno l'ho risolto tempo addietro ma mi si è riproposto su un altro pc......... e non ricordo la procedura visto che da dove l'avevo appresa è scomparsa........ Il dialer è sfonditalia..................... http://securityresponse.symantec.co...fonditalia.html il metodo per toglierlo scomparso era su http://www.p2pforum.it/forum/showthread.php?t=35419 l'altro è un altro dialer che fà apparire una schermata per scaricare un plugin di wmp e continue finestre.................. ora il problema è che ne gli antivirus online ne nod32 mi riescono a togliere Sfonditalia dall'altro pc........... ad-aware non lo trova e se lo trova una volta cancellato ricompare........... l'altro pc sempre affetto da un dialer ha un problema in piu è vecchissimo e lento monta windows 98 non mi fà istallare gli antivirus piu recenti.......... antivir non trova il dialer ewido non ci si istalla ad-aware non lo trova spybot s&d non l'individua inoltre sempre su stò pc visto che di nuovi antivirus non se ne parla......... norton2005 lo pianterebbe........ nod 32 non s'istalla su windows98 una volta pulito cosa ci istallo come antivirus? basta Antivir????? nel caso bisogni usare programmi che su windzoz 98 non vanno mi conviene staccare l'hard disk e montarlo su pc con windows xp e pulirlo da lì???? __________________ Si Vis Pacem Para Bellum

21-07-2005, 10:26	#3
pippokennedy Senior Member Iscritto dal: Jun 2004 Città: Velletri ---- Trattative Concluse: 42 Stato Civile: Single Messaggi: 1296	ci proverò hijackthis funziona anche su windows 98 vero????? stasera mi riportano il relitto e se riesco lo posto cosa mi consigli come antivirus una volta pulito? monta un celeron 400 mi pare......... mettergli norton è un suicidio altri come nod 32 non si istallano lì comunque nel caso passo l'hard disk nel mio pc e provo a pulirlo da lì dovrei far prima __________________ Si Vis Pacem Para Bellum

23-07-2005, 13:37	#5
pippokennedy Senior Member Iscritto dal: Jun 2004 Città: Velletri ---- Trattative Concluse: 42 Stato Civile: Single Messaggi: 1296	log di hijackthis. Questo è il log log di hijackthis. Logfile of HijackThis v1.99.1 Scan saved at 13.33.55, on 23/07/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Programmi\Netropa\Multimedia Keyboard\MMKeybd.exe C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkUFind.exe C:\Programmi\iTunes\iTunesHelper.exe C:\Programmi\Netropa\Multimedia Keyboard\TrayMon.exe C:\Programmi\Netropa\Onscreen Display\OSD.exe C:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe C:\Programmi\Netropa\Multimedia Keyboard\nhksrv.exe C:\Programmi\Eset\nod32kui.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\GEARSEC.EXE C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe C:\Programmi\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Programmi\Eset\nod32krn.exe C:\Programmi\Sony Ericsson\Mobile\audevicemgr.exe C:\WINDOWS\system32\mapiicon.exe C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Programmi\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CapMan.exe C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\ElogErr.exe C:\Programmi\iPod\bin\iPodService.exe C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\BROADC~1.EXE C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\SCRFS.exe