Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

www.1987324.com?301 & Logfile da mani nei capelli

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Rispondi al messaggio

www.1987324.com?301 & Logfile da mani nei capelli

Messaggioda zolfa » gio lug 06, 2006 11:13 am

Ciao a tutti.
Ho già visto sul vostro sito la possibile soluzione per togliere il fastidioso dialer che fa aprire Internet Explorer su www.1987324.com?301.
Purtroppo però mi sembra che il mio logfile sia decisamente compromesso, anche da da precedenti dialer, virus, etc.
Mi potreste indicare con precisione cosa cancellare?

Grazie fin da ora per ogni possibile suggerimento.
Ciao Zolfa.
Logfile of HijackThis v1.99.1
Scan saved at 11.52.19, on 06/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\trcboot.exe
C:\WINDOWS\System32\drivers\appnnode.exe
C:\Programmi\NavNT\defwatch.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\NavNT\rtvscan.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Analog Devices\SoundMAX\Smtray.exe
C:\Programmi\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Programmi\NavNT\vptray.exe
C:\Programmi\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Programmi\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Java\j2re1.4.2_06\bin\jusched.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Microsoft IntelliType Pro\type32.exe
C:\Programmi\Java\j2re1.4.2_06\bin\jucheck.exe
C:\Programmi\Microsoft IntelliPoint\point32.exe
C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\sysmon.exe
C:\Programmi\iISystem Wiper\SystemWiper.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe
C:\Programmi\WinZip\WZQKPICK.EXE
\Pcchristian\c$\Programmi\Focalpoint\DPS\MQClient.exe
C:\PROGRA~1\FOCALP~1\DPS\system\dpsexe.exe
C:\Documents and Settings\christian\Desktop\HiJack\HijackThis.exe
C:\WINDOWS\System32\HPBPRO.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.1987324.com?301
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.compaq.com/1Q00CDT/0410/bl7.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O1 - Hosts: 205.214.67.211 auto.search.msn.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Programmi\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [WCOLOREAL] C:\Programmi\COMPAQ\Coloreal\coloreal.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
O4 - HKLM\..\Run: [vptray] C:\Programmi\NavNT\vptray.exe
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Programmi\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Programmi\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Programmi\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Jawa32] C:\WINDOWS\jawa32.exe
O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Connectors] C:\WINDOWS\system32\Foox\Videochat1.EXE -d
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [type32] "C:\Programmi\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\system32\sysmon.exe
O4 - HKLM\..\Run: [lzmid.exe] C:\WINDOWS\system32\lzmid.exe
O4 - HKCU\..\Run: [iIWiper] C:\Programmi\iISystem Wiper\SystemWiper.exe m
O4 - HKCU\..\Run: [Rchu] C:\Documents and Settings\Christian.S-I\Dati applicazioni\nunb.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [shell] "C:\Programmi\File comuni\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcStd7_0_0
O4 - Startup: MQ Client.lnk = Programmi\Focalpoint\DPS\MQClient.exe
O4 - Startup: Print Manager.lnk = My Documents\Focalpoint PM\Host.gsa
O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connectors - {DA002853-42D9-4A47-A236-896D32BB7EC7} - C:\WINDOWS\system32\Foox\VIDEOC~1.EXE (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: www.1987324.com
O16 - DPF: {10981C84-2509-402D-9E30-CB889453B1BE} (B2BFlashLoader.B2BFlashLoaderLib) - http://www.tuagenzia.it/downloadfiles/a ... Loader.CAB
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab
O16 - DPF: {273415DA-A564-43AE-BD81-593377AF0FDA} (ServicesLib.ServicesMgr) - http://10.193.128.140/NVPportal/htdocs/ ... cesLib.CAB
O16 - DPF: {2D36AF92-04D3-11D8-B719-0000865F231B} (TMinReq Class) - https://my.sabre.com/jars/TMinReqX.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 5348390317
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2031326877
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - https://my.sabre.com/JavaPlugin/jinstal ... s-i586.cab
O16 - DPF: {B68AAAA1-D045-4ADC-8A7D-350F9F59CC7F} (NvpManager.Interface) - http://10.193.128.140/NVPportal/htdocs/ ... anager.cab
O16 - DPF: {F7FD91D1-45E6-4349-B698-F976062DAC26} - http://www.storage-tasp.com/gs/gsa_1656.exe
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energy-factor.com/diale ... 873_it.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = S-I.it
O17 - HKLM\Software\..\Telephony: DomainName = S-I.it
O17 - HKLM\System\CCS\Services\Tcpip\..\{0AEBCAB3-A7BD-4E37-988E-1AF14CF30F31}: NameServer = 85.255.113.205,85.255.112.66
O17 - HKLM\System\CCS\Services\Tcpip\..\{20B22A2C-A078-4EA3-BE2F-D9BE2D5C0203}: NameServer = 85.255.113.205,85.255.112.66
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F028480-1F11-4338-8971-EB7EA59CEACA}: NameServer = 85.255.113.205,85.255.112.66
O17 - HKLM\System\CCS\Services\Tcpip\..\{9150C7F2-E71D-4F53-876F-EB9B346A7C57}: NameServer = 85.255.113.205,85.255.112.66
O17 - HKLM\System\CCS\Services\Tcpip\..\{BB334E7B-0FB7-40C0-ADF9-AC2D7D3E3BAD}: NameServer = 85.255.113.205,85.255.112.66
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = S-I.it
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.205 85.255.112.66
O17 - HKLM\System\CS1\Services\Tcpip\..\{0AEBCAB3-A7BD-4E37-988E-1AF14CF30F31}: NameServer = 85.255.113.205,85.255.112.66
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.205 85.255.112.66
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AppnNode - Unknown owner - C:\WINDOWS\System32\drivers\appnnode.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Programmi\NavNT\defwatch.exe
O23 - Service: Servizio iPod (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Server - Symantec Corporation - C:\Programmi\NavNT\rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrcBoot - Unknown owner - C:\WINDOWS\System32\drivers\trcboot.exe
Avatar utente
zolfa
Neo Iscritto
Neo Iscritto
 
