Salve a tutti oggi per la prima volta mi sono imbattuto in questo forum dove ho visto che ci sono persone molto ferrate ma soparttutto che aiutano i poveri malcapitati come me che tutto d’un tratto si ritrovano con una marea di problemi e non sanno dove mettere le mani, ora mi spiego:
Fino a una settimana fa ero tutto contento e tranquillo sul mio pc controllato da antivirus Avast e firewall Sygate poi tutto di un tratto ho iniziato ad avere problemi come la pagina iniziale di Explorer che mi dava una pagina abaut blank con all’interno un motore di ricerca pieno di porcherie, l’apertura di una marea di pagine pornografiche e non ultimo l’avviso di un virus che anche se cancellato da avast si ripresentava di continuo WIN 32 TROJAN .GEN
Dopo aver fatto girare inutilmente Spybot a-squared Microsoft AntiSpyware Ad-Aware SE Personal non ho risolto nulla perché i problemi restavano tutti poi ho fatto girare CWShredder e tale pagina di apertura di explorer è sparita ma il virus è rimasto ho all’ora provato NOD32 e ora il virus sembra sparito sia NOD che VAST non me lo rilevano più ma i problemi persistono apertura di pagine pornografiche continue e sparizione del desktop come se si riavviasse e poi ritorna tutto visibile, ora si è aggiunto il problema che al momento dello spegnimento del pc questo in realtà prende la procedura di riavvio o meglio si riavvia perdendo tutte le impostazioni salvate in quella sessione, mi spiego mentre prima allo spegnimento faceva una procedura regolare che durava circa 30 secondi ora sembra come se alla pressione del tasto SPEGNI si tolga corrente.
Vi prego aiutatemi non so come uscirne, allego scanzione fatta con HijackThis sempre che serva non so più dove sbattere la testa grazie.
Logfile of HijackThis v1.99.1
Scan saved at 13.56.10, on 03/04/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Programmi\PopUp Killer\popupkiller.EXE
C:\Programmi\Java\jre1.5.0_01\bin\jusched.exe
C:\Programmi\Real\RealPlayer\RealPlay.exe
C:\Programmi\File comuni\Logitech\QCDriver\LVCOMS.EXE
C:\Programmi\Microsoft AntiSpyware\gcasServ.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svcpack.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmi\TechniSat DVB\bin\Server4PC.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Motherboard Monitor 5\MBM5.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Programmi\Microsoft Office\Office\WINWORD.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://www.begin2search.com/sidesearch.htmlR1 - HKCU\Software\Microsoft\Internet Explorer,(Default) =
http://targetclicks.net/srch.php?qq=:s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.it/R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search and Destroy\SDHelper.dll
O2 - BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Programmi\Ipswitch\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: Name - {E81B4D81-57F0-4F1D-83C4-F76F81AEDECB} - C:\WINDOWS\System32\mspso.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Programmi\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [PopUpKiller] C:\Programmi\PopUp Killer\popupkiller.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Programmi\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LVCOMS] C:\Programmi\File comuni\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Programmi\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Programmi\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=041505 serial=DR12WCN-5304660-YEM lang=EN
O4 - HKLM\..\Run: [Srvce Pack Updte] svcpack.exe
O4 - HKLM\..\Run: [nod32kui] C:\Programmi\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\RunServices: [Srvce Pack Updte] svcpack.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [WebcastTuner] C:\Programmi\SES\CB\webcasttuner.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Programmi\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Srvce Pack Updte] svcpack.exe
O4 - Startup: MBM 5.lnk = C:\Programmi\Motherboard Monitor 5\MBM5.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Server4PC.lnk = C:\Programmi\TechniSat DVB\bin\Server4PC.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) -
http://secure2.comned.com/signuptemplates/AktiveSekurity.cabO16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cabO16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} -
http://deposito.hostance.net/dialer/1054143.exeO16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) -
http://www2.incredimail.com/contents/setup/downloader_sp1/imloader.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{0D2E1309-5651-40E6-BF98-091C5A4ABE17}: NameServer = 69.50.176.197,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{30F985C6-0E4C-41E3-9B0A-433CBE21E2BF}: NameServer = 69.50.176.197,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{876FF317-87F3-4BD8-AD60-30938CB4A816}: NameServer = 69.50.176.197,195.225.176.31
O17 - HKLM\System\CS1\Services\Tcpip\..\{0D2E1309-5651-40E6-BF98-091C5A4ABE17}: NameServer = 69.50.176.197,195.225.176.31
O17 - HKLM\System\CS2\Services\Tcpip\..\{0D2E1309-5651-40E6-BF98-091C5A4ABE17}: NameServer = 69.50.176.197,195.225.176.31
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Programmi\Eset\nod32krn.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programmi\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe
Edited by - destroied on 04/03/2005 14:06:25