C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Programmi\ewido\security suite\ewidoctrl.exe C:\Programmi\MSN Messenger\msnmsgr.exe C:\TinMessenger\TinMessenger.exe c:\TinMessenger\TinTalk.exe C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Aware.exe C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe C:\Programmi\WinRAR\WinRAR.exe C:\DOCUME~1\Oracolo\IMPOST~1\Temp\Rar$EX00.578\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Programmi\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Programmi\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [msnappau] "C:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe" O4 - HKLM\..\Run: [ADSL_A2] A2Installed O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programmi\Yahoo!\Messenger\ypager.exe" -quiet O4 - Startup: ADSL Diagnostic Tools.LNK = C:\WINDOWS\system32\mapiicon.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Programmi\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Monitor conn. telefonica.lnk = ? O4 - Global Startup: NOD32 FiX.lnk = C:\WINDOWS\system32\regedt32.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O12 - Plugin for .mid: C:\Programmi\Internet Explorer\PLUGINS\npqtplugin2.dll O12 - Plugin for .wav: C:\Programmi\Internet Explorer\PLUGINS\npqtplugin.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido\security suite\ewidoguard.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\GEARSEC.EXE O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Programmi\Netropa\Multimedia Keyboard\nhksrv.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe non ci capisco nulla è grave? premetto l'ho fatto inserendo il disco del pc con il dialer nel mio sistema disco G __________________ Si Vis Pacem Para Bellum

23-07-2005, 14:44	#7
pippokennedy Senior Member Iscritto dal: Jun 2004 Città: Velletri ---- Trattative Concluse: 42 Stato Civile: Single Messaggi: 1296	Si ma non ho mai avuto problemi........... questo è il log dell'altro pc Logfile of HijackThis v1.99.1 Scan saved at 14.40.43, on 07/23/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programmi\ewido\security suite\ewidoctrl.exe C:\Programmi\ewido\security suite\ewidoguard.exe C:\Programmi\Analog Devices\SoundMAX\SMTray.exe C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe C:\WINDOWS\System32\phq.exe C:\Programmi\EnergyPlugIn\EnergyPlugin.exe C:\Programmi\Eset\nod32kui.exe C:\WINDOWS\System32\spoolvs.exe C:\Programmi\Eset\nod32krn.exe C:\WINDOWS\System32\nvsvc32.exe C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe C:\Programmi\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\cmd.exe C:\Programmi\eMule\emule.exe C:\Programmi\Soulseek\slsk.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\WinRAR\WinRAR.exe C:\DOCUME~1\Computer\IMPOST~1\Temp\Rar$EX00.328\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oemji.com/side_search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oemji.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oemji.com/side_search.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oemji.com/side_search.