www.MegaLab.it

[zeppelin83]

Salve a tutti,
Inanzi tutto vi ringrazio anticipatamente per le (eventuali ) risposte ...
Dunque...avevo il pc un po infestato...e grazie alla lettura di molti post ho risolto qualcosina....con Delete Doctor ho eliminato le fastidiose icone e1xplorer e winmovie e fino a ora non si sono ripresentate (l'ho fatto 15 min fa è..... )
Ad ora comunque mi si disconette la connessione e un dialer tenta di connettersi..di seguito il log di HijackThis...che ne dite?

Logfile of HijackThis v1.99.1
Scan saved at 13.34.11, on 10/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Keymaestro\Multimedia Keyboard\nhksrv.exe
C:\Programmi\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmi\McAfee\McAfee VirusScan\VsStat.exe
C:\Programmi\McAfee\McAfee VirusScan\Vshwin32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmi\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Programmi\Winamp3\winampa.exe
C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Programmi\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Programmi\Keymaestro\Multimedia Keyboard\MMKeybd.exe
C:\WINDOWS\system32\atwtusb.exe
C:\WINDOWS\winfast.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\funk.exe
C:\Documents and Settings\Proprietario\Dati applicazioni\ratorefaci\sysrtmvs.exe
C:\WINDOWS\TEMP\sqjm1.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Programmi\LiveUpdate\LiveUpdate.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\Programmi\SAM\SAM.exe
C:\Programmi\Keymaestro\Multimedia Keyboard\TrayMon.exe
C:\Programmi\Keymaestro\Onscreen Display\OSD.exe
C:\Programmi\File comuni\Network Associates\McShield\Mcshield.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\eMule\emule.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Proprietario\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.supereva.com/cgi-bin/login.chm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\__P9HEPQKBJ.EXE,C:\WINDOWS\svchost.exe
O1 - Hosts: 127.0.0.3 www.onedayoffer.biz
O1 - Hosts: 127.0.0.3 onedayoffer.biz
O1 - Hosts: 127.0.0.3 callmachine.net
O1 - Hosts: 127.0.0.3 www.callmachine.net
O1 - Hosts: 127.0.0.3 reportbucks.com
O1 - Hosts: 127.0.0.3 www.reportbucks.com
O1 - Hosts: 127.0.0.3 isuckall.com
O1 - Hosts: 127.0.0.3 www.isuckall.com
O1 - Hosts: 127.0.0.3 wbdialer.biz
O1 - Hosts: 127.0.0.3 www.wbdialer.biz
O1 - Hosts: 127.0.0.3 alphadialer.com
O1 - Hosts: 127.0.0.3 www.alphadialer.com
O1 - Hosts: 127.0.0.3 it.online-more.com
O1 - Hosts: 127.0.0.3 www.it.online-more.com
O1 - Hosts: 127.0.0.3 statscash.net
O1 - Hosts: 127.0.0.3 www.statscash.net
O1 - Hosts: 127.0.0.3 85.255.113.242
O1 - Hosts: 127.0.0.3 takeyourbucks.com
O1 - Hosts: 127.0.0.3 www.takeyourbucks.com
O1 - Hosts: 127.0.0.3 195.225.176.25
O1 - Hosts: 127.0.0.3 iframebiz.biz
O1 - Hosts: 127.0.0.3 iframeurl.biz
O1 - Hosts: 127.0.0.3 iframesite.biz
O1 - Hosts: 127.0.0.3 toolbarbiz.biz
O1 - Hosts: 127.0.0.3 toolbarsite.biz
O1 - Hosts: 127.0.0.3 toolbarurl.biz
O1 - Hosts: 127.0.0.3 toolbartraff.biz
O1 - Hosts: 127.0.0.3 buytoolbar.biz
