- Home
- Categorie
- Gaming, Hardware e Software
- Sicurezza Informatica & Privacy
- virus contro hi-jack-this
-
SizeofResource 7C80BC69 7 Bytes JMP 27001C10 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3492] kernel32.dll!LockResource 7C80CC97 5 Bytes JMP 27001CC0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3492] kernel32.dll!CreateEventA 7C8307ED 5 Bytes JMP 27001830 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3492] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 5 Bytes JMP 004DE392 C:\Programmi\MSN Messenger\msnmsgr.exe
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3492] ADVAPI32.dll!CryptDeriveKey 77F5A685 7 Bytes JMP 27001000 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3492] ADVAPI32.dll!CryptDecrypt 77F5A7B1 2 Bytes JMP 27001050 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3492] ADVAPI32.dll!CryptDecrypt + 3 77F5A7B4 4 Bytes [ 0A, AF, CC, CC ]
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3492] USER32.dll!PeekMessageW 7E39928B 5 Bytes JMP 270037A0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3492] USER32.dll!CreateWindowExW 7E39FF30 5 Bytes JMP 270032B0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3492] USER32.dll!SetWindowRgn 7E3A02BD 7 Bytes JMP 27004AF0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3492] USER32.dll!CreateDialogParamW 7E3A82A4 5 Bytes JMP 27004B90 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3492] USER32.dll!SetWindowPlacement 7E3ADF56 5 Bytes JMP 27004A10 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3492] USER32.dll!MessageBoxIndirectW 7E3E6425 5 Bytes JMP 27004CF0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3492] USER32.dll!TrackPopupMenuEx 7E3ECEA0 5 Bytes JMP 27003F70 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3492] WS2_32.dll!send 71A3428A 5 Bytes JMP 27008B80 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3492] WS2_32.dll!WSARecv 71A34318 5 Bytes JMP 27008970 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3492] WS2_32.dll!recv 71A3615A 5 Bytes JMP 270087E0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3492] WS2_32.dll!WSASend 71A36233 5 Bytes JMP 27008D00 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3492] WS2_32.dll!closesocket 71A39639 5 Bytes JMP 27008F10 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3492] SHELL32.dll!Shell_NotifyIconW 7CA31B6A 5 Bytes JMP 27002B00 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3492] ole32.dll!CoInitializeEx 774CEF7B 5 Bytes JMP 27001D20 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3492] ole32.dll!CoRegisterClassObject 774E7EC8 5 Bytes JMP 27001E20 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3492] WININET.dll!InternetCloseHandle 771BDA79 5 Bytes JMP 27007A40 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3492] WININET.dll!HttpOpenRequestA 771C4341 5 Bytes JMP 27007760 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3492] WININET.dll!InternetReadFile 771CABAC 5 Bytes JMP 270078C0 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Programmi\MSN Messenger\msnmsgr.exe[3492] WININET.dll!HttpSendRequestA 771CCD38 5 Bytes JMP 27007990 C:\Programmi\Messenger Plus! Live\MsgPlusLive.dll
---- Threads - GMER 1.0.12 ----
Thread 4:128 86BC58E0
Thread 4:132 86BC58E0
Thread 4:136 86AF48D0
Thread 4:140 86AF48D0
Thread 4:144 86AF48D0
Thread 4:432 86BC58E0
Thread 4:568 86BC58E0
---- Files - GMER 1.0.12 ----
ADS C:\Documents and Settings\Utente Pc\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]