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O1 - Hosts: 64.39.14.226 onlineaccounts2.abbeynational.co.uk O1 - Hosts: 64.39.14.226 www3.aibgbonline.co.uk O1 - Hosts: 64.39.14.226 www.bank.alliance-leicester.co.uk O1 - Hosts: 64.39.14.226 login.iblogin.com O1 - Hosts: 64.39.14.226 ww2.bankofscotlandhalifax-online.co.uk O1 - Hosts: 64.39.14.226 inet.barclays.co.uk O1 - Hosts: 64.39.14.226 iibank.barclays.co.uk O1 - Hosts: 64.39.14.226 iibank.cahoot.com O1 - Hosts: 64.39.14.226 www3.coventrybuildingsociety.co.uk O1 - Hosts: 64.39.14.226 ww.hsbc.co.uk O1 - Hosts: 64.39.14.226 login.ebank.offshore.hsbc.co.je O1 - Hosts: 64.39.14.226 ww3.online-offshore.lloydstsb.com O1 - Hosts: 64.39.14.226 ww3.online-business.lloydstsb.co.uk O1 - Hosts: 64.39.14.226 ww3.online.lloydstsb.co.uk O1 - Hosts: 64.39.14.226 ww3.online.lloydstsb.co.uk O1 - Hosts: 64.39.14.226 ww3.online-business.lloydstsb.co.uk O1 - Hosts: 64.39.14.226 ob2.nationet.com O1 - Hosts: 64.39.14.226 ww3.onlinebanking.natwestoffshore.com O1 - Hosts: 64.39.14.226 ww1.nwolb.com O1 - Hosts: 64.39.14.226 ww1.onlinebanking.iombank.com O1 - Hosts: 64.39.14.226 ww1.www.rbsdigital.com O1 - Hosts: 64.39.14.226 welcome.smile.co.uk O1 - Hosts: 64.39.14.226 login.365online.com O1 - Hosts: 64.39.14.226 wvw.citizensbankonline.com O1 - Hosts: 64.39.14.226 esecure.regionsnet.com O1 - Hosts: 64.39.14.226 rollb.associatedbank.com O1 - Hosts: 64.39.14.226 upb.unionplanters.com O1 - Hosts: 64.39.14.226 www.onlinebanking.huntington.com O1 - Hosts: 64.39.14.226 inet.southtrustonlinebanking.com O1 - Hosts: 64.39.14.226 logon.personal.wamu.com O1 - Hosts: 64.39.14.226 login.compassweb.com O1 - Hosts: 64.39.14.226 logon.firstmeritib.com O1 - Hosts: 64.39.14.226 login.ccfcuonline.org O1 - Hosts: 64.39.14.226 ww3.etimebanker.bankofthewest.com O1 - Hosts: 64.39.14.226 ww2.onlinebanking.lasallebank.com O1 - Hosts: 64.39.14.226 wvw.totallyfreebanking.com O1 - Hosts: 64.39.14.226 www.online.wellsfargo.com O1 - Hosts: 64.39.14.226 www.onlinebanking.bankofoklahoma.com O1 - Hosts: 64.39.14.226 accounts4.keybank.com O1 - Hosts: 64.39.14.226 logon.bankone.com O1 - Hosts: 64.39.14.226 www.secure.tdbanknorth.com O1 - Hosts: 64.39.14.226 www.secure.mvnt4.com O1 - Hosts: 64.39.14.226 ww.mynfbonline.com O1 - Hosts: 64.39.14.226 login.forumcuonline.com O1 - Hosts: 64.39.14.226 www.eds.usersonlnet.com O1 - Hosts: 64.39.14.226 www.onlineid.bankofamerica.com O1 - Hosts: 64.39.14.226 wvw.e-gold.com O1 - Hosts: 64.39.14.226 pcbs.peoples.com O1 - Hosts: 64.39.14.226 www.global1.onlinebank.com O1 - Hosts: 64.39.14.226 ww2.mybranch.lafcu.com O1 - Hosts: 64.39.14.226 login.webbanking.comerica.com O1 - Hosts: 64.39.14.226 web.banking.firsttennessee.com O1 - Hosts: 64.39.14.226 logon.members1st.org O1 - Hosts: 64.39.14.226 www.cib.ibanking-services.com O1 - Hosts: 64.39.14.226 www.miwebbusbank.ebanking-services.com O1 - Hosts: 64.39.14.226 wvw.paypal.com O1 - Hosts: 64.39.14.226 www.signin.ebay.com O1 - Hosts: 64.39.14.226 wvw.etrade.com O1 - Hosts: 64.39.14.226 ww4.fleethomelink.fleet.com O1 - Hosts: 64.39.14.226 ww3.connect.skyfi.com O1 - Hosts: 64.39.14.226 www6.usbank.com O1 - Hosts: 64.39.14.226 www.bvi.bancodevalencia.es O1 - Hosts: 64.39.14.226 extrant.banesto.es O1 - Hosts: 64.39.14.226 banesnt.banesto.es O1 - Hosts: 64.39.14.226 activia.caixagalicia.es O1 - Hosts: 64.39.14.226 www.bancae.caixapenedes.com O1 - Hosts: 64.39.14.226 