www.MegaLab.it

[soloralf]

Ciao, cortesemente potreste dare un'occhiata a questo file visto che ogni qual volta che apro internet mi escono altre finestre con delle pubblicità?

Grazie per la vostra disponibilità



Logfile of HijackThis v1.99.1
Scan saved at 22.09.39, on 25/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AOL\Active Virus Shield\avp.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\WINDOWS\VM_STI.EXE
C:\Programmi\I-Storm USB ADSL Modem\CnxDslTb.exe
C:\Programmi\AOL\Active Virus Shield\avp.exe
C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe
C:\Programmi\Winamp\winampa.exe
C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Programmi\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Documents and Settings\xp\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RemoteControl] "C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Q-CAM
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\I-Storm USB ADSL Modem\CnxDslTb.exe"
O4 - HKLM\..\Run: [aol] "C:\Programmi\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [browsefour] C:\DOCUME~1\xp\DATIAP~1\FLAPMA~1\tickace.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{8056CCBD-8817-4909-8B58-BBA200CB380E}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Programmi\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe

[crazy.cat]

Cancella queste righe e sopratutto fai sparire la cartella e il file indicato in rosso.
Poi una buona scansione con A2 squared o superantispyware non fa mai male.
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [browsefour] C:\DOCUME~1\xp\DATIAP~1\FLAPMA~1\tickace.exe

E non sbagliamo la sezione dove postare la prossima volta.

[T0p0l1n]

Salve,anche io ho lo stesso problema.Quando navigo mi si aprono delle finestre di pubblicità e mi compaiono in giro dei file come exp1orer e plug&play.Ho provato a cancellarli ma ricompaiono??Incollo qui il logfile,potete darci un'occhiata???

Logfile of HijackThis v1.99.1
Scan saved at 15.16.41, on 31/03/07
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMMI\FILE COMUNI\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
C:\PROGRAMMI\FILE COMUNI\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\MONWCHPM.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMMI\LEXMARK 2200 SERIES\LXBVBMGR.EXE
C:\PROGRAMMI\CYBERLINK DVD SOLUTION\POWERDVD\PDVDSERV.EXE
C:\PROGRAMMI\AHEAD\INCD\INCD.EXE
C:\PROGRAMMI\LG_FWUPDATE\FWUPDATE.EXE
C:\PROGRAMMI\LEXMARK 2200 SERIES\LXBVBMON.EXE
C:\WINDOWS\TEMP\LIZACA.EXE
C:\WINDOWS\SYSTEM\SYSMON.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\PROGRAMMI\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAMMI\FREEPOPS\FREEPOPSD.EXE
C:\PROGRAMMI\WINZIP\WZQKPICK.EXE
C:\WINDOWS\MENU AVVIO\PROGRAMMI\ESECUZIONE AUTOMATICA\MSWIN--596609213.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\PROGRAMMI\ALICE\ALICE ENTERNET\APP\ENTERNET.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS_199\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Symantec Core LC] C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Programmi\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LGODDFU] C:\Programmi\lg_fwupdate\fwupdate.exe
O4 - HKLM\..\Run: [LIZACA.EXE] C:\WINDOWS\TEMP\LIZACA.EXE
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\SYSTEM\sysmon.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\FILECO~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAMMI\FILE COMUNI\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Programmi\File comuni\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAMMI\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Startup: FreePOPs.lnk = C:\Programmi\FreePOPs\freepopsd.exe
O4 - Startup: Avvio Veloce di WinZip.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O4 - Startup: MSWin--596609213.exe
O4 - Startup: Digisoft AntiDialer.lnk = C:\Programmi\Digisoft AntiDialer\AntiDialer.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: &Cerca con Google - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Versione cache della pagina - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Pagine simili - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Link a ritroso - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O9 - Extra button: PhoenixNet - {77c3e1a0-9c6b-11d9-9eb7-d1c463b44565} - http://www.seqdl.com/servlets/Redir?BID=65457&CID=9875 (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.Ýìæ×ÒÒÆÄÆÈØæ¡—×ÔÕËÓîîô
O15 - Trusted Zone: *.ÒÝâÙÓâØÍÜÖÒäã⢗×ÔÕËÓîîô

[Amantide]

@ T0p0l1n

Elimina questi file:
C:\WINDOWS\SYSTEM\MONWCHPM.EXE
C:\WINDOWS\TEMP\LIZACA.EXE
C:\WINDOWS\SYSTEM\SYSMON.EXE
C:\WINDOWS\MENU AVVIO\PROGRAMMI\ESECUZIONE AUTOMATICA\MSWIN--596609213.EXE

Poi rifai la scansione con Hijackthis e fixa queste voci:
O4 - HKLM\..\Run: [LIZACA.EXE] C:\WINDOWS\TEMP\LIZACA.EXE
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\SYSTEM\sysmon.exe
O4 - Startup: MSWin--596609213.exe
O9 - Extra button: PhoenixNet - {77c3e1a0-9c6b-11d9-9eb7-d1c463b44565} - http://www.seqdl.com/servlets/Redir?BID=65457&CID=9875 (file missing)
O15 - Trusted Zone: *.Ýìæ×ÒÒÆÄÆÈØæ¡—×ÔÕËÓîîô
O15 - Trusted Zone: *.ÒÝâÙÓâØÍÜÖÒäã⢗×ÔÕËÓîîô

Fai anche la scansione con Virit.