DFSR\Staging\CS{56DAD3A5-0E9A-F68C-D059-A2AF12AA57D6}\01
10-{56DAD3A5-0E9A-F68C-D059-A2AF12AA57D6}-v1-
{2FDC460C-3561-4893-A64D-1FDC761ABA71}
-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Utente Pc\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]
DFSR\Staging\CS{2BF3BD0C-CA7C-6328-D97D-284B45888396}\01\11-
{2BF3BD0C-CA7C-6328-D97D-284B45888396}
-v1-{2FDC460C-3561-4893-A64D-1FDC761ABA71}-v11-Downloaded.frx:
{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Utente Pc\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]
DFSR\Staging\CS{2BF3BD0C-CA7C-6328-D97D-284B45888396}\12\19-
{2FDC460C-3561-4893-A64D-1FDC761ABA71}
-v12-{2FDC460C-3561-4893-A64D-1FDC761ABA71}-v19-Downloaded.frx:
{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Utente Pc\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]
DFSR\Staging\CS{2BF3BD0C-CA7C-6328-D97D-284B45888396}\12\19-
{2FDC460C-3561-4893-A64D-1FDC761ABA71}
-v12-{2FDC460C-3561-4893-A64D-1FDC761ABA71}-v19-Downloaded.frx:
{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}
.XPRESS
ADS C:\Documents and Settings\Utente Pc\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata
[email][email protected][/email]\DFSR\Staging
CS{2BF3BD0C-CA7C-6328-D97D-284B45888396}
13\25-{2FDC460C-3561-4893-A64D-1FDC761ABA71}-v13-
{2FDC460C-3561-4893-A64D-1FDC761ABA71}
-v25-Downloaded.frx:
{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Utente Pc\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata
[email][email protected][/email]
DFSR\Staging\CS{2BF3BD0C-CA7C-6328-D97D-284B45888396}\13\25-
{2FDC460C-3561-4893-A64D-1FDC761ABA71}
-v13-{2FDC460C-3561-4893-A64D-1FDC761ABA71}-v25-Downloaded.frx:
{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.
XPRESS
ADS C:\Documents and Settings\Utente Pc\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata
[email][email protected][/email]
DFSR\Staging\CS{2BF3BD0C-CA7C-6328-D97D-284B45888396}\14\14-
{13EED4BE-35C8-4684-9C9C-276F6E55BE1E}-v14-
{13EED4BE-35C8-4684-9C9C-276F6E55BE1E}-v14-Downloaded.frx:
{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Utente Pc\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata
[email][email protected][/email]
DFSR\Staging\CS{2BF3BD0C-CA7C-6328-D97D-284B45888396}\14\21-
{2FDC460C-3561-4893-A64D-1FDC761ABA71}-v14-
{2FDC460C-3561-4893-A64D-1FDC761ABA71}-v21-Downloaded.frx:
{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Utente Pc\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata
[email][email protected][/email]
DFSR\Staging\CS{2BF3BD0C-CA7C-6328-D97D-284B45888396}\14\21-
{2FDC460C-3561-4893-A64D-1FDC761ABA71}-
v14-{2FDC460C-3561-4893-A64D-1FDC761ABA71}-v21-Downloaded.frx:
{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Utente Pc\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]
DFSR\Staging\CS{2BF3BD0C-CA7C-6328-D97D-284B45888396}\15\24-
{13EED4BE-35C8-4684-9C9C-276F6E55BE1E}
-v15-{2FDC460C-3561-4893-A64D-1FDC761ABA71}-v24-Downloaded.frx:
{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Utente Pc\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata
[email][email protected][/email]
DFSR\Staging\CS{2BF3BD0C-CA7C-6328-D97D-284B45888396}\15\24-
{13EED4BE-35C8-4684-9C9C-276F6E55BE1E}
-v15-{2FDC460C-3561-4893-A64D-1FDC761ABA71}-v24-Downloaded.frx:
{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Utente Pc\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]
DFSR\Staging\CS{2BF3BD0C-CA7C-6328-D97D-284B45888396}\17\23-
{2FDC460C-3561-4893-A64D-1FDC761ABA71}-
