Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo log

Controllo log Opzioni
Topic Precedente · Topic Sucessivo
J0eTemerar10
Inviato: Monday, May 01, 2006 5:54:12 PM
Rank: Member

Iscritto dal : 4/30/2006
Posts: 0
Salve,
da un paio di giorni mi compare nella Sistray un'icona rossa a forma simile al divieto di accesso che si trasforma in verde, se ci passo il mouse sopra compare la scritta
"Virus alert !" e di tanto in tanto compare la scritta "Your computer is infected! Critical System Error! ecc...ecc...."
Inoltre in IE è cambiata la pagina iniziale da: http://www.libero.it a: http://www.safetydefender.com/
Ho fatto la scansione in modalità provvisoria con Ad-aware e Spybot eliminando i file infetti, con Hijack This 1.99 ho rilevato questo log:
Logfile of HijackThis v1.99.1
Scan saved at 16.59.37, on 01/05/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
H:\WINNT\System32\smss.exe
H:\WINNT\system32\winlogon.exe
H:\WINNT\system32\services.exe
H:\WINNT\system32\lsass.exe
H:\WINNT\system32\svchost.exe
H:\WINNT\System32\WBEM\WinMgmt.exe
H:\WINNT\system32\userinit.exe
H:\WINNT\Explorer.EXE
F:\CWS\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - H:\WINNT\system32\hp6593.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - H:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Matrox Powerdesk] H:\WINNT\system32\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [Disc Detector] H:\Programmi\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] H:\Programmi\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Gene USB Monitor] H:\WINNT\system32\USBMonit.exe
O4 - HKLM\..\Run: [NeroCheck] H:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "H:\WINNT\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] H:\Programmi\ACE Mega CoDecS Pack\Media Player Classic\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [REGSHAVE] H:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ICQ Lite] H:\Programmi\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Lexmark X1100 Series] "H:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [Zone Labs Client] H:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [avgnt] "H:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Skype] "H:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Nuovo valore #1] "SpyFalcon"=-
O4 - HKCU\..\RunOnce: [ICQ Lite] H:\Programmi\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Gamma Loader.lnk = H:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = H:\Programmi\FinePixViewer\QuickDCF.exe
O8 - Extra context menu item: &Cerca con Google - res://h:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://h:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link a ritroso - res://h:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://h:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Ricerca utilizzando PGWeb - e:\programmi\pgsoft\agent\pgweb.exe
O8 - Extra context menu item: Versione cache della pagina - res://h:\programmi\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: (no name) - {4B30061A-5B39-11D3-80F8-0090276F843F} - H:\WINNT\system32\shdocvw.dll
O9 - Extra button: (no name) - {4B30061A-5D22-11D3-80F8-0090276F843F} - e:\programmi\pgsoft\agent\pgweb.exe (file missing)
O9 - Extra 'Tools' menuitem: Cerca con pgweb - {4B30061A-5D22-11D3-80F8-0090276F843F} - e:\programmi\pgsoft\agent\pgweb.exe (file missing)
O9 - Extra button: PGWeb - {4B30061A-5D23-11D3-80F8-0090276F843F} - e:\programmi\pgsoft\agent\pgweb.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - H:\WINNT\system32\Shdocvw.dll
O12 - Plugin for .mp4: H:\Programmi\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - http://hotsearchbar.com/toolbar2/winhot32.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F5BC716E-2650-4B08-9235-C110CF95017F} (Connessione Tiscali) - http://selfcare.tiscali.it/scripts/oneclick/ConnessioneTiscali.cab
O20 - Winlogon Notify: nwprovau - H:\WINNT\SYSTEM32\nwprovau.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - H:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - H:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - H:\WINNT\system32\ZoneLabs\isafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - H:\WINNT\system32\CTSvcCDA.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - H:\WINNT\System32\dmadmin.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - H:\WINNT\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - H:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - H:\WINNT\system32\mgabg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - H:\WINNT\system32\ZoneLabs\vsmon.exe

