rimozione virus trojan

[nicolas s.]

:help: eccomi di nuovo, qualcuno sa dirmi per favore come si può rimuovere Win32:ConHook-AT [Trj] Trojan Horse , dal momento che lo elimino, mi dice che è in uso da altri programmi, ma io non ho aperto nessun altro programma, voi sapete come posso risolvere??? grazie:help:

 

[4015]

risposta

riesci a postare un log di hijackthis?
e quale antivirus hai installato?

 

[marco XP2400+]

riesci a postare un log di hijackthis?
e quale antivirus hai installato?

stava provando ad installare avs ma si è bloccato quando nella procedura di installazione gli è stato chiesto di inserire il codice di attivazione http://www.tomshw.it/forum/showthread.php?t=59558

se posti il log di hijackthis 4015 ti aiuta http://www.tomshw.it/forum/showthread.php?t=59563
provato per credere!!!!

 

[nicolas s.]

io ho installato avast antivirus, solo che non sono praticissimo di computer, cioè sò abbastanza bene usarli ma non fino a questo punto, il problema, come ho già detto, è la rimozione di un virus collocato in system 32, e durante la scansione mi dice che non si può eliminare perchè è in uso da altri proglammi, poichè non ho aperto nessun programma oltre che ad avast non saprei come risolvere. spero che mi aiutate con spiegazioni e passaggi semplici, grazie mille.

 

[nicolas s.]

ecco il risultato!!

Logfile of HijackThis v1.99.1
Scan saved at 18.36.36, on 02/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Programmi\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE
C:\Programmi\BearShare\BearShare.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\WINDOWS\retadpu.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
c:\progra~1\intern~1\iexplore.exe
C:\Programmi\VIA\RAID\raid_tool.exe
C:\Programmi\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\Utente\IMPOST~1\Temp\Rar$EX00.922\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://kingkongsearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alice.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
R3 - URLSearchHook: 3 Search with Google - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - C:\Programmi\Google Toolbar\toolbar-w-google-r.dll (file missing)
O2 - BHO: (no name) - {00d01972-cf00-4f66-8448-d8ab7530014a} - C:\WINDOWS\system32\dx8frg.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: XBTP01621 - {9EBBE90B-282E-4c39-8A7E-120749169F0F} - C:\PROGRA~1\BEARSH~2\tbu04766\MediaBar.dll (file missing)
O2 - BHO: XBTB06823 - {BA463437-C3DE-47da-8280-87596824388A} - C:\PROGRA~1\GOOGLE~1\TOOLBA~1.DLL (file missing)
O2 - BHO: (no name) - {DEBEB52F-CFA6-4647-971F-3EDB75B63AFA} - C:\WINDOWS\system32\tmp90.tmp.dll
O2 - BHO: FastRX - {E09962E7-A39E-4F60-8003-66D57BED27B7} - C:\WINDOWS\system32\fastRX.dll
O2 - BHO: XBTP01621 - {F6104497-54FD-4688-9162-5115CC8AB0FB} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll (file missing)
O3 - Toolbar: BearShare MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Programmi\BearShare MediaBar\tbu04766\MediaBar.dll (file missing)
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programmi\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing)
O3 - Toolbar: 3 Search with Google - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - C:\Programmi\Google Toolbar\toolbar-w-google-r.dll (file missing)
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CaAvTray] "C:\Programmi\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Programmi\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"
O4 - HKLM\..\Run: [BearShare] "C:\Programmi\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] Need for Speed Carbon
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\Aethra\ADSL EB1070 USB\CnxTrApp.dll",AppEntry -REG "Aethra\ADSL EB1070 USB"
O4 - HKLM\..\Run: [BearFlix] "C:\Programmi\BearFlix\bearflix.exe" /pause
O4 - HKLM\..\Run: [WinFlyer32.dll] "rundll32.exe" C:\WINDOWS\system32\WinFlyer32.dll,Run
O4 - HKLM\..\Run: [NetService] C:\DOCUME~1\Utente\IMPOST~1\Temp\tmp2.tmp.exe /run
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu.exe
O4 - HKLM\..\Run: [kpx] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\fastRX.dll DllInitApp
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\ljifcb.dll",realset
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [New vc] C:\DOCUME~1\Utente\DATIAP~1\CLOCKJ~1\mpegitch.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programmi\VIA\RAID\raid_tool.exe

 

[nicolas s.]

