Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » aiuta

aiuta Opzioni
Topic Precedente · Topic Sucessivo
Paolo1986
Inviato: Sunday, February 25, 2007 1:08:39 AM
Rank: Member

Iscritto dal : 7/12/2004
Posts: 6
ragazzi aiutatemi,un amico è stato infettato da webrebates e toprebates,
e credo ne abbia anche altri di file infetti,infatti in "istallazione applicazioni" risulta "rebate natio"è proprio il virus,il pc si blocca in maniera grave,sono state fatte molte tipo di scansioni,ora ha fatto hijackthis lo dovrebbere risolvere, io ho il suo log di hijackthis,per favore vorrei mi diciate quale righe gli devo fare eliminare,
poi volevo chiedere se si eliminano non è può succedere che qualcosa non va più nel pc?
vorrei solo togliere tutti i virus sicuri presenti,e sapere come procedere per non farli ritornare,cioè cosa devo fare dopo aver tolto i righi
ps: non fate caso a i siti stranieri,è all'estero. per favore è urgente aiutatemi.
ecco il log:
Logfile of HijackThis v1.99.1

Scan saved at 23:05:29, on 24.02.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\PERSON~1\backweb\2581593\Program\SERVIC~1.EXE
C:\Programme\Personal Security Service\Anti-Virus\fsgk32st.exe
C:\Programme\Personal Security Service\backweb\2581593\program\fsbwsys.exe
C:\Programme\Personal Security Service\Anti-Virus\FSGK32.EXE
C:\Programme\Personal Security Service\Common\FSMA32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Personal Security Service\Common\FSMB32.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Personal Security Service\Anti-Virus\fssm32.exe
C:\Programme\Personal Security Service\Common\FCH32.EXE
C:\Programme\Personal Security Service\Common\FAMEH32.EXE
C:\Programme\Personal Security Service\Anti-Virus\fsav32.exe
C:\Programme\Personal Security Service\FWES\Program\fsdfwd.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Personal Security Service\backweb\2581593\Program\fspex.exe
C:\WINDOWS\mHotkey.exe
C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe
C:\Programme\Lexmark X1100 Series\lxbkbmon.exe
C:\Programme\Personal Security Service\Common\FSM32.EXE
C:\Programme\Personal Security Service\FSGUI\ispnews.exe
C:\Programme\Personal Security Service\FSGUI\fsguiexe.exe
C:\Programme\RebateNation4\RebateNation.exe
C:\Programme\CA\eTrust Internet Security Suite\caissdt.exe
C:\Programme\CA\eTrust Internet Security Suite\eTrust PestPatrol
Anti-Spyware\PPActiveDetection.exe
C:\Programme\Messenger\MSMSGS.EXE
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\RebateNation4\r95300.exe
C:\Programme\Skype\Plugin Manager\SkypePM.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\Programme\eMule\emule.exe
C:\Programme\eMule\emule.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Programme\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [CHotKey] mHotkey.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [ToADiMon.exe]
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programme\Personal Security Service\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programme\Personal Security Service\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Programme\Personal Security Service\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Programme\Personal Security Service\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [CaISSDT] "C:\Programme\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Programme\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\MSMSGS.EXE" /background
C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_5\MESSENGER\TOM.EXE
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: Rebate Nation. - file://C:\Programme\RebateNation4\rebatesnation\rebatetnation\rebnC0.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.hyrican.de
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {7CAA184C-91E7-4E84-8681-32F2A0D68DF1} (Apollon Class) - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/it/Daphne.cab
O16 - DPF: {83252F41-71B7-492E-8B2E-A68AA3E301E7} - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/it/Penelope.cab
O16 - DPF: {C32EE4CB-E99F-4147-BFAE-67FF3B6F8076} - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/it/Juliette.cab
O16 - DPF: {D35B74F6-E099-4CDD-91E0-9EA7C30059D1} - http://www.dialer-shop.com/webdial/webdial.cab
O16 - DPF: {D909E944-3A96-4280-9983-9D00001973A4} - http://www.browserplugin.com/plugin/exe/access_special.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{15559E8F-D3CF-4721-8AE8-D1054F5AD58A}: NameServer = 217.237.151.142 217.237.150.188
O17 - HKLM\System\CS1\Services\Tcpip\..\{15559E8F-D3CF-4721-8AE8-D1054F5AD58A}: NameServer = 217.237.151.142 217.237.150.188
O18 - Protocol hijack: mhtml -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: T-TeleSec Personal Security Service (BackWeb Client - 2581593) - Unknown owner -
C:\PROGRA~1\PERSON~1\backweb\2581593\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Programme\Personal Security Service\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Programme\Personal Security Service\backweb\2581593\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure
Corporation - C:\Programme\Personal Security Service\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Programme\Personal Security Service\Common\FSMA32.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - -
C:\WINDOWS\SYSTEM32\slserv.ex

grazie in anticipo,rispondetemi il prima possibile per favore
Torna in alto
 
Sponsor
Inviato: Sunday, February 25, 2007 1:08:39 AM

 
Torna in alto
 
alfonso
Inviato: Sunday, February 25, 2007 10:56:16 AM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Ciao ,
esegui queste operazioni

Disattiva il ripristino di configurazione, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=homeandCodSw=257andSH=N

Riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=homeandCodSw=344andSH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono.

