Su Win2000 con tutti gli aggiornamenti,Installai Alice , antivirus McAfee, Spyboot,AdAware,Sono rimasto scoperto 3 giorni da ZoneAlarm e ecco i risultati SONO DISPERATO
Se qualcuno mi aiuta .....

Logfile of HijackThis v1.99.1
Scan saved at 21.42.53, on 03/04/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Programmi\Network Associates\VirusScan\Avsynmgr.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\stisvc.exe
C:\Programmi\Network Associates\VirusScan\VsStat.exe
C:\Programmi\Network Associates\VirusScan\Vshwin32.exe
C:\Programmi\File comuni\Network Associates\McShield\Mcshield.exe
C:\Programmi\Network Associates\VirusScan\Avconsol.exe
C:\Programmi\Network Associates\VirusScan\Webscanx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Promon.exe
C:\Programmi\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programmi\QuickTime\qttask.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\WINNT\system32\gah95on6.exe
C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
C:\PROGRA~1\FILECO~1\ADAPTE~1\CreateCD\CREATE~1.EXE
C:\WINNT\system32\internat.exe
D:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tin.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nvappw] appNV.exe
O4 - HKLM\..\Run: [NVUpload] NVsload.exe
O4 - HKLM\..\Run: [Secure Microsoft Windows] integitor.exe
O4 - HKLM\..\Run: [Network Configurator] escfg32.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [vsadmin] smrs.exe
O4 - HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINNT\system32\gah95on6.exe
O4 - HKLM\..\Run: [ip] ip.exe
O4 - HKLM\..\Run: [AnyDVD] "C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKLM\..\Run: [fqfeqajw] C:\WINNT\SYSTEM32\epetypa.exe
O4 - HKLM\..\Run: [Comcast Network] C:\WINNT\SYSTEM32\getikap.exe
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [Ecat] yetenyve.exe
O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\FILECO~1\ADAPTE~1\CreateCD\CREATE~1.EXE -r
O4 - HKLM\..\RunServices: [Secure Microsoft Windows] integitor.exe
O4 - HKLM\..\RunServices: [SDKz0r] SDKc55rezzz2.exe
O4 - HKLM\..\RunServices: [Network Configurator] escfg32.exe
O4 - HKLM\..\RunServices: [vsadmin] smrs.exe
O4 - HKLM\..\RunServices: [ip] ip.exe
O4 - HKLM\..\RunServices: [Ecat] yetenyve.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [nvappw] appNV.exe
O4 - HKCU\..\Run: [Norton Antivirus CCDebug] CCSEVRT.exe
O4 - HKCU\..\Run: [NVUpload] NVsload.exe
O4 - HKCU\..\Run: [birelosit] ucilonyc.exe
O4 - HKCU\..\Run: [Ecat] yetenyve.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Programmi\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: fxjeq - Unknown owner - \\82.50.20.49\admin$\csrsvcs.exe" -service (file missing)
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: McShield - Unknown owner - C:\Programmi\File comuni\Network Associates\McShield\Mcshield.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
O23 - Service: Servizio Numero di serie per dispositivi multimediali portatili (WmdmPmSN) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)



Edited by - gisto on 04/05/2005 15:15:25

Ciao ,
esegui queste operazioni

riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono, (nel caso le righe da eliminare non compaiono in modalità provvisoria, eliminale dalla modalità normale e riavvia il computer).

==================================
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
-
O4 - HKLM\..\Run: [nvappw] appNV.exe
O4 - HKLM\..\Run: [NVUpload] NVsload.exe
O4 - HKLM\..\Run: [Secure Microsoft Windows] integitor.exe
O4 - HKLM\..\Run: [Network Configurator] escfg32.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [vsadmin] smrs.exe
O4 - HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINNT\system32\gah95on6.exe
O4 - HKLM\..\Run: [ip] ip.exe
-
O4 - HKLM\..\Run: [fqfeqajw] C:\WINNT\SYSTEM32\epetypa.exe
O4 - HKLM\..\Run: [Comcast Network] C:\WINNT\SYSTEM32\getikap.exe
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [Ecat] yetenyve.exe
-
O4 - HKLM\..\RunServices: [Secure Microsoft Windows] integitor.exe
O4 - HKLM\..\RunServices: [SDKz0r] SDKc55rezzz2.exe
O4 - HKLM\..\RunServices: [Network Configurator] escfg32.exe
O4 - HKLM\..\RunServices: [vsadmin] smrs.exe
O4 - HKLM\..\RunServices: [ip] ip.exe
O4 - HKLM\..\RunServices: [Ecat] yetenyve.exe
-
O4 - HKCU\..\Run: [nvappw] appNV.exe
O4 - HKCU\..\Run: [Norton Antivirus CCDebug] CCSEVRT.exe
O4 - HKCU\..\Run: [NVUpload] NVsload.exe
O4 - HKCU\..\Run: [birelosit] ucilonyc.exe
O4 - HKCU\..\Run: [Ecat] yetenyve.exe
O4 - Startup: PowerReg Scheduler V3.exe
-
O23 - Service: fxjeq - Unknown owner - \\82.50.20.49\admin$\csrsvcs.exe" -service (file missing)
-
O23 - Service: Servizio Numero di serie per dispositivi multimediali portatili (WmdmPmSN) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
==================================

Con la funzione TROVA di Windows, cerca ed elimina questi file,

==================================
appNV.exe
NVsload.exe
integitor.exe
escfg32.exe
MediaAccK.exe
smrs.exe
AdTools.exe
gah95on6.exe
ip.exe
epetypa.exe
getikap.exe
yetenyve.exe
SDKc55rezzz2.exe
CCSEVRT.exe
ucilonyc.exe
PowerReg Scheduler V3.exe
csrsvcs.exe
==================================

al termine utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

sempre in modalità provvisoria fai una scansione Antivirus.

---

Collaboratore Aiutamici