login.caixasabadell.net O1 - Hosts: 64.39.14.226 oii.cajamadrid.es O1 - Hosts: 64.39.14.226 login.cajamar.es O1 - Hosts: 64.39.14.226 login.ccm.es O1 - Hosts: 64.39.14.226 ww.unicaja.es O1 - Hosts: 64.39.14.226 www5.bancopopular.es O1 - Hosts: 64.39.14.226 ww3.bbvanet.com O1 - Hosts: 64.39.14.226 ww.bayernlb.de O1 - Hosts: 64.39.14.226 ww2.berliner-volksbank.de O1 - Hosts: 64.39.14.226 ww7.homebanking-berlin.de O1 - Hosts: 64.39.14.226 portal09.commerzbanking.de O1 - Hosts: 64.39.14.226 www.meine.deutsche-bank.de O1 - Hosts: 64.39.14.226 ww2.dresdner-privat.de O1 - Hosts: 64.39.14.226 ww.e-banking.helaba.de O1 - Hosts: 64.39.14.226 ww.hsh-nordbank.de O1 - Hosts: 64.39.14.226 www.my.hypovereinsbank.de O1 - Hosts: 64.39.14.226 ww3.homebanking-berlin.de O1 - Hosts: 64.39.14.226 ww3.homebanking-berlin.de O1 - Hosts: 64.39.14.226 www.banking.lbbw.de O1 - Hosts: 64.39.14.226 lrp.sparkasse-banking.de O1 - Hosts: 64.39.14.226 ww3.homebanking-niedersachsen.de O1 - Hosts: 64.39.14.226 www.onlinebanking.norisbank.de O1 - Hosts: 64.39.14.226 www.banking.postbank.de O1 - Hosts: 64.39.14.226 wvw.internetbanking.gad.de O1 - Hosts: 64.39.14.226 ww1.portal.izb.de O1 - Hosts: 64.39.14.226 wvw.kunden-service.lbs.de O1 - Hosts: 64.39.14.226 ibanking.seb.de O1 - Hosts: 64.39.14.226 bw7.sparkasse-banking.de O1 - Hosts: 64.39.14.226 ww2.homebanking-sparkasse.de O1 - Hosts: 64.39.14.226 ww2.vr-networld-ebanking.de O1 - Hosts: 64.39.14.226 ww.bics.fr O1 - Hosts: 64.39.14.226 www.co.caixabank.fr O1 - Hosts: 64.39.14.226 ww.creditmutuel.fr O1 - Hosts: 64.39.14.226 internetbank.intesabci.it O1 - Hosts: 64.39.14.226 ww.extensive.bancalombarda.it O2 - BHO: (no name) - {3C92DBF1-2603-37D0-6F31-6BAD2A4699A9} - C:\WINDOWS\System32\qzspcov.dll (file missing) O2 - BHO: (no name) - {FBD7D6E2-241E-6D97-71C3-61FD6F620EF3} - C:\WINDOWS\System32\tvxxwrjv.dll (file missing) O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [msnappau] "C:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe" O4 - HKLM\..\Run: [LOCAL WEB DRIVERS FOR WIN32] phq.exe O4 - HKLM\..\Run: [EnergyPlugIn] C:\Programmi\EnergyPlugIn\EnergyPlugin.exe O4 - HKLM\..\Run: [SurfAccuracy] C:\Programmi\SurfAccuracy\SAcc.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [mouse] mouse.exe O4 - HKLM\..\Run: [Systems] C:\WINDOWS\System32\itDDD.exe O4 - HKLM\..\Run: [Microsoft Update] wuamk032.exe O4 - HKLM\..\Run: [Services] C:\WINDOWS\system32\1.tmp O4 - HKLM\..\Run: [Internet2 Optimizer] wkfix.exe O4 - HKLM\..\Run: [Micromedia Flash Update] wdfmrg.exe O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [Network Access] winssh.exe O4 - HKLM\..\Run: [Microsoft Update 23] spoolvs.exe O4 - HKLM\..\Run: [OSS] C:\windows\system32\rlvknlg.exe -boot O4 - HKLM\..\RunServices: [LOCAL WEB DRIVERS FOR WIN32] phq.exe O4 - HKLM\..\RunServices: [mouse] mouse.exe O4 - HKLM\..\RunServices: [Microsoft Update] wuamk032.exe O4 - HKLM\..\RunServices: [Internet2 Optimizer] wkfix.exe O4 - HKLM\..\RunServices: [Micromedia Flash Update] wdfmrg.exe O4 - HKLM\..\RunServices: [Network Access] winssh.exe O4 - HKLM\..\RunServices: [Microsoft Update 23] spoolvs.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [LOCAL WEB DRIVERS FOR WIN32] phq.exe O4 - HKCU\..