v17-{2FDC460C-3561-4893-A64D-1FDC761ABA71}-v23-Downloaded.frx:
{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Utente Pc\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata
[email][email protected][/email]
DFSR\Staging\CS{2BF3BD0C-CA7C-6328-D97D-284B45888396}\17\23-
{2FDC460C-3561-4893-A64D-1FDC761ABA71}
-v17-{2FDC460C-3561-4893-A64D-1FDC761ABA71}-v23-Downloaded.frx:
{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Utente Pc\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata
[email][email protected][/email]
DFSR\Staging\CS{2BF3BD0C-CA7C-6328-D97D-284B45888396}\18\20-
{13EED4BE-35C8-4684-9C9C-276F6E55BE1E}-
v18-{2FDC460C-3561-4893-A64D-1FDC761ABA71}-v20-Downloaded.frx:
{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Utente Pc\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]
DFSR\Staging\CS{2BF3BD0C-CA7C-6328-D97D-284B45888396}\18\20-
{13EED4BE-35C8-4684-9C9C-276F6E55BE1E}-
v18-{2FDC460C-3561-4893-A64D-1FDC761ABA71}-v20-Downloaded.frx:
{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
---- EOF - GMER 1.0.12 ----
-
nn ho kapito bene la parte del "processi attivi" cmq boh dimmi se va bene questo xD Microsoft Windows XP [Versione 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Utente Pc>tasklist
Nome immagine PID Nome sessione Sessione Utilizzo mem
========================= ====== ================ ======== ============
System Idle Process 0 Console 0 28 K
System 4 Console 0 264 K
smss.exe 684 Console 0 700 K
csrss.exe 732 Console 0 6.380 K
winlogon.exe 760 Console 0 10.620 K
services.exe 804 Console 0 9.972 K
lsass.exe 816 Console 0 14.220 K
ati2evxx.exe 964 Console 0 5.388 K
svchost.exe 980 Console 0 12.128 K
svchost.exe 1088 Console 0 10.844 K
svchost.exe 1128 Console 0 158.252 K
svchost.exe 1204 Console 0 9.804 K
svchost.exe 1356 Console 0 11.240 K
spoolsv.exe 1532 Console 0 13.028 K
cisvc.exe 1720 Console 0 224 K
GoogleUpdaterService.exe 1756 Console 0 11.156 K
MDM.EXE 1792 Console 0 8.460 K
HPZipm12.exe 1816 Console 0 4.912 K
svchost.exe 1936 Console 0 11.076 K
VIRITSVC.EXE 1960 Console 0 6.180 K
alg.exe 340 Console 0 9.796 K
ati2evxx.exe 1188 Console 0 5.864 K
wuauclt.exe 168 Console 0 58.140 K
taskmgr.exe 536 Console 0 2.640 K
wmiprvse.exe 2460 Console 0 13.404 K
iexplore.exe 2628 Console 0 4.488 K
ctfmon.exe 2692 Console 0 10.536 K
WLLoginProxy.exe 2776 Console 0 16.144 K
GoogleToolbarNotifier.exe 3064 Console 0 1.888 K
usnsvc.exe 3960 Console 0 5.312 K
cidaemon.exe 2028 Console 0 480 K
gmer.exe 1916 Console 0 1.192 K
cmd.exe 1044 Console 0 3.644 K
tasklist.exe 3740 Console 0 5.656 K
-
Vivy90,
prova a rinominare hijackthis e vedi se va!!p.s. effettua un nuovo scan con virit in "modalita' provvisoria e aggiornato"; se rileva qualcosa la scansione, riporta qui il log!
-
dov'è hi jack this nel registro?
-
@Vivy90 said:
dov'è hi jack this nel registro?
Download hijackthis!
prova a rinominare hijackthis e vedi se va!!
-
in mod. provvisoria aggiornato : VirIT eXplorer Lite Log
[SCANSIONE DELLA MEMORIA]
OK19/04/2007 - 14:32:45
[SCANSIONE DEL REGISTRO]
{D5792AA9-D373-4039-8670-2CDAB6A71F15} Infetto da Adware.BitRoll.A-
-
- RIMOSSO * * *
[A:]
BOOT SECTOR: OK
- RIMOSSO * * *
-
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OKC:\Documents and Settings\Utente Pc\Impostazioni locali\Temp\11939296.exe Infetto da Trojan.Win32.Small.PM
-
-
- RIMOSSO * * *
C:\Documents and Settings\Utente Pc\Impostazioni locali\Temp\18525843.exe Infetto da Trojan.Win32.Small.PM
Il file sarà spostato nella cartella di quarantena.