O1 - Hosts: 127.0.0.3 www.iframebiz.biz
O1 - Hosts: 127.0.0.3 www.iframeurl.biz
O1 - Hosts: 127.0.0.3 www.iframesite.biz
O1 - Hosts: 127.0.0.3 www.toolbarbiz.biz
O1 - Hosts: 127.0.0.3 www.toolbarsite.biz
O1 - Hosts: 127.0.0.3 www.toolbarurl.biz
O1 - Hosts: 127.0.0.3 www.toolbartraff.biz
O1 - Hosts: 127.0.0.3 www.buytoolbar.biz
O1 - Hosts: 127.0.0.3 81.9.5.9
O1 - Hosts: 127.0.0.3 n-glx.s-redirect.com
O1 - Hosts: 127.0.0.3 www.sexfiles.nu
O1 - Hosts: 127.0.0.3 awmdabest.com
O1 - Hosts: 127.0.0.3 sexfiles.nu
O1 - Hosts: 127.0.0.3 allforadult.com
O1 - Hosts: 127.0.0.3 www.allforadult.com
O1 - Hosts: 127.0.0.3 www.iframe.biz
O1 - Hosts: 127.0.0.3 iframe.biz
O1 - Hosts: 127.0.0.3 procounter.biz
O1 - Hosts: 127.0.0.3 www.procounter.biz
O1 - Hosts: 127.0.0.3 advadmin.biz
O1 - Hosts: 127.0.0.3 www.advadmin.biz
O1 - Hosts: 127.0.0.3 trafficbest.net
O1 - Hosts: 127.0.0.3 www.trafficbest.net
O1 - Hosts: 127.0.0.3 www.newiframe.biz
O1 - Hosts: 127.0.0.3 newiframe.biz
O1 - Hosts: 127.0.0.3 www.vesbiz.biz
O1 - Hosts: 127.0.0.3 vesbiz.biz
O1 - Hosts: 127.0.0.3 www.pizdato.biz
O1 - Hosts: 127.0.0.3 pizdato.biz
O1 - Hosts: 127.0.0.3 www.aaasexypics.com
O1 - Hosts: 127.0.0.3 aaasexypics.com
O1 - Hosts: 127.0.0.3 www.virgin-tgp.net
O1 - Hosts: 127.0.0.3 vparivalka.com
O1 - Hosts: 127.0.0.3 www.vparivalka.com
O1 - Hosts: 127.0.0.3 iframeprofit.com
O1 - Hosts: 127.0.0.3 www.iframeprofit.com
O1 - Hosts: 127.0.0.3 virgin-tgp.net
O1 - Hosts: 127.0.0.3 www.awmcash.biz
O1 - Hosts: 127.0.0.3 awmcash.biz
O1 - Hosts: 127.0.0.3 buldog-stats.com
O1 - Hosts: 127.0.0.3 www.buldog-stats.com
O1 - Hosts: 127.0.0.3 fregat.drocherway.com
O1 - Hosts: 127.0.0.3 slutmania.biz
O1 - Hosts: 127.0.0.3 www.slutmania.biz
O1 - Hosts: 127.0.0.3 toolbarpartner.com
O1 - Hosts: 127.0.0.3 www.toolbarpartner.com
O1 - Hosts: 127.0.0.3 www.megapornix.com
O1 - Hosts: 127.0.0.3 megapornix.com
O1 - Hosts: 127.0.0.3 www.sp2fucked.biz
O1 - Hosts: 127.0.0.3 sp2fucked.biz
O1 - Hosts: 127.0.0.3 greg-tut.com
O1 - Hosts: 127.0.0.3 www.greg-tut.com
O1 - Hosts: 127.0.0.3 nylonsexy.com
O1 - Hosts: 127.0.0.3 www.nylonsexy.com
O1 - Hosts: 127.0.0.3 topsearch10.com
O1 - Hosts: 127.0.0.3 www.topsearch10.com
O1 - Hosts: 127.0.0.3 statscash.biz
O1 - Hosts: 127.0.0.3 www.statscash.biz
O1 - Hosts: 127.0.0.3 vxiframe.biz
O1 - Hosts: 127.0.0.3 www.vxiframe.biz
O1 - Hosts: 127.0.0.3 crazy-toolbar.com
O1 - Hosts: 127.0.0.3 www.crazy-toolbar.com
O1 - Hosts: 127.0.0.3 topcash.biz
O1 - Hosts: 127.0.0.3 www.topcash.biz
O1 - Hosts: 127.0.0.3 loadcash.biz
O1 - Hosts: 127.0.0.3 www.loadcash.biz
O1 - Hosts: 127.0.0.3 txiframe.biz
O1 - Hosts: 127.0.0.3 www.txiframe.biz
O1 - Hosts: 127.0.0.3 besthvac.com
O1 - Hosts: 127.0.0.3 www.besthvac.com
O1 - Hosts: 127.0.0.3 traff4.com
O1 - Hosts: 127.0.0.3 www.traff4.com
O1 - Hosts: 127.0.0.3 porn-host.org