Vi ringrazio anticipatamente per l'aiuto.
Damiano
Torna in alto
 
Sponsor
Inviato: Monday, May 01, 2006 5:54:12 PM

 
Torna in alto
 
alfonso
Inviato: Monday, May 01, 2006 5:59:15 PM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Inserisci nuovamente il log da fare in avvio normale e non in modalità provvisoria.
Collaboratore Aiutamici
Torna in alto
 
J0eTemerar10
Inviato: Monday, May 01, 2006 7:30:12 PM
Rank: Member

Iscritto dal : 4/30/2006
Posts: 0
Logfile of HijackThis v1.99.1
Scan saved at 19.28.44, on 01/05/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
H:\WINNT\System32\smss.exe
H:\WINNT\system32\winlogon.exe
H:\WINNT\system32\services.exe
H:\WINNT\system32\lsass.exe
H:\WINNT\system32\svchost.exe
H:\WINNT\system32\LEXBCES.EXE
H:\WINNT\system32\spoolsv.exe
H:\WINNT\system32\LEXPPS.EXE
H:\Programmi\AntiVir PersonalEdition Classic\sched.exe
H:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
H:\WINNT\system32\ZoneLabs\isafe.exe
H:\WINNT\system32\CTSvcCDA.exe
H:\WINNT\system32\svchost.exe
H:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
H:\WINNT\system32\mgabg.exe
H:\WINNT\system32\MSTask.exe
H:\WINNT\system32\stisvc.exe
H:\WINNT\system32\ZoneLabs\vsmon.exe
H:\WINNT\System32\WBEM\WinMgmt.exe
H:\WINNT\system32\mspmspsv.exe
H:\WINNT\system32\svchost.exe
H:\WINNT\Explorer.EXE
H:\WINNT\system32\dcomcfg.exe
H:\WINNT\system32\PDesk.exe
H:\Programmi\Creative\ShareDLL\CtNotify.exe
H:\Programmi\Java\j2re1.4.2_04\bin\jusched.exe
H:\WINNT\system32\USBMonit.exe
H:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe
H:\WINNT\system32\rundll32.exe
H:\Programmi\Creative\ShareDLL\MediaDet.Exe
H:\Programmi\Lexmark X1100 Series\lxbkbmon.exe
H:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
H:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
H:\WINNT\system32\internat.exe
H:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
H:\Programmi\Mozilla Firefox\firefox.exe
F:\CWS\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - H:\WINNT\system32\hp6100.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - H:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Matrox Powerdesk] H:\WINNT\system32\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [Disc Detector] H:\Programmi\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] H:\Programmi\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Gene USB Monitor] H:\WINNT\system32\USBMonit.exe
O4 - HKLM\..\Run: [NeroCheck] H:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "H:\WINNT\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] H:\Programmi\ACE Mega CoDecS Pack\Media Player Classic\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [REGSHAVE] H:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ICQ Lite] H:\Programmi\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Lexmark X1100 Series] "H:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [Zone Labs Client] H:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [avgnt] "H:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Skype] "H:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = H:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = H:\Programmi\FinePixViewer\QuickDCF.exe