==================================
O8 - Extra context menu item: Rebate Nation. - file://C:\Programme\RebateNation4\rebatesnation\rebatetnation\rebnC0.htm
-
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - :windir:\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - :windir:\Network Diagnostic\xpnetdiag.exe (file missing)
-
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {7CAA184C-91E7-4E84-8681-32F2A0D68DF1} (Apollon Class) - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/it/Daphne.cab
O16 - DPF: {83252F41-71B7-492E-8B2E-A68AA3E301E7} - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/it/Penelope.cab
O16 - DPF: {C32EE4CB-E99F-4147-BFAE-67FF3B6F8076} - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/it/Juliette.cab
O16 - DPF: {D35B74F6-E099-4CDD-91E0-9EA7C30059D1} - http://www.dialer-shop.com/webdial/webdial.cab
O16 - DPF: {D909E944-3A96-4280-9983-9D00001973A4} - http://www.browserplugin.com/plugin/exe/access_special.ocx
-
O18 - Protocol hijack: mhtml -
==================================


Vai a PANNELLO DI CONTROLLO e clicca su OPZIONI INTERNET
nella finestra che si apre clicca i tre pulsanti
ELIMINA COOKIES - ELIMINA FILE - CANCELLA CRONOOLOGIA
poi clicca il pulsante PAGINA PREDEFINITA e su OK

al termine utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

sempre in modalità provvisoria fai una scansione Antivirus

quindi riavvia il computer e controlla se il problema e risolto, se e tutto OK riattiva il ripristino configurazione disattivato all'inizio di questa procedura e crea un nuovo punto di ripristino, leggi qui alla voce 8
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=170&SH=N

Fai una scansione antivirus on line da questo indirizzo
http://support.f-secure.com/enu/home/ols.shtml

Collaboratore Aiutamici
Torna in alto
 
Paolo1986
Inviato: Sunday, February 25, 2007 11:09:47 AM
Rank: Member

Iscritto dal : 7/12/2004
Posts: 6
<BLOCKQUOTE id=quote><font size=1 face="Sans Serif, Arial, Helvetica" id=quote>quote:<hr height=1 noshade id=quote>
ragazzi aiutatemi,un amico è stato infettato da webrebates e toprebates,
e credo ne abbia anche altri di file infetti,infatti in "istallazione applicazioni" risulta "rebate natio"è proprio il virus,il pc si blocca in maniera grave,sono state fatte molte tipo di scansioni,ora ha fatto hijackthis lo dovrebbere risolvere, io ho il suo log di hijackthis,per favore vorrei mi diciate quale righe gli devo fare eliminare,
poi volevo chiedere se si eliminano non è può succedere che qualcosa non va più nel pc?
vorrei solo togliere tutti i virus sicuri presenti,e sapere come procedere per non farli ritornare,cioè cosa devo fare dopo aver tolto i righi
ps: non fate caso a i siti stranieri,è all'estero. per favore è urgente aiutatemi.
ecco il log:
Logfile of HijackThis v1.99.1

