infezione multipla

mansell · 09-08-2007, 14:16

da quando il pc è stato spostato, e non si collega più con il router con firewall, sono invaso di visus (ora sn collegato con umts)

antivir mi rileva un bel pò di virus a ripetizione, principalmente

exp.ani.gen
tr/click.agent.np
tr/spy.vbstat.b.1
tr/click.mnb
tr/dldr.conhook.gen

sono pericolosi? come li rimuovo? ho fatto scansioni e scansioni con antivir, un giro di spybot e un giro di ad-aware lavasoft.. ma il problema rimane.
vorrei capire oltre che a rompere aprendo una finestra ogni tanto di ie, cosa altro fanno..??

wizard1993 · 09-08-2007, 14:26

log di hijackthis (http://www.trendsecure.com/portal/en...HJTInstall.exe) lo installi lo lanci accetti la licenza, clikka il primo pulsante e posta il risultato

fai pio un scan completa con kaspersky

mansell · 09-08-2007, 14:34

ecco il log, ma kapersky lo devo fare online, intsllarlo? insoma che devo fare?

Logfile of HijackThis v1.99.1
Scan saved at 15.33.08, on 09/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\Programmi\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programmi\Picasa2\PicasaMediaDetector.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\LckFldService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\System32\snmp.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Programmi\NetMeter\NetMeter.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\RealVNC\VNC4\WinVNC4.exe
C:\Programmi\Xdrive\Xdrive Desktop\XdriveService.exe
C:\Programmi\aMSN\bin\wish.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\FirefoxPreloader\FirefoxPreloader.exe
C:\Programmi\Logitech\SetPoint\KEM.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Raxco\PerfectDisk\PDEngine.exe
C:\PROGRAMMI\LOGITECH\SETPOINT\KHALMNPR.EXE
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PowerMenu\PowerMenu.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\PC Connectivity Solution\NclBTHandler.exe
C:\Programmi\Skype\Plugin Manager\SkypePM.exe
C:\Programmi\Quick ShutDown\qsd.exe
C:\Programmi\D-Tools\daemon.exe
C:\Programmi\Nokia\Nokia PC Suite 6\OneTouchAccess.exe
C:\Programmi\SpeedFan\speedfan.exe
C:\WINDOWS\system32\bpoubfaa.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
F:\Archivi e istallazioni\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mansellblog.home.services.spaces.live.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Programmi\Dealio\kb106\Dealio.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Programmi\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmi\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [StartupDelayer] "C:\Programmi\r2 Studios\Startup Delayer\Startup Launcher.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [au] C:\Programmi\Dealio\DealioAU.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [StartCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [C:\Programmi\NetMeter\NetMeter.exe] C:\Programmi\NetMeter\NetMeter.exe
O4 - Startup: PowerMenu.lnk = C:\Programmi\PowerMenu\PowerMenu.exe
O4 - Global Startup: aMSN.lnk = C:\Programmi\aMSN\amsn.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Firefox Preloader.lnk = C:\Programmi\FirefoxPreloader\FirefoxPreloader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Programmi\Dealio\kb106\res\DealioSearch.html
O8 - Extra context menu item: Download all links using BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Save to &Xdrive - res://C:\Programmi\Xdrive\Xdrive Desktop\xdrive.exe/std.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://mansellblog.spaces.live.com//...d/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/.../GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1173462475203
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://mansellblog.spaces.live.com/P...d/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{67631A60-5FC1-4340-9874-28A5581A607B}: NameServer = 193.70.152.25 193.70.192.25
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DirectX Service (Biwox) - Unknown owner - C:\WINDOWS\system32\directx.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\bpoubfaa.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programmi\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programmi\Windows Live\installer\WLSetupSvc.exe

wizard1993 · 09-08-2007, 15:40

in hijackthis fixa questi
O23 - Service: DirectX Service (Biwox) - Unknown owner - C:\WINDOWS\system32\directx.exe (file missing)
O23 - Service: DomainService - - C:\WINDOWS\system32\bpoubfaa.exe
riavvia
e poi con killbox cancella questo
C:\WINDOWS\system32\bpoubfaa.exe

mansell · 10-08-2007, 23:50

ho fatto ciò che mi hai detto, ma antivir continua a trovare virus, in C:\documentsandsetting/user/impostazionilocali/temp principalmente..
ho provato a fare una scansione con kapersky online, ma una volta trovati i virus non li leva, vuole essere pagato. non si trova un modo free di risolvere la questione?