O8 - Extra context menu item: &Cerca con Google - res://h:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://h:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link a ritroso - res://h:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://h:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Ricerca utilizzando PGWeb - e:\programmi\pgsoft\agent\pgweb.exe
O8 - Extra context menu item: Versione cache della pagina - res://h:\programmi\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: (no name) - {4B30061A-5B39-11D3-80F8-0090276F843F} - H:\WINNT\system32\shdocvw.dll
O9 - Extra button: (no name) - {4B30061A-5D22-11D3-80F8-0090276F843F} - e:\programmi\pgsoft\agent\pgweb.exe (file missing)
O9 - Extra 'Tools' menuitem: Cerca con pgweb - {4B30061A-5D22-11D3-80F8-0090276F843F} - e:\programmi\pgsoft\agent\pgweb.exe (file missing)
O9 - Extra button: PGWeb - {4B30061A-5D23-11D3-80F8-0090276F843F} - e:\programmi\pgsoft\agent\pgweb.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - H:\WINNT\system32\Shdocvw.dll
O12 - Plugin for .mp4: H:\Programmi\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - http://hotsearchbar.com/toolbar2/winhot32.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F5BC716E-2650-4B08-9235-C110CF95017F} (Connessione Tiscali) - http://selfcare.tiscali.it/scripts/oneclick/ConnessioneTiscali.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{173EBEFA-720D-446A-B377-460EF921705D}: NameServer = 193.12.150.2 212.247.152.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{173EBEFA-720D-446A-B377-460EF921705D}: NameServer = 193.12.150.2 212.247.152.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{173EBEFA-720D-446A-B377-460EF921705D}: NameServer = 193.12.150.2 212.247.152.2
O20 - Winlogon Notify: nwprovau - H:\WINNT\SYSTEM32\nwprovau.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - H:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - H:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - H:\WINNT\system32\ZoneLabs\isafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - H:\WINNT\system32\CTSvcCDA.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - H:\WINNT\System32\dmadmin.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - H:\WINNT\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - H:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - H:\WINNT\system32\mgabg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - H:\WINNT\system32\ZoneLabs\vsmon.exe
Torna in alto
 