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {85CBFDE0-B26B-4EE5-BD3C-4DE111DE763E} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Programmi\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Programmi\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Msrv32] Msrv32.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [Emurayden PSX Emulator] c:\Program Files\Emurayden PSX Emulator v2.1\Emurayden PSX AutoLauncher.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Programmi\Keymaestro\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [_WinProc] C:\WINDOWS\winfast.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [funk] funk.exe
O4 - HKLM\..\Run: [EleFunAnimatedWallpaper] "C:\Programmi\EleFun Multimedia\Amazing Waterfall Wallpaper\Amazing Waterfall.exe" DO_NOT_START
O4 - HKLM\..\Run: [aouei] C:\Documents and Settings\Proprietario\Dati applicazioni\ratorefaci\sysrtmvs.exe
O4 - HKLM\..\Run: [sqjm1.exe] C:\WINDOWS\TEMP\sqjm1.exe
O4 - HKLM\..\RunServices: [Msrv32] Msrv32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Programmi\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [BTCLiveUpdate] "C:\Programmi\LiveUpdate\LiveUpdate.exe" /autostart
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: SAM.lnk = C:\Programmi\SAM\SAM.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O8 - Extra context menu item: Image Converter 2 ??? - C:\Programmi\Sony\Image Converter 2\menu.htm
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: EmmeCi Computers - {F6FE5D00-8F11-11d2-804F-00105A133818} - http://emmeci.com//main.php3 (file missing)
O9 - Extra 'Tools' menuitem: EmmeCi Computers - {F6FE5D00-8F11-11d2-804F-00105A133818} - http://emmeci.com//main.php3 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: www.1987324.com
O15 - Trusted Zone: www.adslconnection.name
O15 - Trusted Zone: *.p0rt2.com
O15 - Trusted Zone: www.sgrunt.biz
O15 - Trusted Zone: www.softlab.name
O15 - Trusted Zone: www.xxx-content.name
O16 - DPF: {33331111-1111-1111-1111-611111193423} -
O16 - DPF: {33331111-1111-1111-1111-611111193429} -
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://195.191.174.10/housecall/xscan53.cab
O16 - DPF: {FD18DD5E-B398-452A-B22A-B54636BA9F0D} (Aurigma Image Uploader 2.5) - http://www.digitalpix.it/controls/ImageUploader2.CAB
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://www.softlab.name/closer/close.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{53186088-D210-470D-8862-F3275F75CCE3}: NameServer = 85.37.17.55 85.38.28.93
O17 - HKLM\System\CS1\Services\Tcpip\..\{53186088-D210-470D-8862-F3275F75CCE3}: NameServer = 85.37.17.55 85.38.28.93
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\system32\vbsys2.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Programmi\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: McShield - Unknown owner - C:\Programmi\File comuni\Network Associates\McShield\Mcshield.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Programmi\Keymaestro\Multimedia Keyboard\nhksrv.exe
O23 - Service: SecGxs - Unknown owner - \\?\C:\Programmi\File comuni\System\com5.exe (file missing)
O23 - Service: UpdHug - Unknown owner - \\?\C:\Programmi\File comuni\System\lpt9.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



