Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » aiuto per problema grazie

aiuto per problema grazie Opzioni
Topic Precedente · Topic Sucessivo
albasw
Inviato: Sunday, June 12, 2011 10:45:53 AM
Rank: Newbie

Iscritto dal : 6/12/2011
Posts: 4
buongiorno a tutti, ho un problema con le connessioni internet, google mi dice qualcosa circa i proxy,all'avvio di windows mi esce un messaggio su csrss.exe, non mi funziona songr...non ci capisco niente..questo e' il log di hijack....chi mi aiuta?grazie anticipate....
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10.43.19, on 12/06/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\IObit\Advanced SystemCare 4\PMonitor.exe
C:\Programmi\IObit\Advanced SystemCare 4\ASCService.exe
C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programmi\File comuni\DeviceHelper\DeviceManager.exe
C:\Programmi\Windows Live\Family Safety\fsssvc.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\WINDEasyConnect\WTGService.exe
C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\DivX\DivX Update\DivXUpdate.exe
C:\programmi\real\realplayer\update\realsched.exe
C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programmi\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Windows xp\Impostazioni locali\Dati applicazioni\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\Programmi\SUPERAntiSpyware\4d3913df-39f9-41a1-8366-34ef8204839a.exe
C:\Programmi\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Windows xp\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Windows xp\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Windows xp\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Windows xp\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Windows xp\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Windows xp\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Windows xp\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Windows xp\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Windows xp\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Windows xp\Documenti\Download\immunet3.0.2.654.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.tgcom.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programmi\Vuze_Remote\tbVuze.dll
R3 - URLSearchHook: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Programmi\4shared.com\tb4sha.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Programmi\4shared.com\tb4sha.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programmi\ConduitEngine\ConduitEngine.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programmi\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programmi\Windows Live\Family Safety\fssbho.dll
O2 - BHO: BrotherSoft Extreme Toolbar - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Programmi\BrotherSoft_Extreme\tbBrot.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programmi\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: HiGames Toolbar - {64d23501-5195-4224-9446-e2b0fb64e859} - C:\Programmi\HiGames\tbHiGa.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programmi\Vuze_Remote\tbVuze.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Softonic-IT - {e3393495-8103-46a0-8181-270273eddd60} - C:\Programmi\Softonic-IT\tbSoft.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programmi\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programmi\Vuze_Remote\tbVuze.dll
O3 - Toolbar: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Programmi\4shared.com\tb4sha.dll
O3 - Toolbar: BrotherSoft Extreme Toolbar - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Programmi\BrotherSoft_Extreme\tbBrot.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programmi\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: HiGames Toolbar - {64d23501-5195-4224-9446-e2b0fb64e859} - C:\Programmi\HiGames\tbHiGa.dll
O3 - Toolbar: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - (no file)
O3 - Toolbar: Softonic-IT Toolbar - {e3393495-8103-46a0-8181-270273eddd60} - C:\Programmi\Softonic-IT\tbSoft.dll
O4 - HKLM\..\Run: [DivXUpdate] "C:\Programmi\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [TkBellExe] "C:\programmi\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmi\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Windows xp\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\4d3913df-39f9-41a1-8366-34ef8204839a.exe
O4 - HKCU\..\Run: [Advanced SystemCare 4] "C:\Programmi\IObit\Advanced SystemCare 4\ASCTray.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_en-US)_AppleWebKit/534.10_(KHTML,_like_Gecko)_Chrome/8.0.552.237_Safari/534.10" -"http://www8.agame.com/games/shockwave/d/designer_trends_3d/designer_trends_3d_girlsgogames_it.htm"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download All using 4shared Desktop - C:\Programmi\4shared Desktop\down_all.htm
O8 - Extra context menu item: &Download using 4shared Desktop - C:\Programmi\4shared Desktop\down_link.htm
O8 - Extra context menu item: Download Video by Free YouTuBe Utility - C:\Programmi\Free YouTuBe Utility\IEydown.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/da2/PCPitStop2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{08AF0E1F-256C-495C-8034-FE6AB0E123F0}: NameServer = 62.13.173.93 62.13.173.92
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F01F65A-9542-4808-B502-6891944AC1AD}: NameServer = 192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Programmi\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: DeviceManager - Unknown owner - C:\Programmi\File comuni\DeviceHelper\DeviceManager.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: WTGService - Unknown owner - C:\Programmi\WINDEasyConnect\WTGService.exe