\Run: [zqqf] C:\PROGRA~1\COMMON~1\zqqf\zqqfm.exe O4 - HKCU\..\Run: [Internet2 Optimizer] wkfix.exe O4 - Global Startup: NOD32 FiX.lnk = C:\WINDOWS\system32\regedt32.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE O15 - Trusted Zone: www.archiviosex.net O15 - Trusted Zone: www.realarea.biz O15 - Trusted Zone: www.redfunny.com O15 - Trusted Zone: www.sfonditalia.biz O15 - Trusted Zone: www.skymasters.biz O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int10.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {15320607-1001-1831-1000-118599957123} - ms-its:mhtml:file://C:\PATH.MHT!http://195.225.176.5//d//izbgfxv//ds...::/painter.exe O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Me...ridge-c139.cab O16 - DPF: {16E166F9-35E8-4CA5-B50D-5CEFABF45B09} - http://www.sfonditalia.biz/dialers/1746/AUTO_1746_N.exe O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...a/LSSupCtl.cab O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5302AB70} - http://dialers.dialoff.com/100302/it/games1/games1.exe O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (Damage Cleanup Server Control) - http://213.158.72.33/housecall/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.cab O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/606731.exe O16 - DPF: {F57D27AE-CE57-4BC8-B232-EA57747BE5B7} - ms-its:mhtml:file://C:\PATH.MHT!http://195.225.176.5//d//zngibps//ej...::/painter.dll O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spysp...CabInstall.cab O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energyfactor.com/dia...ex_1317_it.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{512E53DD-42EF-4E70-B925-823FB314C6F2}: NameServer = 85.37.17.9 151.99.125.1 O18 - Filter: text/html - {35934C6E-98E5-4E02-88AA-503DE8F6BA08} - C:\Documents and Settings\Computer\Impostazioni locali\Dati applicazioni\microsoft\internet explorer\V0.32.dat O20 - Winlogon Notify: -lyvjcwhk - C:\WINDOWS\System32\jglyvj.dll O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido\security suite\ewidoguard.exe O23 - Service: Externtelecom - Unknown owner - C:\WINDOWS\extel.exe (file missing) O23 - Service: Mouse Click Monitor (mousecm) - Unknown owner - C:\WINDOWS\System32\mousecm.exe (file missing) O23 - Service: Net Functions Library (Netlib) - Unknown owner - C:\WINDOWS\System32\Netlib.exe (file missing) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe __________________ Si Vis Pacem Para Bellum

23-07-2005, 15:26	#9
andorra24 Senior Member Iscritto dal: May 2005 Città: Palermo Messaggi: 6390	Inoltre non mi fido delle voci 01 e ti consiglio di provvedere : O1 - Hosts: 64.39.14.226 onlineaccounts2.abbeynational.co.uk O1 - Hosts: 64.39.14.226 www3.aibgbonline.co.uk O1 - Hosts: 64.39.14.226 www.bank.alliance-leicester.co.uk O1 - Hosts: 64.39.14.226 login.iblogin.com O1 - Hosts: 64.39.14.226 ww2.bankofscotlandhalifax-online.co.uk O1 - Hosts: 64.39.14.226 inet.barclays.co.uk O1 - Hosts: 64.39.14.226 iibank.barclays.co.uk O1 - Hosts: 64.39.14.226 iibank.cahoot.com O1 - Hosts: 64.39.14.226 www3.coventrybuildingsociety.co.uk O1 - Hosts: 64.39.14.226 ww.hsbc.co.uk O1 - Hosts: 64.39.14.226 login.ebank.offshore.hsbc.co.je O1 - Hosts: 64.39.14.226 ww3.online-offshore.lloydstsb.com O1 - Hosts: 64.39.14.226 