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab53083.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} (Chess Object) - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab53083.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab53083.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab53083.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab53852.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A82C4A1-72B2-438C-8F2C-762305A2E479}: NameServer = 85.37.17.40 85.38.28.85
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dx8frg - C:\WINDOWS\SYSTEM32\dx8frg.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Programmi\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Programmi\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

!!!:help: !!!

 

[Togix]

nicolas s. il log potresti anche farlo analizzare tu stesso sul sito: http://www.hijackthis.de/it

E' un'operazione semplicissima e che potrebbe tornarti utile anche in futuro. :ok:

 

[4015]

risposta

scusatemi per il ritardo

il log è un campo minato!!!

tra un pò ti dirò cosa fare!!

 

[4015]

risposta

scarica Ccleaner da qui
http://download.piriform.com/ccsetup137.exe
Non installare la toolbar di Yahoo durante la procedura di installazione,
,finita l'installazione, lascia le impostazioni di default del programma tranne che ,
cliccando su "Impostazioni">Avanzate" togli la spunta dalla casella
"Cancella file in windows temp solo se più vecchi di 48 ore"

disabilita il ripristino di sistema e riavvia in modalità provvisoria;
fai uno scan con hijackthis e fixa queste:

C:\WINDOWS\retadpu.exe

c:\progra~1\intern~1\iexplore.exe

C:\DOCUME~1\Utente\IMPOST~1\Temp\Rar$EX00.922\Hija ckThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R3 - URLSearchHook: 3 Search with Google - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - C:\Programmi\Google Toolbar\toolbar-w-google-r.dll (file missing)

O2 - BHO: (no name) - {00d01972-cf00-4f66-8448-d8ab7530014a} - C:\WINDOWS\system32\dx8frg.dll

O2 - BHO: XBTP01621 - {9EBBE90B-282E-4c39-8A7E-120749169F0F} - C:\PROGRA~1\BEARSH~2\tbu04766\MediaBar.dll (file missing)

O2 - BHO: XBTB06823 - {BA463437-C3DE-47da-8280-87596824388A} - C:\PROGRA~1\GOOGLE~1\TOOLBA~1.DLL (file missing)

O2 - BHO: (no name) - {DEBEB52F-CFA6-4647-971F-3EDB75B63AFA} - C:\WINDOWS\system32\tmp90.tmp.dll

O2 - BHO: FastRX - {E09962E7-A39E-4F60-8003-66D57BED27B7} - C:\WINDOWS\system32\fastRX.dll

O2 - BHO: XBTP01621 - {F6104497-54FD-4688-9162-5115CC8AB0FB} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll (file missing)

O3 - Toolbar: BearShare MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Programmi\BearShare MediaBar\tbu04766\MediaBar.dll (file missing)

O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programmi\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing)

O3 - Toolbar: 3 Search with Google - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - C:\Programmi\Google Toolbar\toolbar-w-google-r.dll (file missing)

O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] Need for Speed Carbon

O4 - HKLM\..\Run: [BearFlix] "C:\Programmi\BearFlix\bearflix.exe" /pause

O4 - HKLM\..\Run: [WinFlyer32.dll] "rundll32.exe" C:\WINDOWS\system32\WinFlyer32.dll,Run

O4 - HKLM\..\Run: [NetService] C:\DOCUME~1\Utente\IMPOST~1\Temp\tmp2.tmp.exe /run

O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu.exe

O4 - HKLM\..\Run: [kpx] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\fastRX.dll DllInitApp

O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\ljifcb.dll",realset

O4 - HKCU\..\Run: [New vc] C:\DOCUME~1\Utente\DATIAP~1\CLOCKJ~1\mpegitch.exe

O4 - Startup: PowerReg Scheduler.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)

O20 - Winlogon Notify: dx8frg - C:\WINDOWS\SYSTEM32\dx8frg.dll

Rendi visibili file e cartelle nascosti (vai in start>impostazioni>pannello di
controllo>opzioni cartella, e clicca su "visualizzazione". Seleziona "visualizza file
e cartelle nascosti", "visualizza il contenuto delle cartelle di sistema" e
deseleziona "nascondi file protetti e di sistema". Clicca su OK.,
una volta finito cerca e se trovi cancella i seguenti files:

C:\WINDOWS\SYSTEM32\dx8frg.dll
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Messenger\msmsgs.exe
C:\DOCUME~1\Utente\DATIAP~1\CLOCKJ~1\mpegitch.exe
C:\WINDOWS\ljifcb.dll
C:\WINDOWS\system32\rundll32.exe ---C:\WINDOWS\system32\fastRX.dll
C:\WINDOWS\retadpu.exe
C:\DOCUME~1\Utente\IMPOST~1\Temp\tmp2.tmp.exe
C:\WINDOWS\system32\WinFlyer32.dll
C:\Programmi\BearFlix\bearflix.exe
C:\Programmi\Google Toolbar\toolbar-w-google-r.dll
C:\Programmi\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing)
C:\Programmi\BearShare MediaBar\tbu04766\MediaBar.dll
C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll
C:\WINDOWS\system32\fastRX.dll
C:\WINDOWS\system32\tmp90.tmp.dll
C:\PROGRA~1\GOOGLE~1\TOOLBA~1.DLL (file missing)
C:\PROGRA~1\BEARSH~2\tbu04766\MediaBar.dll
C:\WINDOWS\system32\dx8frg.dll
C:\Programmi\Google Toolbar\toolbar-w-google-r.dll
C:\WINDOWS\retadpu.exe

dai una ripulita completa con ccleaner utilizzando tutte le sue funzioni

riavvia in modalità normale e postami un nuovo log di hijackthis

 

[4015]

risposta

p.s. ti sto facendo anche cancellare dei file legati alla toolbar di google, alcuni legati al messanger e qualche altro legato a qualche programma che magari utilizzeresti normalmente .......non preoccuparti perche comunque li potari sempre reinstallare

è necessario cancellarli anche perchè ho dovuto lavorare un sacco con il tuo log, però è l'unico modo per eliminare i vari problemi che hai.

vai tranquillo

 

[nicolas s.]

ho un problema, quando è il momento di scegliere la modalità provvisoria, le frecce direzionali non vanno, quindi sono obbligato ad aspettare che finiscano i 30 sec. così mi carica normalmente window. hai un idea del perchè?

 

[nicolas s.]

al posto di portare il mio pc alla modalità provvisoria, non posso fixare normalmente??? rispondimi quando hai tempo non preoccuparti ciao grazie.

PS= nel mio pc ho dei dati importanti come fatture, ecc. spero che con i tuoi procedimenti non rischio di perderli!!! ciao buona serata.:)

 

[4015]

risposta

ciao
non preoccuparti perche, come già detto prima potresti avere qualche problema con la toolbar di google, il messanger e qualche altro programmino.....comunque risolvibili reinstallando suddetti programmi (cosa pertanto facilissima)

per accedere alla modalità provvisoria utilizza questo programmino seguendo questa guida
http://www.kuma215.it/WI/Mod_Provv.html


fammi sapere

 

[nicolas s.]

ecco il risultato del test

Logfile of HijackThis v1.99.1
Scan saved at 17.10.53, on 03/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Programmi\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE
C:\Programmi\BearShare\BearShare.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\VIA\RAID\raid_tool.exe
C:\Programmi\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\DOCUME~1\Utente\IMPOST~1\Temp\Rar$EX00.500\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://kingkongsearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alice.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
O2 - BHO: (no name) - {00d01972-cf00-4f66-8448-d8ab7530014a} - C:\WINDOWS\system32\dx8frg.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CaAvTray] "C:\Programmi\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Programmi\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"
O4 - HKLM\..\Run: [BearShare] "C:\Programmi\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\Aethra\ADSL EB1070 USB\CnxTrApp.dll",AppEntry -REG "Aethra\ADSL EB1070 USB"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\xxvspp.dll",realset
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programmi\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab53083.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} (Chess Object) - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab53083.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab53083.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab53083.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab53852.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A82C4A1-72B2-438C-8F2C-762305A2E479}: NameServer = 85.37.17.40 85.38.28.85
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dx8frg - C:\WINDOWS\SYSTEM32\dx8frg.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Programmi\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Programmi\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

 

[nicolas s.]

da quanto ho visto non tutti i file che mi hai detto di cancellare si sono cancellati, ho provato più volte ma niente da fare!!! non so il perchè, tu?
grazie ciao