C:\Documents and Settings\Utente Pc\Impostazioni locali\Temp\51055546.exe Infetto da Trojan.Win32.Small.PM
- RIMOSSO * * *
-
-
-
- RIMOSSO * * *
C:\Documents and Settings\Utente Pc\Impostazioni locali\Temp\679281.exe Infetto da Trojan.Win32.Small.PM
- RIMOSSO * * *
-
-
-
- RIMOSSO * * *
C:\Documents and Settings\Utente Pc\Impostazioni locali\Temp\679359.exe Infetto da Trojan.Win32.Small.PM
- RIMOSSO * * *
-
-
-
- RIMOSSO * * *
C:\Programmi\BitDownload\TorrentManager.dll Infetto da Adware.BitRoll.A
Contattare il Supporto Tecnico TG Soft
C:\WINDOWS\system32\hphupjch.log Infetto da Trojan.Win32.Agent.AQS
- RIMOSSO * * *
-
-
-
- RIMOSSO * * *
-
[D:]
Chiavi Registro infette: 1.
Files Infetti: 7.
Files Sospetti: 0.
Files Analizzati: 32940.
Files Totali: 32940.
Chiavi Registro rimosse: 1.
Virus Rimossi: 5.Adesso puoi RIAVVIARE il computer per spostare il file nella cartella di quarantena.
[SCANSIONE DELLA MEMORIA]
OK23/04/2007 - 13:43:27
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK[SCANSIONE DELLA MEMORIA]
OK23/04/2007 - 23:07:49
[SCANSIONE DEL REGISTRO]
OK
[A:]
BOOT SECTOR: OK[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OKC:\Programmi\BitDownload\TorrentManager.dll Infetto da Adware.BitRoll.A
-
-
- RIMOSSO * * *
C:\QUARANTENA_VIRIT\18525843.exe Infetto da Trojan.Win32.Small.PM
- RIMOSSO * * *
-
-
-
- RIMOSSO * * *
-
[D:]
Chiavi Registro infette: 0.
Files Infetti: 2.
Files Sospetti: 0.
Files Analizzati: 30580.
Files Totali: 30580.
Chiavi Registro rimosse: 0.
Virus Rimossi: 2.
-
-
ed ekko log hijackthis " adesso nn mi chiude + internet scrivendo hijackthis :)" Logfile of HijackThis v1.99.1
Scan saved at 23.34.37, on 23/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Programmi\Multi_Media\tbMul1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Programmi\Multi_Media\tbMul1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Programmi\Multi_Media\tbMul1.dll
O4 - HKLM..\Run: [LanzarL2007] "C:\DOCUME~1\UTENTE~1\IMPOST~1\Temp{27A650E0-84FA-447E-88B6-5CE350355E3A}
{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}....\L2007tmp\Setup.exe" /SETUP:"/l0x0010"
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM..\Run: [CHotkey] mHotkey.exe
O4 - HKLM..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM..\RunOnce: [Restore] C:\WINDOWS\system32\restore\rstrui.exe -i
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU..\Run: [NoAdware5] "C:\Programmi\NoAdware5.0\NoAdware5.exe" :Min:
O4 - HKCU..\Run: [Spyware Doctor] "C:\Programmi\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU..\RunOnce: [] OSK.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Anti-virus web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6C626CAE-CB90-4EEF-A861-230CC676F1CB} - http://vmhox3vz.com/576102d6781139a47bc4/daaaj/smymv.cab
O16 - DPF: {6D05BE8A-6771-407A-A66F-BA6DB1014C64} - http://lh6gyw4pr.com/576102d6781139a47bc4/baibc/FineCodec.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586-jc.cab
O16 - DPF: {92BE5A16-B090-46B1-8F4B-F86AC2A62192} - http://mibyrytdfgkh.com/6c06666fcc2d0ebe9017/fadbh/GetMoney.cab
O17 - HKLM\System\CCS\Services\Tcpip..{E34F3013-9525-4CD4-9CA6-AF9204A24438}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
-
Avvia Hijackthis dalla voce: " Do a system scan only" ---> spunta **tutte **le seguenti voci:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O4 - HKLM..\Run: [LanzarL2007] "C:\DOCUME~1\UTENTE~1\IMPOST~1\Temp{27A650E0-84FA-447E-88B6-5CE350355E3A}{D1DA 2BA7-2592-4036-9BB2-DCCABDE8DC1A}....\L2007tmp\Setup.exe" /SETUP:"/l0x0010"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU..\RunOnce: [] OSK.exe
O16 - DPF: {6C626CAE-CB90-4EEF-A861-230CC676F1CB} - http://vmhox3vz.com/576102d6781139a4...aaaj/smymv.cab
O16 - DPF: {6D05BE8A-6771-407A-A66F-BA6DB1014C64} - http://lh6gyw4pr.com/576102d6781139a.../FineCodec.cab
O16 - DPF: {92BE5A16-B090-46B1-8F4B-F86AC2A62192} - http://mibyrytdfgkh.com/6c06666fcc2d...h/GetMoney.cab
Selezionate le voci, clicca su "** Fix Checked**"! Fatto questo, posta un nuovo log hijack!