J0eTemerar10
Inviato: Monday, May 01, 2006 7:30:30 PM
Rank: Member

Iscritto dal : 4/30/2006
Posts: 0
Logfile of HijackThis v1.99.1
Scan saved at 19.28.44, on 01/05/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
H:\WINNT\System32\smss.exe
H:\WINNT\system32\winlogon.exe
H:\WINNT\system32\services.exe
H:\WINNT\system32\lsass.exe
H:\WINNT\system32\svchost.exe
H:\WINNT\system32\LEXBCES.EXE
H:\WINNT\system32\spoolsv.exe
H:\WINNT\system32\LEXPPS.EXE
H:\Programmi\AntiVir PersonalEdition Classic\sched.exe
H:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
H:\WINNT\system32\ZoneLabs\isafe.exe
H:\WINNT\system32\CTSvcCDA.exe
H:\WINNT\system32\svchost.exe
H:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
H:\WINNT\system32\mgabg.exe
H:\WINNT\system32\MSTask.exe
H:\WINNT\system32\stisvc.exe
H:\WINNT\system32\ZoneLabs\vsmon.exe
H:\WINNT\System32\WBEM\WinMgmt.exe
H:\WINNT\system32\mspmspsv.exe
H:\WINNT\system32\svchost.exe
H:\WINNT\Explorer.EXE
H:\WINNT\system32\dcomcfg.exe
H:\WINNT\system32\PDesk.exe
H:\Programmi\Creative\ShareDLL\CtNotify.exe
H:\Programmi\Java\j2re1.4.2_04\bin\jusched.exe
H:\WINNT\system32\USBMonit.exe
H:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe
H:\WINNT\system32\rundll32.exe
H:\Programmi\Creative\ShareDLL\MediaDet.Exe
H:\Programmi\Lexmark X1100 Series\lxbkbmon.exe
H:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
H:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
H:\WINNT\system32\internat.exe
H:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
H:\Programmi\Mozilla Firefox\firefox.exe
F:\CWS\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - H:\WINNT\system32\hp6100.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - H:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Matrox Powerdesk] H:\WINNT\system32\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [Disc Detector] H:\Programmi\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] H:\Programmi\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Gene USB Monitor] H:\WINNT\system32\USBMonit.exe
O4 - HKLM\..\Run: [NeroCheck] H:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "H:\WINNT\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] H:\Programmi\ACE Mega CoDecS Pack\Media Player Classic\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [REGSHAVE] H:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ICQ Lite] H:\Programmi\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Lexmark X1100 Series] "H:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [Zone Labs Client] H:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [avgnt] "H:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Skype] "H:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = H:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = H:\Programmi\FinePixViewer\QuickDCF.exe
O8 - Extra context menu item: &Cerca con Google - res://h:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://h:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link a ritroso - res://h:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://h:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Ricerca utilizzando PGWeb - e:\programmi\pgsoft\agent\pgweb.exe
O8 - Extra context menu item: Versione cache della pagina - res://h:\programmi\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: (no name) - {4B30061A-5B39-11D3-80F8-0090276F843F} - H:\WINNT\system32\shdocvw.dll
O9 - Extra button: (no name) - {4B30061A-5D22-11D3-80F8-0090276F843F} - e:\programmi\pgsoft\agent\pgweb.exe (file missing)
O9 - Extra 'Tools' menuitem: Cerca con pgweb - {4B30061A-5D22-11D3-80F8-0090276F843F} - e:\programmi\pgsoft\agent\pgweb.exe (file missing)
O9 - Extra button: PGWeb - {4B30061A-5D23-11D3-80F8-0090276F843F} - e:\programmi\pgsoft\agent\pgweb.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - H:\WINNT\system32\Shdocvw.dll
O12 - Plugin for .mp4: H:\Programmi\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - http://hotsearchbar.com/toolbar2/winhot32.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F5BC716E-2650-4B08-9235-C110CF95017F} (Connessione Tiscali) - http://selfcare.tiscali.it/scripts/oneclick/ConnessioneTiscali.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{173EBEFA-720D-446A-B377-460EF921705D}: NameServer = 193.12.150.2 212.247.152.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{173EBEFA-720D-446A-B377-460EF921705D}: NameServer = 193.12.150.2 212.247.152.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{173EBEFA-720D-446A-B377-460EF921705D}: NameServer = 193.12.150.2 212.247.152.2
O20 - Winlogon Notify: nwprovau - H:\WINNT\SYSTEM32\nwprovau.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - H:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - H:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - H:\WINNT\system32\ZoneLabs\isafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - H:\WINNT\system32\CTSvcCDA.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - H:\WINNT\System32\dmadmin.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - H:\WINNT\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - H:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - H:\WINNT\system32\mgabg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - H:\WINNT\system32\ZoneLabs\vsmon.exe
Torna in alto
 