--
End of file - 13021 bytes
Torna in alto
 
Sponsor
Inviato: Sunday, June 12, 2011 10:45:53 AM

 
Torna in alto
 
cbbusto
Inviato: Sunday, June 12, 2011 12:39:28 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Ciao e benvenuto nel forum.
Andiamo per ordine, il file csrss.exe è un file di sistema e gestisce la maggior parte dei comandi grafici in Windows.
Controlla se è installato, percorsi sono questi, se non li trovi fai sapere,
C:\windows\System32
C:\windowsServicePackFile\i386
C:\windows\System32\dllcache

Poi chiudi tutti i programmi e disconnesso, fixa ed elimina le seguenti voci:
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9.550-4.989-b3f2-9732e92d17cc} - C: \ Programmi \ Vuze_Remote \ tbVuze.dll
R3 - URLSearchHook: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C: \ Programmi \ 4shared.com \ tb4sha.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C: \ Programmi \ 4shared.com \ tb4sha.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4.826-820B-08FBA6BD249D} - C: \ Programmi \ ConduitEngine \ ConduitEngine.dll
O2 - BHO: Brothersoft Extreme Toolbar - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C: \ Programmi \ BrotherSoft_Extreme \ tbBrot.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: HiGames Toolbar - {64d23501-5195-4224-9446-e2b0fb64e859} - C: \ Programmi \ HiGames \ tbHiGa.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9.550-4.989-b3f2-9732e92d17cc} - C: \ Programmi \ Vuze_Remote \ tbVuze.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4.136-9E9A-4E364A424E17} - C: \ Programmi \ DAEMON Tools Toolbar \ DTToolbar.dll
O3 - Toolbar: (no name) - {1BB22D38-4B13-A411-A746-C2A4F4EC7344} - (no file)
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9.550-4.989-b3f2-9732e92d17cc} - C: \ Programmi \ Vuze_Remote \ tbVuze.dll
O3 - Toolbar: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C: \ Programmi \ 4shared.com \ tb4sha.dll
O3 - Toolbar: Brothersoft Extreme Toolbar - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C: BrotherSoft_Extreme \ Programmi \ \ tbBrot.dll
O3 - Toolbar: Motore Conduit - {30F9B915-B755-4.826-820B-08FBA6BD249D} - C: \ Programmi \ ConduitEngine \ ConduitEngine.dll
O3 - Toolbar: HiGames Toolbar - {64d23501-5195-4224-9446-e2b0fb64e859} - C: \ Programmi \ HiGames \ tbHiGa.dll
O3 - Toolbar: (no name) - {28.387.537-e3f9-4ed7-860c-11e69af4a8a0} - (no file)
O3 - Toolbar: Softonic-IT Toolbar - {e3393495-8103-46a0-8.181-270273eddd60} - C: \ Programmi \ Softonic-IT \ tbSoft.dll

Se non sai fixare le voci leggi la scheda QUI
Quando si installano programmi non installare le toolbar, creano solo rallentamenti e conflitti.
Poi scarica QUESTO programma, lo installi e fai una scansione COMPLETA non veloce, elimina tutto quello che trova.
Fai una pulizia con Ccleaner compreso il Registro.
Vai in C:\windows, cerca la cartella Prefetch ed elimina tutto il contenuto.
Disattiva il ripristino configurazione del sistema, riavvia il pc e poi riattivalo e crea un nuovo punto.
Fai sapere.
Torna in alto
 
albasw
Inviato: Saturday, June 18, 2011 4:37:16 PM
Rank: Newbie

Iscritto dal : 6/12/2011
Posts: 4
grazie cbbusto,ho fatto tutto quello che mi hai detto...ma mi sa che il file csrss.exe l'ho eliminato per errore.....ti posto il nnuovo log di hj:

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.37.58, on 18/06/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\IObit\IObit Malware Fighter\IMFsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\IObit\Advanced SystemCare 4\PMonitor.exe
C:\Programmi\IObit\Advanced SystemCare 4\ASCService.exe
C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programmi\File comuni\DeviceHelper\DeviceManager.exe
C:\Programmi\Windows Live\Family Safety\fsssvc.exe
C:\Programmi\Immunet Protect\2.0.17\agent.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\WINDEasyConnect\WTGService.exe
C:\Programmi\DivX\DivX Update\DivXUpdate.exe
C:\programmi\real\realplayer\update\realsched.exe
C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programmi\Logitech\QuickCam\Quickcam.exe
C:\Programmi\Immunet Protect\2.0.17\iptray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Windows xp\Impostazioni locali\Dati applicazioni\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\SUPERAntiSpyware\4d3913df-39f9-41a1-8366-34ef8204839a.exe
C:\Programmi\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\msfeedssync.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\DOCUME~1\WINDOW~1\IMPOST~1\Temp\SSUPDATE.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.tgcom.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=antn&s={searchTerms}&f=4
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programmi\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programmi\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programmi\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {64d23501-5195-4224-9446-e2b0fb64e859} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Softonic-IT - {e3393495-8103-46a0-8181-270273eddd60} - C:\Programmi\Softonic-IT\tbSoft.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [DivXUpdate] "C:\Programmi\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [TkBellExe] "C:\programmi\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmi\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Immunet Protect] "C:\Programmi\Immunet Protect\2.0.17\iptray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Windows xp\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\4d3913df-39f9-41a1-8366-34ef8204839a.exe
O4 - HKCU\..\Run: [Advanced SystemCare 4] "C:\Programmi\IObit\Advanced SystemCare 4\ASCTray.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_en-US)_AppleWebKit/534.10_(KHTML,_like_Gecko)_Chrome/8.0.552.237_Safari/534.10" -"http://www8.agame.com/games/shockwave/d/designer_trends_3d/designer_trends_3d_girlsgogames_it.htm"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download All using 4shared Desktop - C:\Programmi\4shared Desktop\down_all.htm
O8 - Extra context menu item: &Download using 4shared Desktop - C:\Programmi\4shared Desktop\down_link.htm
O8 - Extra context menu item: Download Video by Free YouTuBe Utility - C:\Programmi\Free YouTuBe Utility\IEydown.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/da2/PCPitStop2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{08AF0E1F-256C-495C-8034-FE6AB0E123F0}: NameServer = 62.13.173.93 62.13.173.92
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F01F65A-9542-4808-B502-6891944AC1AD}: NameServer = 192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Programmi\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: DeviceManager - Unknown owner - C:\Programmi\File comuni\DeviceHelper\DeviceManager.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Programmi\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: Immunet Protect (ImmunetProtect) - Immunet Corporation - C:\Programmi\Immunet Protect\2.0.17\agent.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: WTGService - Unknown owner - C:\Programmi\WINDEasyConnect\WTGService.exe

--
End of file - 11003 bytes

com'e' andata?
cmq quando mi connetto con il programma della chiavetta i browser non funzionano, mi dice che c'e' un problema coi proxy.
se invece mi connetto con la connessione remota tutto funziona.....
grazie anticipate....:-)
Torna in alto
 
cbbusto
Inviato: Saturday, June 18, 2011 6:04:10 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Ciao, scarica l'ultima vs di HJT QUI poi fixa ed elimina queste voci:

C:\Programmi\File comuni\DeviceHelper\DeviceManager.exe
C:\Programmi\Immunet Protect\2.0.17\agent.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=antn&s={searchTerms}&f=4
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file)
O2 - BHO: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
O2 - BHO: (no name) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {64d23501-5195-4224-9446-e2b0fb64e859} - (no file)
O2 - BHO: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)

Fai una pulizia con Ccleaner compreso il registro.
Dimmi se hai il CD di windows XP.
Il pc ha ancora problemi ? fai sapere.
Torna in alto
 
r16
Inviato: Saturday, June 18, 2011 9:55:55 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Meglio fare una scansione con Combofix:
Scarica Combofix .

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop. (è obligatorio)

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (se usi Vista: tasto destro su Combofix.exe e clicca su: "Esegui come Amministratore" )

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix) tu ignorali.

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt.
Postalo qui.
Torna in alto
 
cbbusto
Inviato: Saturday, June 18, 2011 11:18:12 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Ciao r16, pensavo eventualmente di tentare di ripristinare il file csrss.exe facendo fare uno scannow col CD di XP,
cosa ne pensi.
Torna in alto
 
r16
Inviato: Sunday, June 19, 2011 11:49:45 AM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
@cbbusto:
Penso che non abbia eliminato il file originale csrss.exe.
Ma abbia eliminato (senza volerlo) parte dell'infezione .
Se avesse veramente eliminato quel eseguibile, riscontrerebbe problemi ben maggiori.
Consiglio una scansione con Combofix.
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » aiuto per problema grazie


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.