-
Logfile of HijackThis v1.99.1
Scan saved at 13.30.18, on 24/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Programmi\Multi_Media\tbMul1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Programmi\Multi_Media\tbMul1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Programmi\Multi_Media\tbMul1.dll
O4 - HKLM..\Run: [CHotkey] mHotkey.exe
O4 - HKLM..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM..\RunOnce: [Restore] C:\WINDOWS\system32\restore\rstrui.exe -i
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU..\Run: [NoAdware5] "C:\Programmi\NoAdware5.0\NoAdware5.exe" :Min:
O4 - HKCU..\Run: [Spyware Doctor] "C:\Programmi\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Anti-virus web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip..{E34F3013-9525-4CD4-9CA6-AF9204A24438}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
-
ecco questo era il log dopo aver cancellato i file che mi hai detto, cmq continuo a non vedere niente sul dekstop e neanke la barra delle applikazioni...:?
-
ti conviene formattare il tutto. sarà fastidioso dover rienserire tutti i dati ma forse fai prima
-
Ciao Vivy90,
le chiavi "sospette" sono state cancellate!!! Ti consiglio di provare ad eseguire la procedura guidata "Ripristino configurazione di sistema" per il problema del "desktop/barra applicazioni", evitando di formattare il pc!
-
ma facendo il ripristino configurazione di sistema non è che si ritrova ancora con i virus che aveva appena cancellato se mette una data precedente il lavoro che ha fatto?
-
@bassplayerpunk79 said:
ma facendo il ripristino configurazione di sistema non è che si ritrova ancora con i virus che aveva appena cancellato se mette una data precedente il lavoro che ha fatto?
Si, bassplayerpunk79; puo' succedere!! Cmq se il ripristino è disattivato...non si puo' far nulla!!!
Vivy90 anche in modalita' provvisoria hai problemi??
-
e come ci arrivo utilizzando soltando la modalità nuova operazione di Task manager? T_T
-
cmq si ho gli stessi problemi anche in mod provvisoria
-
Si ho problemi anche in modalità provvisoria ( aggiornando nn vedo questo msg quindi lo rimando potrebbe essere doppio)
-
Conosci un modo per aprire alcune cartelle o pannello di controllo utilizzando task manager? ... ;(
-
a questo punto ti conviene vedere se hai un punto di ripristino che sia abbastanza indietro come data o al limite inserisci prima il dischetto di ripristino di windows, scegli ripristino, opzioni avanzate, non scegliere ripristino distruttivo scegli l'altro, riavvii il pc tirando via il dischetto, fai il ripristino e vedi se hai qualche miglioramento
-
@bassplayerpunk79 said:
a questo punto ti conviene vedere se hai un punto di ripristino che sia abbastanza indietro come data
Ciao Vivy90,
sperando che sia attivo il "ripristino configurazioni di sistema", vai su:Start ---> Programmi ---> Accessori ---> Utilita' di Sistema ---> Ripristino Configurazioni di Sistema!
Spunta la voce "Ripristina uno stato precedente del computer" e seleziona un punto di ripristino non recente!!!