J0eTemerar10
Inviato: Monday, May 01, 2006 7:47:54 PM
Rank: Member

Iscritto dal : 4/30/2006
Posts: 0
Logfile of HijackThis v1.99.1
Scan saved at 19.28.44, on 01/05/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
H:\WINNT\System32\smss.exe
H:\WINNT\system32\winlogon.exe
H:\WINNT\system32\services.exe
H:\WINNT\system32\lsass.exe
H:\WINNT\system32\svchost.exe
H:\WINNT\system32\LEXBCES.EXE
H:\WINNT\system32\spoolsv.exe
H:\WINNT\system32\LEXPPS.EXE
H:\Programmi\AntiVir PersonalEdition Classic\sched.exe
H:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
H:\WINNT\system32\ZoneLabs\isafe.exe
H:\WINNT\system32\CTSvcCDA.exe
H:\WINNT\system32\svchost.exe
H:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
H:\WINNT\system32\mgabg.exe
H:\WINNT\system32\MSTask.exe
H:\WINNT\system32\stisvc.exe
H:\WINNT\system32\ZoneLabs\vsmon.exe
H:\WINNT\System32\WBEM\WinMgmt.exe
H:\WINNT\system32\mspmspsv.exe
H:\WINNT\system32\svchost.exe
H:\WINNT\Explorer.EXE
H:\WINNT\system32\dcomcfg.exe
H:\WINNT\system32\PDesk.exe
H:\Programmi\Creative\ShareDLL\CtNotify.exe
H:\Programmi\Java\j2re1.4.2_04\bin\jusched.exe
H:\WINNT\system32\USBMonit.exe
H:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe
H:\WINNT\system32\rundll32.exe
H:\Programmi\Creative\ShareDLL\MediaDet.Exe
H:\Programmi\Lexmark X1100 Series\lxbkbmon.exe
H:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
H:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
H:\WINNT\system32\internat.exe
H:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
H:\Programmi\Mozilla Firefox\firefox.exe
F:\CWS\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - H:\WINNT\system32\hp6100.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - H:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Matrox Powerdesk] H:\WINNT\system32\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [Disc Detector] H:\Programmi\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] H:\Programmi\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Gene USB Monitor] H:\WINNT\system32\USBMonit.exe
O4 - HKLM\..\Run: [NeroCheck] H:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "H:\WINNT\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] H:\Programmi\ACE Mega CoDecS Pack\Media Player Classic\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [REGSHAVE] H:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ICQ Lite] H:\Programmi\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Lexmark X1100 Series] "H:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [Zone Labs Client] H:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [avgnt] "H:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Skype] "H:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = H:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = H:\Programmi\FinePixViewer\QuickDCF.exe
O8 - Extra context menu item: &Cerca con Google - res://h:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://h:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link a ritroso - res://h:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://h:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Ricerca utilizzando PGWeb - e:\programmi\pgsoft\agent\pgweb.exe
O8 - Extra context menu item: Versione cache della pagina - res://h:\programmi\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: (no name) - {4B30061A-5B39-11D3-80F8-0090276F843F} - H:\WINNT\system32\shdocvw.dll
O9 - Extra button: (no name) - {4B30061A-5D22-11D3-80F8-0090276F843F} - e:\programmi\pgsoft\agent\pgweb.exe (file missing)
O9 - Extra 'Tools' menuitem: Cerca con pgweb - {4B30061A-5D22-11D3-80F8-0090276F843F} - e:\programmi\pgsoft\agent\pgweb.exe (file missing)
O9 - Extra button: PGWeb - {4B30061A-5D23-11D3-80F8-0090276F843F} - e:\programmi\pgsoft\agent\pgweb.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - H:\WINNT\system32\Shdocvw.dll
O12 - Plugin for .mp4: H:\Programmi\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - http://hotsearchbar.com/toolbar2/winhot32.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F5BC716E-2650-4B08-9235-C110CF95017F} (Connessione Tiscali) - http://selfcare.tiscali.it/scripts/oneclick/ConnessioneTiscali.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{173EBEFA-720D-446A-B377-460EF921705D}: NameServer = 193.12.150.2 212.247.152.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{173EBEFA-720D-446A-B377-460EF921705D}: NameServer = 193.12.150.2 212.247.152.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{173EBEFA-720D-446A-B377-460EF921705D}: NameServer = 193.12.150.2 212.247.152.2
O20 - Winlogon Notify: nwprovau - H:\WINNT\SYSTEM32\nwprovau.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - H:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - H:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - H:\WINNT\system32\ZoneLabs\isafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - H:\WINNT\system32\CTSvcCDA.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - H:\WINNT\System32\dmadmin.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - H:\WINNT\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - H:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - H:\WINNT\system32\mgabg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - H:\WINNT\system32\ZoneLabs\vsmon.exe
Torna in alto
 
J0eTemerar10
Inviato: Monday, May 01, 2006 7:55:58 PM
Rank: Member

Iscritto dal : 4/30/2006
Posts: 0
scusate l'invio multiplo ma mi dava segnale di errore appena inviato.
Torna in alto
 
alfonso
Inviato: Monday, May 01, 2006 11:23:17 PM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Ciao ,
esegui queste operazioni

Riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono.