[T0p0l1n]

Ho fatto tutto,e horifatto il logfile.grazie mill!
Puoi controllare se c'è altro?

Logfile of HijackThis v1.99.1
Scan saved at 17.36.19, on 31/03/07
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMMI\FILE COMUNI\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
C:\PROGRAMMI\FILE COMUNI\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMMI\LEXMARK 2200 SERIES\LXBVBMGR.EXE
C:\PROGRAMMI\CYBERLINK DVD SOLUTION\POWERDVD\PDVDSERV.EXE
C:\PROGRAMMI\AHEAD\INCD\INCD.EXE
C:\PROGRAMMI\LG_FWUPDATE\FWUPDATE.EXE
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\PROGRAMMI\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAMMI\FREEPOPS\FREEPOPSD.EXE
C:\PROGRAMMI\LEXMARK 2200 SERIES\LXBVBMON.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAMMI\WINZIP\WZQKPICK.EXE
C:\PROGRAMMI\DIGISOFT ANTIDIALER\ANTIDIALER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMMI\ALICE\ALICE ENTERNET\APP\ENTERNET.EXE
C:\HIJACKTHIS_199\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Programmi\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LGODDFU] C:\Programmi\lg_fwupdate\fwupdate.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\PROGRAMMI\UNLOCKER\UNLOCKERASSISTANT.EXE"
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\FILECO~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAMMI\FILE COMUNI\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Programmi\File comuni\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAMMI\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Startup: FreePOPs.lnk = C:\Programmi\FreePOPs\freepopsd.exe
O4 - Startup: Avvio Veloce di WinZip.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O4 - Startup: Digisoft AntiDialer.lnk = C:\Programmi\Digisoft AntiDialer\AntiDialer.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: &Cerca con Google - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Versione cache della pagina - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Pagine simili - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Link a ritroso - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

[Amantide]

Hai ancora i problemi?

[T0p0l1n]

I problemi che avevo riguardo ai file exp1orer e plug&play non li ho più,però facendo la scansione con VirIT ci sono dei file .exe infettati dal Trojan.win32.dialer. Come posso fare ad eliminarlo?

[crazy.cat]

I problemi che avevo riguardo ai file exp1orer e plug&play non li ho più,però facendo la scansione con VirIT ci sono dei file .exe infettati dal Trojan.win32.dialer. Come posso fare ad eliminarlo?

Quali sono questi file infetti?
Virit non li elimina?
Se non sono file importanti (e ci devi dire i nomi) li puoi eliminare con unlocker.

[Amantide]

Provvedi anche a svuotare tutte le cartelle con i file temporanei.

[T0p0l1n]

I file sono nella directory C:\Windows\Downloaded Program Files ma se ci vado non si vedono. comunque sono: sgru.exe e annuncilavoro.exe. il trojan è:
Trojan.Win32.Dialer.BG e Trojan.Win32.Dialer.FD. Virit non li elimina e non posso usare neanke unlocker xchè i file non li vedo. Se c'è altro che devo dire fatemi sapere. Ho già svuotato il file temporanei.

[Amantide]

Per poterli vedere devi abilitare la visualizzazione dei file nascosti.
Sul win98 dovrebbe trovarsi in questo percorso: apri una cartella qualsiasi, vai su Visualizza, vai su Opzioni cartella--> scheda Visualizza--> seleziona l'opzione MOSTRA TUTTI I FILE (sotto FILE NASCOSTI) o qualcosa del genere.

[T0p0l1n]

L'opzione è abilitata,ma nonostante ciò nn ci sono file nelle cartelle interessate. Dentro le cartelle interessate ho cliccato cl destro del mouse e sono andata in proprietà dove dice che c sono file e cartelle anche se in realtà non si vedono...

[T0p0l1n]

Come posso fare??

[bReAkDOwN]

Come posso fare??

Prova a fare così: apri un prompt di msdos (menu avvio -> esegui -> command)
Dentro al prompt esegui cd \windows
poi
attrib -s "downloaded program files"
chiudi tute le finestre aperte delle varie cartelle.
Poi riapri la cartella windows e downloaded program files e vedi se adesso vedi più file rispetto a prima, fra cui quelli infetti.
Prova a cancellarli manualmente, ma è probabile che non si cancellino.
Se non si cancellano prova a rinominarli, a caso, basta che cambi una lettera del nome.
A quel punto riavvia il pc e vedi se adesso si lasciano cancellare.