ww3.online-business.lloydstsb.co.uk O1 - Hosts: 64.39.14.226 ww3.online.lloydstsb.co.uk O1 - Hosts: 64.39.14.226 ww3.online.lloydstsb.co.uk O1 - Hosts: 64.39.14.226 ww3.online-business.lloydstsb.co.uk O1 - Hosts: 64.39.14.226 ob2.nationet.com O1 - Hosts: 64.39.14.226 ww3.onlinebanking.natwestoffshore.com O1 - Hosts: 64.39.14.226 ww1.nwolb.com O1 - Hosts: 64.39.14.226 ww1.onlinebanking.iombank.com O1 - Hosts: 64.39.14.226 ww1.www.rbsdigital.com O1 - Hosts: 64.39.14.226 welcome.smile.co.uk O1 - Hosts: 64.39.14.226 login.365online.com O1 - Hosts: 64.39.14.226 wvw.citizensbankonline.com O1 - Hosts: 64.39.14.226 esecure.regionsnet.com O1 - Hosts: 64.39.14.226 rollb.associatedbank.com O1 - Hosts: 64.39.14.226 upb.unionplanters.com O1 - Hosts: 64.39.14.226 www.onlinebanking.huntington.com O1 - Hosts: 64.39.14.226 inet.southtrustonlinebanking.com O1 - Hosts: 64.39.14.226 logon.personal.wamu.com O1 - Hosts: 64.39.14.226 login.compassweb.com O1 - Hosts: 64.39.14.226 logon.firstmeritib.com O1 - Hosts: 64.39.14.226 login.ccfcuonline.org O1 - Hosts: 64.39.14.226 ww3.etimebanker.bankofthewest.com O1 - Hosts: 64.39.14.226 ww2.onlinebanking.lasallebank.com O1 - Hosts: 64.39.14.226 wvw.totallyfreebanking.com O1 - Hosts: 64.39.14.226 www.online.wellsfargo.com O1 - Hosts: 64.39.14.226 www.onlinebanking.bankofoklahoma.com O1 - Hosts: 64.39.14.226 accounts4.keybank.com O1 - Hosts: 64.39.14.226 logon.bankone.com O1 - Hosts: 64.39.14.226 www.secure.tdbanknorth.com O1 - Hosts: 64.39.14.226 www.secure.mvnt4.com O1 - Hosts: 64.39.14.226 ww.mynfbonline.com O1 - Hosts: 64.39.14.226 login.forumcuonline.com O1 - Hosts: 64.39.14.226 www.eds.usersonlnet.com O1 - Hosts: 64.39.14.226 www.onlineid.bankofamerica.com O1 - Hosts: 64.39.14.226 wvw.e-gold.com O1 - Hosts: 64.39.14.226 pcbs.peoples.com O1 - Hosts: 64.39.14.226 www.global1.onlinebank.com O1 - Hosts: 64.39.14.226 ww2.mybranch.lafcu.com O1 - Hosts: 64.39.14.226 login.webbanking.comerica.com O1 - Hosts: 64.39.14.226 web.banking.firsttennessee.com O1 - Hosts: 64.39.14.226 logon.members1st.org O1 - Hosts: 64.39.14.226 www.cib.ibanking-services.com O1 - Hosts: 64.39.14.226 www.miwebbusbank.ebanking-services.com O1 - Hosts: 64.39.14.226 wvw.paypal.com O1 - Hosts: 64.39.14.226 www.signin.ebay.com O1 - Hosts: 64.39.14.226 wvw.etrade.com O1 - Hosts: 64.39.14.226 ww4.fleethomelink.fleet.com O1 - Hosts: 64.39.14.226 ww3.connect.skyfi.com O1 - Hosts: 64.39.14.226 www6.usbank.com O1 - Hosts: 64.39.14.226 www.bvi.bancodevalencia.es O1 - Hosts: 64.39.14.226 extrant.banesto.es O1 - Hosts: 64.39.14.226 banesnt.banesto.es O1 - Hosts: 64.39.14.226 activia.caixagalicia.es O1 - Hosts: 64.39.14.226 www.bancae.caixapenedes.com O1 - Hosts: 64.39.14.226 login.caixasabadell.net O1 - Hosts: 64.39.14.226 oii.cajamadrid.es O1 - Hosts: 64.39.14.226 login.cajamar.es O1 - Hosts: 64.39.14.226 login.ccm.es O1 - Hosts: 64.39.14.226 ww.unicaja.es O1 - Hosts: 64.39.14.226 www5.bancopopular.es O1 - Hosts: 64.39.14.226 ww3.bbvanet.com O1 - Hosts: 64.39.14.226 ww.bayernlb.de O1 - Hosts: 64.39.14.226 ww2.berliner-volksbank.de O1 - Hosts: 64.39.14.226 ww7.homebanking-berlin.de O1 - Hosts: 64.39.14.226 portal09.commerzbanking.de O1 - Hosts: 64.39.14.226 www.meine.deutsche-bank.de O1 - Hosts: 64.39.14.226 