www.MegaLab.it

[robertorsv]

scusate il probvelam da un altro vostro amico è stato eliminato ma no come da voi consigliato... il mio problema è l'apertura di un sito chiamato webcont che disisconette la mia navigazione




qui c'è tutto se vedete altre schifezze ditemelo x cortesia che elimino. grazie mille



Logfile of HijackThis v1.99.1
Scan saved at 19.46.03, on 13/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe
C:\WINDOWS\system\driver\csrss.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\Anti-Blaxx\Anti-Blaxx.exe
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\VVSN\VVSN.exe
C:\Programmi\Browser Mouse\mouse32a.exe
C:\Programmi\Winamp\winampa.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Temp\ipsx3.exe
C:\DOCUME~1\ALESSA~1\IMPOST~1\Temp\Rar$EX00.266\Davideo Vhs Copy 2006 It.exe
C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Programmi\ADSL\StarModem ADSL USB MODEM\DSLMON.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Azureus\Azureus.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\ALESSA~1\IMPOST~1\Temp\Rar$EX00.547\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {D2882684-593E-C19B-315F-9007606C030A} - C:\WINDOWS\ielex1.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll (file missing)
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Toolbar Suite\TB\02.05.0000.1082\it-it\msntb.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [9xadiras] 9xadiras.exe
O4 - HKLM\..\Run: [2kadiras] 2kadiras.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Programmi\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [VVSN] C:\Programmi\VVSN\VVSN.exe
O4 - HKLM\..\Run: [64 MODE INFO SKIP] C:\Documents and Settings\All Users\Dati applicazioni\Fasttime64mode\grimdead.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programmi\Browser Mouse\mouse32a.exe
O4 - HKLM\..\Run: [ipsx1.exe] C:\WINDOWS\Temp\ipsx1.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ipsx2.exe] C:\WINDOWS\Temp\ipsx2.exe
O4 - HKLM\..\Run: [ipsx3.exe] C:\WINDOWS\Temp\ipsx3.exe
O4 - HKLM\..\Run: [ipsx4.exe] C:\WINDOWS\Temp\ipsx4.exe
O4 - HKLM\..\Run: [ipsx5.exe] C:\WINDOWS\Temp\ipsx5.exe
O4 - HKLM\..\Run: [Services] C:\DOCUME~1\ALESSA~1\IMPOST~1\Temp\Rar$EX00.266\Davideo Vhs Copy 2006 It.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Programmi\ScanSoft\OmniPageSE2.0\EregIta\Ereg.exe" -r "C:\Programmi\ScanSoft\OmniPageSE2.0\EregIta\ereg.ini"
O4 - HKLM\..\Run: [ipsx6.exe] C:\WINDOWS\Temp\ipsx6.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DrefIW] C:\WINDOWS\system32\SysDrefIWv2.exe
O4 - HKCU\..\Run: [Cast Warn] C:\DOCUME~1\ALESSA~1\DATIAP~1\POPPIN~1\Media Cake Hole.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Programmi\ADSL\StarModem ADSL USB MODEM\DSLMON.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Programmi\MSN Toolbar Suite\DS\02.05.0001.1119\it-it\bin\WindowsSearch.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: *.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{5FA36067-466C-4207-9E41-71B7EE65EF73}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winmbj32 - C:\WINDOWS\SYSTEM32\winmbj32.dll
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
O23 - Service: NTLOAD - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe
O23 - Service: NTSVCMGR - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[Amantide]

Eh mamma!!! quanta robaccia ci sta...
Ma ce l'hai un antivirus? Io vedo solo il firewall...

Conosci queste cose?

O4 - HKLM\..\Run: [64 MODE INFO SKIP] C:\Documents and Settings\All Users\Dati applicazioni\Fasttime64mode\grimdead.exe
O4 - HKCU\..\Run: [Cast Warn] C:\DOCUME~1\ALESSA~1\DATIAP~1\POPPIN~1\Media Cake Hole.exe

Se no fixali insieme a quest' altre voci:

R3 - Default URLSearchHook is missing
O2 - BHO: Class - {D2882684-593E-C19B-315F-9007606C030A} - C:\WINDOWS\ielex1.dll (file missing
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll (file missing)
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Toolbar Suite\TB\02.05.0000.1082\it-it\msntb.dll (file missing)
O4 - HKLM\..\Run: [VVSN] C:\Programmi\VVSN\VVSN.exe
O4 - HKLM\..\Run: [ipsx1.exe] C:\WINDOWS\Temp\ipsx1.exe
O4 - HKLM\..\Run: [ipsx2.exe] C:\WINDOWS\Temp\ipsx2.exe
O4 - HKLM\..\Run: [ipsx3.exe] C:\WINDOWS\Temp\ipsx3.exe
O4 - HKLM\..\Run: [ipsx4.exe] C:\WINDOWS\Temp\ipsx4.exe
O4 - HKLM\..\Run: [ipsx5.exe] C:\WINDOWS\Temp\ipsx5.exe
O4 - HKLM\..\Run: [ipsx6.exe] C:\WINDOWS\Temp\ipsx6.exe
O4 - HKCU\..\Run: [DrefIW] C:\WINDOWS\system32\SysDrefIWv2.exe
O15 - Trusted Zone: *.3
O20 - Winlogon Notify: winmbj32 - C:\WINDOWS\SYSTEM32\winmbj32.dll
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner -
C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
O23 - Service: NTLOAD - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe
O23 - Service: NTSVCMGR - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe

Dopo disattiva il ripristino configurazioni di sistema, pulisci i file temporanei (puoi farlo dalle Opzioni Internet), scarica Unlocker ed elimina questi file:

C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe
C:\WINDOWS\system\driver\csrss.exe
C:\Programmi\VVSN\VVSN.exe
C:\WINDOWS\Temp\ipsx3.exe

Fai la scansione on-line con Ewido ed installa un buon antivirus.

[robertorsv]

grazie mille ho fatto tutto ma non riesco a usare unlocker nn parte c'è qualche altro programma?
un grazie comunque per il resto

[Amantide]

Si, ci sono anche gli altri programmi simili, dipende dai gusti personali.
Puoi provare con Delete Doctor oppure con Killbox.