lancetta · 11-08-2007, 00:42

ciao...puliamo il pc da temp e index dat.... fai una cosa prima disattiva il ripristino config di sistema se non sai come fare vedi QUI link

Pulita con CCleaner( QUI)disattivando dalle opzioni avanzate "cancella solo file più vecchi di 48 ore" oppure con ATF Cleaner http://www.atribune.org/ccount/click.php?id=1 (è stand alone) Avvia ATF Cleaner
(se usi Firefox o Opera, selezionali dal menu in alto)
metti la spunta su "Select All" per ogni browser
e clicca su "Empty Selected"

poi scarica Superantispyware aggiornalo e fagli fare una "Perform complete scan" da "scan your computer"

scarica a-squared Free 3.0 aggiornalo e fagli fare una scansione completa del sistema.

facci sapere.

09-08-2007, 14:16	#1
mansell Member Iscritto dal: Apr 2006 Messaggi: 273	infezione multipla da quando il pc è stato spostato, e non si collega più con il router con firewall, sono invaso di visus (ora sn collegato con umts) antivir mi rileva un bel pò di virus a ripetizione, principalmente exp.ani.gen tr/click.agent.np tr/spy.vbstat.b.1 tr/click.mnb tr/dldr.conhook.gen sono pericolosi? come li rimuovo? ho fatto scansioni e scansioni con antivir, un giro di spybot e un giro di ad-aware lavasoft.. ma il problema rimane. vorrei capire oltre che a rompere aprendo una finestra ogni tanto di ie, cosa altro fanno..??

09-08-2007, 14:26	#2
wizard1993 Senior Member Iscritto dal: Apr 2006 Messaggi: 22462	log di hijackthis (http://www.trendsecure.com/portal/en...HJTInstall.exe) lo installi lo lanci accetti la licenza, clikka il primo pulsante e posta il risultato fai pio un scan completa con kaspersky __________________ amd a64x2 4400+ sk939;asus a8n-sli; 2x1gb ddr400; x850 crossfire; 2 x western digital abys 320gb\|\| asus g1 Se striscia fulmina, se svolazza l'ammazza

09-08-2007, 15:40	#4
wizard1993 Senior Member Iscritto dal: Apr 2006 Messaggi: 22462	in hijackthis fixa questi O23 - Service: DirectX Service (Biwox) - Unknown owner - C:\WINDOWS\system32\directx.exe (file missing) O23 - Service: DomainService - - C:\WINDOWS\system32\bpoubfaa.exe riavvia e poi con killbox cancella questo C:\WINDOWS\system32\bpoubfaa.exe __________________ amd a64x2 4400+ sk939;asus a8n-sli; 2x1gb ddr400; x850 crossfire; 2 x western digital abys 320gb\|\| asus g1 Se striscia fulmina, se svolazza l'ammazza

11-08-2007, 00:42	#6
lancetta Senior Member Iscritto dal: Feb 2007 Città: Salerno...... Messaggi: 3259	ciao...puliamo il pc da temp e index dat.... fai una cosa prima disattiva il ripristino config di sistema se non sai come fare vedi QUI link Pulita con CCleaner( QUI)disattivando dalle opzioni avanzate "cancella solo file più vecchi di 48 ore" oppure con ATF Cleaner http://www.atribune.org/ccount/click.php?id=1 (è stand alone) Avvia ATF Cleaner (se usi Firefox o Opera, selezionali dal menu in alto) metti la spunta su "Select All" per ogni browser e clicca su "Empty Selected" poi scarica Superantispyware aggiornalo e fagli fare una "Perform complete scan" da "scan your computer" scarica a-squared Free 3.0 aggiornalo e fagli fare una scansione completa del sistema. facci sapere. __________________ Opera disabilitazione script ed iframe Recuperare le proprie password on line. Messenger: massima attenzione ai SITI TRUFFA \| GUIDA:ShutdownTimer (Spegnimento auto pc) \| Quando il centro sicurezza non riconosce i soft. Guida a Malwarebytes' Anti-Malware = tiemp bell e na volta...

09-08-2007, 14:34	#3
mansell Member Iscritto dal: Apr 2006 Messaggi: 273	ecco il log, ma kapersky lo devo fare online, intsllarlo? insoma che devo fare? Logfile of HijackThis v1.99.1 Scan saved at 15.33.08, on 09/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\AntiVir PersonalEdition Classic\sched.exe C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe C:\Programmi\Unlocker\UnlockerAssistant.exe C:\Programmi\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Programmi\Picasa2\PicasaMediaDetector.exe C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\LckFldService.exe C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\Programmi\Skype\Phone\Skype.exe C:\Programmi\Raxco\PerfectDisk\PDAgent.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\tcpsvcs.exe C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe C:\WINDOWS\System32\snmp.exe C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Programmi\NetMeter\NetMeter.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\RealVNC\VNC4\WinVNC4.exe C:\Programmi\Xdrive\Xdrive Desktop\XdriveService.exe C:\Programmi\aMSN\bin\wish.exe C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe C:\Programmi\FirefoxPreloader\FirefoxPreloader.exe C:\Programmi\Logitech\SetPoint\KEM.exe C:\Programmi\Mozilla Firefox\firefox.exe C:\Programmi\Raxco\PerfectDisk\PDEngine.exe C:\PROGRAMMI\LOGITECH\SETPOINT\KHALMNPR.EXE C:\Programmi\PC Connectivity Solution\ServiceLayer.exe C:\Programmi\PowerMenu\PowerMenu.exe C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\PC Connectivity Solution\NclBTHandler.exe C:\Programmi\Skype\Plugin Manager\SkypePM.exe C:\Programmi\Quick ShutDown\qsd.exe C:\Programmi\D-Tools\daemon.exe C:\Programmi\Nokia\Nokia PC Suite 6\OneTouchAccess.exe C:\Programmi\SpeedFan\speedfan.exe C:\WINDOWS\system32\bpoubfaa.exe C:\Programmi\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE F:\Archivi e istallazioni\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mansellblog.home.services.spaces.live.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Programmi\Dealio\kb106\Dealio.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [CTSysVol] C:\Programmi\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmi\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [StartupDelayer] "C:\Programmi\r2 Studios\Startup Delayer\Startup Launcher.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [au] C:\Programmi\Dealio\DealioAU.exe O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [StartCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [C:\Programmi\NetMeter\NetMeter.exe] C:\Programmi\NetMeter\NetMeter.exe O4 - Startup: PowerMenu.lnk = C:\Programmi\PowerMenu\PowerMenu.exe O4 - Global Startup: aMSN.lnk = C:\Programmi\aMSN\amsn.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Firefox Preloader.lnk = C:\Programmi\FirefoxPreloader\FirefoxPreloader.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\KEM.exe O8 - Extra context menu item: Compare Prices with &Dealio - C:\Programmi\Dealio\kb106\res\DealioSearch.html O8 - Extra context menu item: Download all links using BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm O8 - Extra context menu item: Save to &Xdrive - res://C:\Programmi\Xdrive\Xdrive Desktop\xdrive.exe/std.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://mansellblog.spaces.live.com//...d/MsnPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/.../GAME_UNO1.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1173462475203 O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://mansellblog.spaces.live.com/P...d/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{67631A60-5FC1-4340-9874-28A5581A607B}: NameServer = 193.70.152.25 193.70.192.25 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: DirectX Service (Biwox) - Unknown owner - C:\WINDOWS\system32\directx.exe (file missing) O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe O23 - Service: DomainService - - C:\WINDOWS\system32\bpoubfaa.exe O23 - Service: GoogleDesktopManager - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing) O23 - Service: PDAgent - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDEngine.exe O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing) O23 - Service: StyleXPService - Unknown owner - C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programmi\RealVNC\VNC4\WinVNC4.exe" -service (file missing) O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programmi\Windows Live\installer\WLSetupSvc.exe

10-08-2007, 23:50	#5
mansell Member Iscritto dal: Apr 2006 Messaggi: 273	ho fatto ciò che mi hai detto, ma antivir continua a trovare virus, in C:\documentsandsetting/user/impostazionilocali/temp principalmente.. ho provato a fare una scansione con kapersky online, ma una volta trovati i virus non li leva, vuole essere pagato. non si trova un modo free di risolvere la questione?

Strumenti
Mostra una versione stampabile Invia questa pagina per email