ww2.dresdner-privat.de O1 - Hosts: 64.39.14.226 ww.e-banking.helaba.de O1 - Hosts: 64.39.14.226 ww.hsh-nordbank.de O1 - Hosts: 64.39.14.226 www.my.hypovereinsbank.de O1 - Hosts: 64.39.14.226 ww3.homebanking-berlin.de O1 - Hosts: 64.39.14.226 ww3.homebanking-berlin.de O1 - Hosts: 64.39.14.226 www.banking.lbbw.de O1 - Hosts: 64.39.14.226 lrp.sparkasse-banking.de O1 - Hosts: 64.39.14.226 ww3.homebanking-niedersachsen.de O1 - Hosts: 64.39.14.226 www.onlinebanking.norisbank.de O1 - Hosts: 64.39.14.226 www.banking.postbank.de O1 - Hosts: 64.39.14.226 wvw.internetbanking.gad.de O1 - Hosts: 64.39.14.226 ww1.portal.izb.de O1 - Hosts: 64.39.14.226 wvw.kunden-service.lbs.de O1 - Hosts: 64.39.14.226 ibanking.seb.de O1 - Hosts: 64.39.14.226 bw7.sparkasse-banking.de O1 - Hosts: 64.39.14.226 ww2.homebanking-sparkasse.de O1 - Hosts: 64.39.14.226 ww2.vr-networld-ebanking.de O1 - Hosts: 64.39.14.226 ww.bics.fr O1 - Hosts: 64.39.14.226 www.co.caixabank.fr O1 - Hosts: 64.39.14.226 ww.creditmutuel.fr O1 - Hosts: 64.39.14.226 internetbank.intesabci.it O1 - Hosts: 64.39.14.226 ww.extensive.bancalombarda.it Ultima modifica di andorra24 : 23-07-2005 alle 15:28.

21-07-2005, 07:59	#2
andorra24 Senior Member Iscritto dal: May 2005 Città: Palermo Messaggi: 6390	Prova ad usare questi 2 piccoli tool di rimozione: http://www.adwareaway.com/download/AdwareAway.exe http://www.simplytech.it/ETRemover/ETRemover_v130.zip Inoltre puoi postare il log di hijackthis.

23-07-2005, 13:59	#6
andorra24 Senior Member Iscritto dal: May 2005 Città: Palermo Messaggi: 6390	Fixa: O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing) Mi insospettisce questa voce: O4 - Global Startup: Monitor conn. telefonica.lnk = ? Ma tu usi il tin messenger? Sei sicuro che sia affidabile?

23-07-2005, 15:19	#8
andorra24 Senior Member Iscritto dal: May 2005 Città: Palermo Messaggi: 6390	Fixa: C:\WINDOWS\System32\phq.exe C:\Programmi\EnergyPlugIn\EnergyPlugin.exe C:\WINDOWS\System32\spoolvs.exe R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {3C92DBF1-2603-37D0-6F31-6BAD2A4699A9} - C:\WINDOWS\System32\qzspcov.dll (file missing) O2 - BHO: (no name) - {FBD7D6E2-241E-6D97-71C3-61FD6F620EF3} - C:\WINDOWS\System32\tvxxwrjv.dll (file missing) O4 - HKLM\..\Run: [LOCAL WEB DRIVERS FOR WIN32] phq.exe O4 - HKLM\..\Run: [EnergyPlugIn] C:\Programmi\EnergyPlugIn\EnergyPlugin.exe O4 - HKLM\..\Run: [SurfAccuracy] C:\Programmi\SurfAccuracy\SAcc.exe O4 - HKLM\..\Run: [mouse] mouse.exe O4 - HKLM\..\Run: [Systems] C:\WINDOWS\System32\itDDD.exe O4 - HKLM\..\RunServices: [Microsoft Update] wuamk032.exe O4 - HKLM\..\Run: [Services] C:\WINDOWS\system32\1.tmp O4 - HKLM\..\RunServices: [Internet2 Optimizer] wkfix.exe O4 - HKLM\..\Run: [Micromedia Flash Update] wdfmrg.exe O4 - HKLM\..\Run: [Network Access] winssh.exe O4 - HKLM\..\Run: [Microsoft Update 23] spoolvs.exe O4 - HKLM\..\Run: [OSS] C:\windows\system32\rlvknlg.exe -boot O4 - HKLM\..\RunServices: [LOCAL WEB DRIVERS FOR WIN32] phq.exe O4 - HKLM\..\RunServices: [mouse] mouse.exe O4 - HKLM\..\RunServices: [Microsoft Update] wuamk032.exe O4 - HKLM\..\RunServices: [Internet2 Optimizer] wkfix.exe O4 - HKLM\..\RunServices: [Micromedia Flash Update] wdfmrg.exe O4 - HKLM\..\RunServices: [Network Access] winssh.exe O4 - HKLM\..