Messaggi: 9
Iscritto il: gio lug 06, 2006 11:02 am
Top

Messaggioda crazy.cat » gio lug 06, 2006 12:48 pm

Hai parecchi problemi....
Utilizzando questo programma
http://www.MegaLab.it/2427
selezioni i file che ti indico in rosso e premi Delete file on system Restart

Scansione ricerca virus dalla modalità provvisoria
http://www.MegaLab.it/2349

Elimini queste righe con hijackthis
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.1987324.com?301
O1 - Hosts: 205.214.67.211 auto.search.msn.com
O4 - HKLM\..\Run: [Jawa32] C:\WINDOWS\jawa32.exe
O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe
O4 - HKLM\..\Run: [Connectors] C:\WINDOWS\system32\Foox\Videochat1.EXE -d
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\system32\sysmon.exe
O4 - HKLM\..\Run: [lzmid.exe] C:\WINDOWS\system32\lzmid.exe
O4 - HKCU\..\Run: [Rchu] C:\Documents and Settings\Christian.S-I\Dati applicazioni\nunb.exe
O4 - HKCU\..\Run: [shell] "C:\Programmi\File comuni\Microsoft Shared\Web Folders\ibm00001.exe"
O9 - Extra button: Connectors - {DA002853-42D9-4A47-A236-896D32BB7EC7} - C:\WINDOWS\system32\Foox\VIDEOC~1.EXE (file missing)
O15 - Trusted Zone: www.1987324.com
O16 - DPF: {F7FD91D1-45E6-4349-B698-F976062DAC26} - http://www.storage-tasp.com/gs/gsa_1656.exe
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energy-factor.com/diale ... 873_it.exe

Usi dei programmi della IBM???
Altrimenti sono sospetti anche questi
O23 - Service: AppnNode - Unknown owner - C:\WINDOWS\System32\drivers\appnnode.exe
O23 - Service: TrcBoot - Unknown owner - C:\WINDOWS\System32\drivers\trcboot.exe
Ultima modifica di crazy.cat il gio lug 06, 2006 1:38 pm, modificato 1 volta in totale.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre
Top

Messaggioda zolfa » gio lug 06, 2006 1:31 pm

Ciao Carzy.Cat,
ti ringrazio per la celere risposta, ma non riesco a capire quali sono i file da cancellare con Delete Doctor.
Non trovo nulla indicato in rosso!!!! Non sono daltonico vero?

In attesa procedo con le altre indicazioni....... si ho un programma IBM (IBM Personal Communications).

Grazie ciao
Avatar utente
zolfa
Neo Iscritto
Neo Iscritto
 
Messaggi: 9
Iscritto il: gio lug 06, 2006 11:02 am
Top
Top

Messaggioda crazy.cat » gio lug 06, 2006 1:40 pm

zolfa ha scritto:Non trovo nulla indicato in rosso!!!! Non sono daltonico vero?