Scan saved at 23:05:29, on 24.02.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\PERSON~1\backweb\2581593\Program\SERVIC~1.EXE
C:\Programme\Personal Security Service\Anti-Virus\fsgk32st.exe
C:\Programme\Personal Security Service\backweb\2581593\program\fsbwsys.exe
C:\Programme\Personal Security Service\Anti-Virus\FSGK32.EXE
C:\Programme\Personal Security Service\Common\FSMA32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Personal Security Service\Common\FSMB32.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Personal Security Service\Anti-Virus\fssm32.exe
C:\Programme\Personal Security Service\Common\FCH32.EXE
C:\Programme\Personal Security Service\Common\FAMEH32.EXE
C:\Programme\Personal Security Service\Anti-Virus\fsav32.exe
C:\Programme\Personal Security Service\FWES\Program\fsdfwd.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Personal Security Service\backweb\2581593\Program\fspex.exe
C:\WINDOWS\mHotkey.exe
C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe
C:\Programme\Lexmark X1100 Series\lxbkbmon.exe
C:\Programme\Personal Security Service\Common\FSM32.EXE
C:\Programme\Personal Security Service\FSGUI\ispnews.exe
C:\Programme\Personal Security Service\FSGUI\fsguiexe.exe
C:\Programme\RebateNation4\RebateNation.exe
C:\Programme\CA\eTrust Internet Security Suite\caissdt.exe
C:\Programme\CA\eTrust Internet Security Suite\eTrust PestPatrol
Anti-Spyware\PPActiveDetection.exe
C:\Programme\Messenger\MSMSGS.EXE
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\RebateNation4\r95300.exe
C:\Programme\Skype\Plugin Manager\SkypePM.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\Programme\eMule\emule.exe
C:\Programme\eMule\emule.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Programme\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [CHotKey] mHotkey.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [ToADiMon.exe]
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programme\Personal Security Service\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programme\Personal Security Service\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Programme\Personal Security Service\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Programme\Personal Security Service\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [CaISSDT] "C:\Programme\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Programme\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\MSMSGS.EXE" /background
C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_5\MESSENGER\TOM.EXE
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: Rebate Nation. - file://C:\Programme\RebateNation4\rebatesnation\rebatetnation\rebnC0.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.hyrican.de
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {7CAA184C-91E7-4E84-8681-32F2A0D68DF1} (Apollon Class) - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/it/Daphne.cab
O16 - DPF: {83252F41-71B7-492E-8B2E-A68AA3E301E7} - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/it/Penelope.cab
O16 - DPF: {C32EE4CB-E99F-4147-BFAE-67FF3B6F8076} - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/it/Juliette.cab
O16 - DPF: {D35B74F6-E099-4CDD-91E0-9EA7C30059D1} - http://www.dialer-shop.com/webdial/webdial.cab
O16 - DPF: {D909E944-3A96-4280-9983-9D00001973A4} - http://www.browserplugin.com/plugin/exe/access_special.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{15559E8F-D3CF-4721-8AE8-D1054F5AD58A}: NameServer = 217.237.151.142 217.237.150.188
O17 - HKLM\System\CS1\Services\Tcpip\..\{15559E8F-D3CF-4721-8AE8-D1054F5AD58A}: NameServer = 217.237.151.142 217.237.150.188
O18 - Protocol hijack: mhtml -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: T-TeleSec Personal Security Service (BackWeb Client - 2581593) - Unknown owner -
C:\PROGRA~1\PERSON~1\backweb\2581593\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Programme\Personal Security Service\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Programme\Personal Security Service\backweb\2581593\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure
Corporation - C:\Programme\Personal Security Service\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Programme\Personal Security Service\Common\FSMA32.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - -
C:\WINDOWS\SYSTEM32\slserv.ex

grazie in anticipo,rispondetemi il prima possibile per favore


<hr height=1 noshade id=quote></BLOCKQUOTE id=quote></font id=quote><font face="Sans Serif, Arial, Helvetica" size=2 id=quote>

grazie mille alfonso,
stasera gli farò provare tutto,ti farò sapere,grazie.
Torna in alto
 
Paolo1986
Inviato: Sunday, February 25, 2007 5:50:39 PM
Rank: Member

Iscritto dal : 7/12/2004
Posts: 6
scusami alfonzo,
vorrei chiederti una cosa ,
posso riavviare windows in modalità provvisoria con rete anzichè modlità provvisoria?
e così facendo puù funzionare ad esempio emule?
grazie.
Torna in alto
 
alfonso
Inviato: Tuesday, February 27, 2007 10:52:40 AM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
No che non puoi, in modalità provvisoria non vengono eseguiti nessun tipo di programma, nemmeno l'antivirus, anche se potresti collegare con emule non dovresti farlo per mancanza di antivirus, comunque non puoi in nessun caso, la modalità provvisoria serve solo per effettuare riparazioni tecniche.
Collaboratore Aiutamici
Torna in alto
 
Paolo1986
Inviato: Tuesday, February 27, 2007 12:32:24 PM
Rank: Member

Iscritto dal : 7/12/2004
Posts: 6
grazie alfonso,
lo pensavo infatti che non era possibile,comunque credo che
quella persona abbia istallato o disistallato qualche programma e forse le righe sono cambiate,poi ha disistalalto da
istallazioni applicazioni il nome del virus,ma risulta dalla scansione che li ha ancora,
anche se non sembrano istallati per ora,cominqeu psoterò un nuovo log come nuovo argomento non appena me lo da insieme ai nomi dei virus che gli sono usciti nella scansione online così sarò più preciso,scusami molto saresti molto gentile se poi mi diresti le righe da eliminare li,grazie,ciao.
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » aiuta


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.