O15 - Trusted Zone: www.softlab.name
O15 - Trusted Zone: www.xxx-content.name

softlab mi apre delle finestre in exporer....e quelle xxx non mi piacciono... ...chiedo lumi ai piu esperti!

[crazy.cat]

Ci sono parecchi problemi oltre al dialer.
Mcafee dorme e non vede un mucchio di virus, un passaggio ad avast magari non è una cattiva idea.
Devi cancellare i file indicati in rosso e tutte le righe indicate qui sotto.

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\__P9HEPQKBJ.EXE,C:\WINDOWS\svchost.exe
O2 - BHO: (no name) - {85CBFDE0-B26B-4EE5-BD3C-4DE111DE763E} - (no file)
O4 - HKLM\..\Run: [Msrv32] Msrv32.exe
O4 - HKLM\..\Run: [_WinProc] C:\WINDOWS\winfast.exe
O4 - HKLM\..\Run: [funk] funk.exe
O4 - HKLM\..\Run: [EleFunAnimatedWallpaper] "C:\Programmi\EleFun Multimedia\Amazing Waterfall Wallpaper\Amazing Waterfall.exe" DO_NOT_START (hai idea di cosa sia questo???)
O4 - HKLM\..\Run: [aouei] C:\Documents and Settings\Proprietario\Dati applicazioni\ratorefaci\sysrtmvs.exe
O4 - HKLM\..\Run: [sqjm1.exe] C:\WINDOWS\TEMP\sqjm1.exe
O4 - HKLM\..\RunServices: [Msrv32] Msrv32.exe
O4 - Startup: SAM.lnk = C:\Programmi\SAM\SAM.exe (hai idea di cosa sia questo???)
O9 - Extra button: EmmeCi Computers - {F6FE5D00-8F11-11d2-804F-00105A133818} - http://emmeci.com//main.php3 (file missing)
O9 - Extra 'Tools' menuitem: EmmeCi Computers - {F6FE5D00-8F11-11d2-804F-00105A133818} - http://emmeci.com//main.php3 (file missing)
O15 - Trusted Zone: www.1987324.com
O15 - Trusted Zone: www.adslconnection.name
O15 - Trusted Zone: *.p0rt2.com
O15 - Trusted Zone: www.sgrunt.biz
O15 - Trusted Zone: www.softlab.name
O15 - Trusted Zone: www.xxx-content.name
O16 - DPF: {33331111-1111-1111-1111-611111193423} -
O16 - DPF: {33331111-1111-1111-1111-611111193429} -
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://www.softlab.name/closer/close.exe
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\system32\vbsys2.dll
O23 - Service: SecGxs - Unknown owner - \\?\C:\Programmi\File comuni\System\com5.exe (file missing)
O23 - Service: UpdHug - Unknown owner - \\?\C:\Programmi\File comuni\System\lpt9.exe (file missing)

In più hai il problema del link optimizer, prova il tools di rimozione
http://www.prevx.com/gromozon.asp
oppure il programma completo e aggiornato
http://www.prevx.com/security.asp

Alla fine delle pulizie (e magari con un nuovo antivirus) rifai la scansione con hijackthis.

[Amantide]

Dopo tutte queste schifezze che hai nel pc non credo che ha il senso di continuare ad usare il McAfee. Segui il consiglio di crazy.cat ed installa Avast.
Intanto, oltre ai file che lui ti ha detto di eliminare, dobbiamo pulire anche i residui di questi malvare.

Per rimuovere tutte le tracce di virus Agobot leggi le mie istruzioni in questo topic:
http://www.MegaLab.it/forum/viewtopic.php?t=23677

Per rimuovere Trojan-Clicker.Win32.Agent.ac fai cosi:
1. Vai su Task Manager e termina il processo mmups.exe
2. Vai su Start--> Esegui e digita questa riga

Codice: Seleziona tutto

regsvr32 /u C:\WINDOWS\system32\vbsys2.dll

3. Riavvia il computer ed elimina questi file:
vbsys2.dll, citato anche prima, e mmups.exe
Per trovare dove si trova il secondo file, dalle opzioni cartelle abilita la visualizzazione dei file nascosti e di cartella e cercalo tramite la funzione Cerca.

[zeppelin83]

Grazie per l'aiuto.....

SAM è una segreteria telefonica che uso per skipe quindi ok..... o no?
e Amazing Waterfall.exe è uno sfondo animato....ma lo avevo disinstallato...comunque stasera farò tutto quello che mi avete detto (ora devo scappare) poi vi faccio sapere!

ah...e1xplorer e win sono tornati all'attacco....maledetti...

Grazie mille!!

[crazy.cat]

SAM è una segreteria telefonica che uso per skipe quindi ok..... o no?
e Amazing Waterfall.exe è uno sfondo animato....ma lo avevo disinstallato...

Si, tutto ok, è solo che volte non si trovano delle spiegazioni chiare su che programmi siano e allora si chiede.

Il dialer è questo file
O4 - HKLM\..\Run: [aouei] C:\Documents and Settings\Proprietario\Dati applicazioni\ratorefaci\sysrtmvs.exe
se non si elimina lui, non se ne esce.