\RunServices: [Microsoft Update 23] spoolvs.exe O4 - HKCU\..\Run: [LOCAL WEB DRIVERS FOR WIN32] phq.exe O4 - HKCU\..\Run: [zqqf] C:\PROGRA~1\COMMON~1\zqqf\zqqfm.exe O4 - HKCU\..\Run: [Internet2 Optimizer] wkfix.exe O15 - Trusted Zone: www.archiviosex.net O15 - Trusted Zone: www.realarea.biz O15 - Trusted Zone: www.redfunny.com O15 - Trusted Zone: www.sfonditalia.biz O15 - Trusted Zone: www.skymasters.biz O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/606731.exe O16 - DPF: {F57D27AE-CE57-4BC8-B232-EA57747BE5B7} - ms-its:mhtml:file://C:\PATH.MHT!http://195.225.176.5//d//zngibps//e...m::/painter.dll O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spys...rCabInstall.cab O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energyfactor.com/di...vex_1317_it.exe O18 - Filter: text/html - {35934C6E-98E5-4E02-88AA-503DE8F6BA08} - C:\Documents and Settings\Computer\Impostazioni locali\Dati applicazioni\microsoft\internet explorer\V0.32.dat O20 - Winlogon Notify: -lyvjcwhk - C:\WINDOWS\System32\jglyvj.dll O23 - Service: Externtelecom - Unknown owner - C:\WINDOWS\extel.exe (file missing) O23 - Service: Mouse Click Monitor (mousecm) - Unknown owner - C:\WINDOWS\System32\mousecm.exe (file missing) O23 - Service: Net Functions Library (Netlib) - Unknown owner - C:\WINDOWS\System32\Netlib.exe (file missing)

23-07-2005, 15:58	#10
pippokennedy Senior Member Iscritto dal: Jun 2004 Città: Velletri ---- Trattative Concluse: 42 Stato Civile: Single Messaggi: 1296	Che vuol dire Fixa??? e sopratutto come? utilizzando cosa devo provvedere? __________________ Si Vis Pacem Para Bellum

23-07-2005, 16:24	#11
andorra24 Senior Member Iscritto dal: May 2005 Città: Palermo Messaggi: 6390	Metti la spunta accanto a tutte le voci che ti ho detto e poi clicca ''fix checked'' in modo da rimuoverle. Per quanto riguarda tutte le voci inserite in 01 devi sapere che in questa sezione si trovano i cosiddetti hosts file redirection. Molti malware utilizzano questo metodo per costringere l’utente a visitare determinati siti, infatti modificando il file host si possono ottenere reindirizzamenti all’insaputa dello user. Se gli indirizzamenti presenti nel file Hosts non sono stati inseriti da chi usa il pc bisogna procedere con il Fix delle righe. Ultima modifica di andorra24 : 23-07-2005 alle 16:27.

23-07-2005, 17:55	#12
pippokennedy Senior Member Iscritto dal: Jun 2004 Città: Velletri ---- Trattative Concluse: 42 Stato Civile: Single Messaggi: 1296	Ti ringrazio stò pulendo il secondo pc per quanto riguarda il primo...... il log che ho fatto sul mio pc comprende anche il disco G: che è il disco dell'altro pc?????? altrimenti non vorrei aver scandito solo il mio pc che non ha nulla................ __________________ Si Vis Pacem Para Bellum

23-07-2005, 18:17	#13
andorra24 Senior Member Iscritto dal: May 2005 Città: Palermo Messaggi: 6390	Ti consiglio anche di effettuare una scansione con questo: http://www.ewido.net/en/ E' molto utile in caso di spyware/adware/trojans/dialer

24-07-2005, 11:14	#14
juninho85 Bannato Iscritto dal: Mar 2004 Città: Galapagos Attenzione:utente flautolente,tienilo a mente Messaggi: 28983	'azz questo log

Strumenti
Mostra una versione stampabile Invia questa pagina per email