<BLOCKQUOTE id=quote><font size=1 face="Sans Serif, Arial, Helvetica" id=quote>quote:<hr height=1 noshade id=quote>
ragazzi aiutatemi,un amico è stato infettato da webrebates e toprebates,
e credo ne abbia anche altri di file infetti,infatti in "istallazione applicazioni" risulta "rebate natio"è proprio il virus,il pc si blocca in maniera grave,sono state fatte molte tipo di scansioni,ora ha fatto hijackthis lo dovrebbere risolvere, io ho il suo log di hijackthis,per favore vorrei mi diciate quale righe gli devo fare eliminare,
poi volevo chiedere se si eliminano non è può succedere che qualcosa non va più nel pc?
vorrei solo togliere tutti i virus sicuri presenti,e sapere come procedere per non farli ritornare,cioè cosa devo fare dopo aver tolto i righi
ps: non fate caso a i siti stranieri,è all'estero. per favore è urgente aiutatemi.
ecco il log:
Logfile of HijackThis v1.99.1
Scan saved at 23:05:29, on 24.02.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\PERSON~1\backweb\2581593\Program\SERVIC~1.EXE
C:\Programme\Personal Security Service\Anti-Virus\fsgk32st.exe
C:\Programme\Personal Security Service\backweb\2581593\program\fsbwsys.exe
C:\Programme\Personal Security Service\Anti-Virus\FSGK32.EXE
C:\Programme\Personal Security Service\Common\FSMA32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Personal Security Service\Common\FSMB32.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Personal Security Service\Anti-Virus\fssm32.exe
C:\Programme\Personal Security Service\Common\FCH32.EXE
C:\Programme\Personal Security Service\Common\FAMEH32.EXE
C:\Programme\Personal Security Service\Anti-Virus\fsav32.exe
C:\Programme\Personal Security Service\FWES\Program\fsdfwd.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Personal Security Service\backweb\2581593\Program\fspex.exe
C:\WINDOWS\mHotkey.exe
C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe
C:\Programme\Lexmark X1100 Series\lxbkbmon.exe
C:\Programme\Personal Security Service\Common\FSM32.EXE
C:\Programme\Personal Security Service\FSGUI\ispnews.exe
C:\Programme\Personal Security Service\FSGUI\fsguiexe.exe
C:\Programme\RebateNation4\RebateNation.exe
C:\Programme\CA\eTrust Internet Security Suite\caissdt.exe
C:\Programme\CA\eTrust Internet Security Suite\eTrust PestPatrol
Anti-Spyware\PPActiveDetection.exe
C:\Programme\Messenger\MSMSGS.EXE
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\RebateNation4\r95300.exe
C:\Programme\Skype\Plugin Manager\SkypePM.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\Programme\eMule\emule.exe
C:\Programme\eMule\emule.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.t-online.de/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Programme\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [CHotKey] mHotkey.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [ToADiMon.exe]
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programme\Personal Security Service\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programme\Personal Security Service\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Programme\Personal Security Service\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Programme\Personal Security Service\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [CaISSDT] "C:\Programme\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Programme\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\MSMSGS.EXE" /background
C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_5\MESSENGER\TOM.EXE
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: Rebate Nation. - file://C:\Programme\RebateNation4\rebatesnation\rebatetnation\rebnC0.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.hyrican.de
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cabO16 - DPF: {556DDE35-E955-11D0-A707-000000521957} -
http://www.xblock.com/download/xclean_micro.exeO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cabO16 - DPF: {7CAA184C-91E7-4E84-8681-32F2A0D68DF1} (Apollon Class) -
http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/it/Daphne.cabO16 - DPF: {83252F41-71B7-492E-8B2E-A68AA3E301E7} -
http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/it/Penelope.cabO16 - DPF: {C32EE4CB-E99F-4147-BFAE-67FF3B6F8076} -
http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/it/Juliette.cabO16 - DPF: {D35B74F6-E099-4CDD-91E0-9EA7C30059D1} -
http://www.dialer-shop.com/webdial/webdial.cabO16 - DPF: {D909E944-3A96-4280-9983-9D00001973A4} -
http://www.browserplugin.com/plugin/exe/access_special.ocxO17 - HKLM\System\CCS\Services\Tcpip\..\{15559E8F-D3CF-4721-8AE8-D1054F5AD58A}: NameServer = 217.237.151.142 217.237.150.188
O17 - HKLM\System\CS1\Services\Tcpip\..\{15559E8F-D3CF-4721-8AE8-D1054F5AD58A}: NameServer = 217.237.151.142 217.237.150.188
O18 - Protocol hijack: mhtml -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: T-TeleSec Personal Security Service (BackWeb Client - 2581593) - Unknown owner -
C:\PROGRA~1\PERSON~1\backweb\2581593\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Programme\Personal Security Service\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Programme\Personal Security Service\backweb\2581593\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure
Corporation - C:\Programme\Personal Security Service\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Programme\Personal Security Service\Common\FSMA32.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - -
C:\WINDOWS\SYSTEM32\slserv.ex
grazie in anticipo,rispondetemi il prima possibile per favore
<hr height=1 noshade id=quote></BLOCKQUOTE id=quote></font id=quote><font face="Sans Serif, Arial, Helvetica" size=2 id=quote>
grazie mille alfonso,
stasera gli farò provare tutto,ti farò sapere,grazie.