==================================
R3 - Default URLSearchHook is missing
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - H:\WINNT\system32\hp6100.tmp
-
O9 - Extra button: (no name) - {4B30061A-5D22-11D3-80F8-0090276F843F} - e:\programmi\pgsoft\agent\pgweb.exe (file missing)
O9 - Extra 'Tools' menuitem: Cerca con pgweb - {4B30061A-5D22-11D3-80F8-0090276F843F} - e:\programmi\pgsoft\agent\pgweb.exe (file missing)
O9 - Extra button: PGWeb - {4B30061A-5D23-11D3-80F8-0090276F843F} - e:\programmi\pgsoft\agent\pgweb.exe (file missing)
-
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - http://hotsearchbar.com/toolbar2/winhot32.cab
==================================


Vai a PANNELLO DI CONTROLLO e clicca su OPZIONI INTERNET
nella finestra che si apre clicca i tre pulsanti
ELIMINA COOKIES - ELIMINA FILE - CANCELLA CRONOOLOGIA

al termine utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

sempre in modalità provvisoria fai una scansione Antivirus

Fai amche una scansione antivirus on line da questo indirizzo
http://security.symantec.com/sscv6/default.asp?productid=globalsites&langid=it&venid=sym

Utilizza questo programma
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=1041
Collaboratore Aiutamici
Torna in alto
 
J0eTemerar10
Inviato: Tuesday, May 02, 2006 10:42:53 AM
Rank: Member

Iscritto dal : 4/30/2006
Posts: 0
ciao :-(
nonostante il tuo consiglio che ho seguito alla lettera tutto è come prima: l'icona rossa a forma di divieto d'accesso continua a rimanere in basso a dx, anzi dirò di più, è l'unica che compare anche in modalità provvisoria.
Esiste una soluzione senza dover formatare tutto? Grazie.
Damiano
Torna in alto
 
alfonso
Inviato: Tuesday, May 02, 2006 10:56:05 AM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Hai fatto la scansione antivirus on line da questo indirizzo?

http://security.symantec.com/sscv6/default.asp?productid=globalsites&langid=it&venid=sym

Inserisci nuovamente il log aggiornato.
Collaboratore Aiutamici
Torna in alto
 
J0eTemerar10
Inviato: Tuesday, May 02, 2006 11:49:04 AM
Rank: Member

Iscritto dal : 4/30/2006
Posts: 0
l'ho fatto con un altro antivirus: AVIRA-AntivirGuard perchè quando ho cercato di farlo con quello del link mi ha dato questo messaggio:"Impossibile eseguire la Scansione dei virus
Per eseguire la Scansione dei virus, è necessario installare Microsoft Internet Explorer 5.0 o versioni successive e attivare ActiveX e l'Esecuzione script.
Per ulteriori informazioni, consultare la Guida."
Torna in alto
 
alfonso
Inviato: Tuesday, May 02, 2006 4:56:42 PM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Se non ti permette di fare la scansione on line significa che il sistema é infetto, non resta che formattare il disco fisso e reinstallare tutto.
Collaboratore Aiutamici
Torna in alto
 
J0eTemerar10
Inviato: Tuesday, May 02, 2006 11:14:29 PM
Rank: Member

Iscritto dal : 4/30/2006
Posts: 0
ciao,
dopo aver spento e riavviato il Pc l'icona a forma di divieto di accesso è sparita. :-)
Rimane "about:blank" come pagina iniziale di IE e a questo punto preferirei non riformattare.
Grazie e, se avete qualche idea per far sparire "about:blank" vi ringrazio tantissimo.
Damiano
Torna in alto
 
alfonso
Inviato: Wednesday, May 03, 2006 10:24:47 AM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Inserisci il log aggiornato
Collaboratore Aiutamici
Torna in alto
 
J0eTemerar10
Inviato: Thursday, May 04, 2006 12:57:43 AM
Rank: Member

Iscritto dal : 4/30/2006
Posts: 0
questo il log aggiornato:

Logfile of HijackThis v1.99.1
Scan saved at 0.48.22, on 04/05/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
H:\WINNT\System32\smss.exe
H:\WINNT\system32\winlogon.exe
H:\WINNT\system32\services.exe
H:\WINNT\system32\lsass.exe
H:\WINNT\system32\svchost.exe
H:\WINNT\System32\WBEM\WinMgmt.exe
H:\WINNT\Explorer.EXE
F:\CWS\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = H:\WINNT\system32\blanket.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - H:\WINNT\system32\hp563E.tmp (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - H:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Matrox Powerdesk] H:\WINNT\system32\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [Disc Detector] H:\Programmi\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] H:\Programmi\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Gene USB Monitor] H:\WINNT\system32\USBMonit.exe
O4 - HKLM\..\Run: [NeroCheck] H:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "H:\WINNT\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] H:\Programmi\ACE Mega CoDecS Pack\Media Player Classic\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [REGSHAVE] H:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ICQ Lite] H:\Programmi\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Lexmark X1100 Series] "H:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [Zone Labs Client] H:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [avgnt] "H:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Skype] "H:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AIM] F:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\RunOnce: [ICQ Lite] H:\Programmi\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Gamma Loader.lnk = H:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = H:\Programmi\FinePixViewer\QuickDCF.exe
O8 - Extra context menu item: &Cerca con Google - res://h:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://h:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link a ritroso - res://h:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://h:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Ricerca utilizzando PGWeb - e:\programmi\pgsoft\agent\pgweb.exe
O8 - Extra context menu item: Versione cache della pagina - res://h:\programmi\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: (no name) - {4B30061A-5B39-11D3-80F8-0090276F843F} - H:\WINNT\system32\shdocvw.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - H:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - H:\WINNT\system32\Shdocvw.dll
O12 - Plugin for .mp4: H:\Programmi\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F5BC716E-2650-4B08-9235-C110CF95017F} (Connessione Tiscali) - http://selfcare.tiscali.it/scripts/oneclick/ConnessioneTiscali.cab
O20 - Winlogon Notify: nwprovau - H:\WINNT\SYSTEM32\nwprovau.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - H:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - H:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - H:\WINNT\system32\ZoneLabs\isafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - H:\WINNT\system32\CTSvcCDA.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - H:\WINNT\System32\dmadmin.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - H:\WINNT\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - H:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - H:\WINNT\system32\mgabg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - H:\WINNT\system32\ZoneLabs\vsmon.exe
Torna in alto
 
alfonso
Inviato: Thursday, May 04, 2006 11:35:49 AM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Ciao ,
esegui queste operazioni

Disattiva il ripristino di configurazione, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=257&SH=N

Riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono.

==================================
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = H:\WINNT\system32\blanket.htm
-
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - H:\WINNT\system32\hp563E.tmp (file missing)
-
O9 - Extra button: (no name) - {4B30061A-5B39-11D3-80F8-0090276F843F} - H:\WINNT\system32\shdocvw.dll
==================================

Con la funzione CERCA di Windows, cerca ed elimina questi file,
==================================
blanket.htm
hp563E.tmp
==================================


Vai a PANNELLO DI CONTROLLO e clicca su OPZIONI INTERNET
nella finestra che si apre clicca i tre pulsanti
ELIMINA COOKIES - ELIMINA FILE - CANCELLA CRONOOLOGIA

al termine utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

sempre in modalità provvisoria fai una scansione Antivirus

quindi riavvia il computer e controlla se il problema e risolto, se e tutto OK riattiva il ripristino configurazione disattivato all'inizio di questa procedura e crea un nuovo punto di ripristino, leggi qui alla voce 8
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=170&SH=N

Fai una scansione antivirus on line da questo indirizzo
http://security.symantec.com/sscv6/default.asp?productid=globalsites&langid=it&venid=sym

Utilizza questo programma
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=1041
Collaboratore Aiutamici
Torna in alto
 
J0eTemerar10
Inviato: Friday, May 05, 2006 12:44:03 PM
Rank: Member

Iscritto dal : 4/30/2006
Posts: 0
Tutto ok!!
Nessun'altro problema...Grazie!!!!<img src=icon_smile.gif border=0 align=middle><img src=icon_smile_approve.gif border=0 align=middle>
damiano
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo log


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.