Cosa ci vuoi fare, la vecchiaia avanza e perdo colpi....e poi oggi siete scatenati arrivano un muccio di problemi e non ci sto dietro.
Adesso sono in rosso.

Ho tolto una riga dal log delle cose da eliminare il programma era buono.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre
Top

Messaggioda zolfa » gio lug 06, 2006 1:41 pm

OK adesso li vedo
Avatar utente
zolfa
Neo Iscritto
Neo Iscritto
 
Messaggi: 9
Iscritto il: gio lug 06, 2006 11:02 am
Top

Messaggioda crazy.cat » gio lug 06, 2006 1:42 pm

questo non eliminarlo mi era sfuggita la riga è buono
O4 - HKCU\..\Run: [iIWiper] C:\Programmi\iISystem Wiper\SystemWiper.exe m
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre
Top

c'è ancora???

Messaggioda essed » lun lug 24, 2006 12:25 pm

Ciao mi sono imbattuta nello stesso tipo di problema..ho tentato di eliminare tutto quello che ho creduto fosse correlato. e al momento sembra che la pagina iniziale del browser sia impostata su google.
...insomma qui c'è il mio log e lui saprà dire più di me:

grazie tante assai!

Logfile of HijackThis v1.99.1
Scan saved at 12:58:40, on 24/07/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

(Unable to list running processes)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\SERVICES.EXE
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O2 - BHO: Burn4Free Toolbar Helper - {F8E5CA21-C27B-43e7-B2BE-4CA93C9F9A1F} - C:\Programmi\Burn4Free Toolbar\v2.0.0.5\Burn4Free_Toolbar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Burn4Free Toolbar - {70DE7956-479D-4eb7-8641-2B45774C350E} - C:\Programmi\Burn4Free Toolbar\v2.0.0.5\Burn4Free_Toolbar.dll
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\RunServices: [notes] notepaad.exe
O4 - HKCU\..\Run: [Caffe-Server] c:\program files\Caffe\Server.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O15 - Trusted Zone: www.1987324.com
O15 - Trusted Zone: www.adslconnection.name
O15 - Trusted Zone: www.otherchance.com
O15 - Trusted Zone: www.softlab.name
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\\MAIN.MHT!http://66.98.244.67//tor//it//chm//online.chm::/on-line.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5486412833
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.c ... hcImpl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {A8680DA2-873A-11D4-928C-0050DAC7E112} (CTI_RECORDER) - http://fwbox.fastwebnet.it/webmail/comp ... plorer.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {DF6504AC-3EFE-4287-B259-FB299B069C95} (WEBDE Fotoalbum Upload Control) - https://img.web.de/v/fotoalbum/activex/upload_11110.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2FFA27DF-3492-4A06-9733-C61E4D66A21D}: NameServer = 62.211.69.150,212.48.4.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2C1FB77-9963-47C0-80CD-99D286902C78}: NameServer = 62.211.69.150,212.48.4.15
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\Software Bluetooth\bin\btwdins.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe (file missing)
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE
Avatar utente
essed
Neo Iscritto
Neo Iscritto
 
Messaggi: 1
Iscritto il: lun lug 24, 2006 12:11 pm
Top

Messaggioda andorra24 » lun lug 24, 2006 1:18 pm

Ciao, metti la spunta nella casellina accanto alle seguenti voci e premi fix checked:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 (se non usi proxy fixala)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\SERVICES.EXE
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O4 - HKLM\..\RunServices: [notes] notepaad.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O15 - Trusted Zone: www.1987324.com
O15 - Trusted Zone: www.adslconnection.name
O15 - Trusted Zone: www.otherchance.com
O15 - Trusted Zone: www.softlab.name
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\\MAIN.MHT!http://66.98.244.67//tor//it//chm//online.chm::/on-line.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe (file missing)

Vai su start/risorse del computer/strumenti/opzioni cartella/visualizzazione e metti la spunta su visualizza cartelle file nascosti e togli la spunta da ''nascondi i file protetti di sistema''.

Scarica killbox da qui:
http://www.bleepingcomputer.com/files/killbox.php

Con killbox elimina il seguente file exe:
C:\WINDOWS\SERVICES.EXE

Fai una scansione con ewido:
http://www.grisoft.cz/softw/70/filedir/ ... 0.172b.exe
Avatar utente
andorra24
Aficionado
Aficionado
 
Messaggi: 145
Iscritto il: ven mag 19, 2006 10:30 pm
Top
Rispondi al messaggio

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 9 ospiti

cron
Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising