Olimpo Informatico

jahmarley · Mortale devoto Registrato: 11/01/07 19:54 Messaggi: 14

ciao a tutti!!
ho un pò di problemi con il mio pc, e qualcuno mi ha indirizzato su questo sito!
non riesco a visualizzare nessuna pagina internet nonostanti il collegamento sia attivo, e molto più importante il mio antivirus avast mi segnala un centinaio di malware... win32:small-CGR[trj]...
vi prego potete aiutarmi?
come ho visto dalle altre pagine del forum ho scaricato hijackthis e ho eseguito la scansione. questo è quello che è risultato.

Logfile of HijackThis v1.99.1
Scan saved at 18.50.02, on 11/01/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\service32.exe
C:\WINDOWS\System32\carpserv.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\asferror.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Microsoft Money\System\reminder.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Digisoft AntiDialer\AntiDialer.exe
C:\Programmi\FinePixViewer\QuickDCF.exe
C:\Programmi\File comuni\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\wuauclt.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.shopnav.com/sidesearch.cgi?uid=11156459&id=1.20031
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.shopnav.com/sidesearch.cgi?uid=11156459&id=1.20031
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.shopnav.com/sidesearch.cgi?uid=11156459&id=1.20031
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
R3 - URLSearchHook: PerfectNavBHO Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing)
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: Band Class - {00027925-0017-4faf-9539-90E4AC0B9EC5} - C:\WINDOWS\eltt.dll (file missing)
O2 - BHO: NavErrRedir Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: edit_html Class - {14D1A72D-8705-11D8-B120-0040F46CB696} - C:\Documents and Settings\End User\Desktop\929181624.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Programmi\Web Accelerator\components\NOWImaging.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.2001.0001\it\msntb.dll
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Programmi\PeDevice\PeDev.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.2001.0001\it\msntb.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [updmgr] C:\Programmi\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost34.exe
O4 - HKLM\..\Run: [msnappau] "C:\Programmi\MSN Apps\Updater\01.02.0002.1001\it\msnappau.exe"
O4 - HKLM\..\Run: [2f2ebd309043] C:\WINDOWS\System32\atrace35.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [960539e7fbda] C:\WINDOWS\System32\asferror.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Programmi\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Programmi\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [MNI.UWFX5T_0001_LP1710] "C:\Documents and Settings\End User\Desktop\WinFixer2005ScannerInstallITA.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [eltupt] C:\WINDOWS\eltupt.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] \WkDetect.exe
O4 - HKCU\..\Run: [Reminder] C:\Programmi\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digisoft AntiDialer.lnk = C:\Programmi\Digisoft AntiDialer\AntiDialer.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Programmi\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Promemoria del Calendario di Microsoft Works.lnk = ?
O4 - Global Startup: updater.lnk = C:\Documents and Settings\End User\Desktop\virus\wupdater.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing)
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

vi prego aiutatemi! ditemi che devo fare per riattivare il mio computer!!!
grazie tante già da ora!!

Super.Man · Mortale devoto Registrato: 08/01/07 18:50 Messaggi: 10 Residenza: Krypton

Copia il log e inseriscilo nella spazio apposito in questo sito:
http://www.hijackthis.de/it

Smjert

Eh sì! sei veramente pieno!

Avvia HijackThis, premi Do a system scan only, spunta queste voci e poi premi FixChecked(Non fixare le voci in rosso se sai cos'è e l'hai installato/messo tu):

jahmarley · Mortale devoto Registrato: 11/01/07 19:54 Messaggi: 14

eheh... sto combinata davvero male eh???
ok cercherò di eseguire tutto quello che mi hai detto di fare!!
ti ringrazio già in anticipo intanto!

jahmarley · Mortale devoto Registrato: 11/01/07 19:54 Messaggi: 14

ciao! allora, ho cercato di fare tutto quello che mi hai detto, ma ho avuto scarsi risultati.
molte delle cose che mi hai detto di cancellare non ci sono sul mio computer, o meglio con la ricerca non le ho trovate.
ad esempio la cartella virus sul mio desktop non esiste...io poi non l'ho creata.
e per molte altre cose vale la stessa cosa.
quelle in rosso le avevo messo io,come il toolbar di msn, ma ho provveduto a eliminarlo.
web accelerator invece non sono riuscita a trovarlo.

cmq quand'ero in modalità provvisoria sono riuscita a cancellare solo:
-service32.exe
-C:\Documents and Settings\End User\Desktop\929181624.dll
-C:\WINDOWS\System32\atrace35.exe
-C:\WINDOWS\System32\asferror.exe
-C:\Programmi\MSN Apps\
-C:\Programmi\WildTangent
-C:\Programmi\Common files\

questo è il nuovo log di HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 16.44.09, on 12/01/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\carpserv.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Microsoft Money\System\reminder.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmi\Digisoft AntiDialer\AntiDialer.exe
C:\Programmi\FinePixViewer\QuickDCF.exe
C:\Programmi\File comuni\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Programmi\PeDevice\PeDev.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [msnappau] "C:\Programmi\MSN Apps\Updater\01.02.0002.1001\it\msnappau.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] \WkDetect.exe
O4 - HKCU\..\Run: [Reminder] C:\Programmi\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digisoft AntiDialer.lnk = C:\Programmi\Digisoft AntiDialer\AntiDialer.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Programmi\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Promemoria del Calendario di Microsoft Works.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jahmarleyc.spaces.live.com/PhotoUpload/MsnPUpld.cab?10,0,912,0
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://atlantide.virgilio.it/c6/download/DownloaderActiveX.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} - http://install.power-url.de/StarInstall.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - {735EB0B4-5D36-4D36-9E01-1B7D6D88EA35} - C:\DOCUME~1\ENDUSE~1\IMPOST~1\Temp\e.eee
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe

Smjert

é possibile che molte cartelle e file siano già state rimosse dal tuo antivirus.
Dato che hai rimosso msn c'è ancora questa linea da fixare:

jahmarley · Mortale devoto Registrato: 11/01/07 19:54 Messaggi: 14

ok farò come dici!

jahmarley · Mortale devoto Registrato: 11/01/07 19:54 Messaggi: 14

ho un problema..mentre fa la scanzione avast mi segnala un virus Win32:CTX su questo file

http://acs.pandasoftware.com/activescan/as5free/motor.cab\pskavs.DLL

che devo fare???
mi dice di chiudere la connessione

Smjert

Mi dimentico sempre... disattiva momentaneamente il controllo real-time di avast se no segnala un falso-positivo.

jahmarley · Mortale devoto Registrato: 11/01/07 19:54 Messaggi: 14

eh...scusa l'ignoranza....ma come si fa???
devo disattivare momentaneamente tutto avast?

pardon ancora per l'ignoranza

Smjert

Se clicchi con il destro sull'icona di avast che sta sulla barra di avvio, nel menu che viene fuori l'ultima voce in fondo dovrebbe essere "Arresta processi.." o qualcosa del genere (non ricordo Rolling Eyes

), per riattivarlo fai la stessa operazione.

jahmarley · Mortale devoto Registrato: 11/01/07 19:54 Messaggi: 14

quando lo disattivo termina anche la scansione di panda e mi dice di riprovare
ho anche sygate..(forse mi crea problemi anche quello??devo disattivarlo??)

Smjert

Bhe ma devi disattivarlo prima di fare la scansione con Panda!
Se neanche così va allora disattiva Sygate..

Smjert

Ecco il log di jahmarley (non importa se è sfasato.. riesco a leggerlo lo stesso!).

Incident Status Location

Adware:adware/iedriver Not disinfected c:\windows\system32\SearchBar.htm
Adware:adware/keenvalue Not disinfected c:\windows\system32\drivers\etc\hosts.bho
Adware:adware/delfinmedia Not disinfected c:\keys.ini
Adware:adware/downloadware Not disinfected c:\windows\Digital Signature 20021009.htm
Adware:adware/gator Not disinfected c:\windows\GatorUninstaller.log
Adware:adware/ieplugin Not disinfected c:\windows\kwv2.dat
Potentially unwanted tool:application/bestoffer Not disinfected c:\windows\smdat32a.sys
Potentially unwanted tool:application/winfixer2005 Not disinfected c:\programmi\file comuni\WinSoftware
Adware:adware/savenow Not disinfected c:\windows\system32\wsxsvc
Potentially unwanted tool:application/altnet Not disinfected c:\program files\Altnet
Potentially unwanted tool:application/myway Not disinfected c:\programmi\MyWay
Adware:adware/powersearch Not disinfected c:\programmi\PowerSearch
Spyware:spyware/new.net Not disinfected Windows Registry
Spyware:spyware/clipgenie Not disinfected Windows Registry
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\End User\Cookies\end user@atdmt[2].txt
Spyware:Cookie/DelfinMedia Not disinfected C:\Documents and Settings\End User\Cookies\end user@delfinproject[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\End User\Cookies\end user@doubleclick[1].txt
Dialer:Dialer.Gen Not disinfected C:\Documents and Settings\End User\Dati applicazioni\screensavers.exe
Potentially unwanted tool:Application/Altnet Not disinfected C:\Documents and Settings\End User\Impostazioni locali\Temp\__unin__.exe
Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\Programmi\File comuni\WinSoftware\CrXML.dll
Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\Programmi\File comuni\WinSoftware\PCheck.dll
Adware:Adware/DownloadWare Not disinfected C:\Programmi\MediaLoads\notify\notify.exe
Adware:Adware/Medload Not disinfected C:\Programmi\MediaLoads\v1\ML.exe
Potentially unwanted tool:Application/MyWay Not disinfected C:\Programmi\MyWay\myBar\1.bin\MY2NS.EXE
Spyware:Cookie/2o7 Not disinfected C:\RECYCLER\S-1-5-21-448539723-1682526488-854245398-1003\Dc270.txt
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\S-1-5-21-448539723-1682526488-854245398-1003\Dc287.txt
Spyware:Cookie/PointRoll Not disinfected C:\RECYCLER\S-1-5-21-448539723-1682526488-854245398-1003\Dc289.txt
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\S-1-5-21-448539723-1682526488-854245398-1003\Dc300.txt
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\S-1-5-21-448539723-1682526488-854245398-1003\Dc301.txt
Spyware:Cookie/Azjmp Not disinfected C:\RECYCLER\S-1-5-21-448539723-1682526488-854245398-1003\Dc302.txt
Spyware:Cookie/Enhance Not disinfected C:\RECYCLER\S-1-5-21-448539723-1682526488-854245398-1003\Dc307.txt
Spyware:Cookie/GoClick Not disinfected C:\RECYCLER\S-1-5-21-448539723-1682526488-854245398-1003\Dc308.txt
Spyware:Cookie/Casalemedia Not disinfected C:\RECYCLER\S-1-5-21-448539723-1682526488-854245398-1003\Dc311.txt
Spyware:Cookie/DelfinMedia Not disinfected C:\RECYCLER\S-1-5-21-448539723-1682526488-854245398-1003\Dc332.txt
Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\S-1-5-21-448539723-1682526488-854245398-1003\Dc334.txt
Spyware:Cookie/FortuneCity Not disinfected C:\RECYCLER\S-1-5-21-448539723-1682526488-854245398-1003\Dc344.txt
Spyware:Cookie/Humanclick Not disinfected C:\RECYCLER\S-1-5-21-448539723-1682526488-854245398-1003\Dc355.txt
Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\S-1-5-21-448539723-1682526488-854245398-1003\Dc356.txt
Spyware:Cookie/HotLog Not disinfected C:\RECYCLER\S-1-5-21-448539723-1682526488-854245398-1003\Dc357.txt
Spyware:Cookie/Itrack Not disinfected C:\RECYCLER\S-1-5-21-448539723-1682526488-854245398-1003\Dc360.txt
Spyware:Cookie/Mediaplex Not disinfected C:\RECYCLER\S-1-5-21-448539723-1682526488-854245398-1003\Dc390.txt
Spyware:Cookie/Overture Not disinfected C:\RECYCLER\S-1-5-21-448539723-1682526488-854245398-1003\Dc412.txt
Spyware:Cookie/QuestionMarket Not disinfected C:\RECYCLER\S-1-5-21-448539723-1682526488-854245398-1003\Dc416.txt
Spyware:Cookie/Serving-sys Not disinfected C:\RECYCLER\S-1-5-21-448539723-1682526488-854245398-1003\Dc433.txt
Spyware:Cookie/SpyLog Not disinfected C:\RECYCLER\S-1-5-21-448539723-1682526488-854245398-1003\Dc440.txt
Spyware:Cookie/onestat.com Not disinfected C:\RECYCLER\S-1-5-21-448539723-1682526488-854245398-1003\Dc441.txt
Spyware:Cookie/Statcounter Not disinfected C:\RECYCLER\S-1-5-21-448539723-1682526488-854245398-1003\Dc442.txt
Spyware:Cookie/Tradedoubler Not disinfected C:\RECYCLER\S-1-5-21-448539723-1682526488-854245398-1003\Dc449.txt
Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\S-1-5-21-448539723-1682526488-854245398-1003\Dc506.txt
Spyware:Cookie/Yadro Not disinfected C:\RECYCLER\S-1-5-21-448539723-1682526488-854245398-1003\Dc507.txt
Adware:Adware/GoodSearchNow Not disinfected C:\RECYCLER\S-1-5-21-448539723-1682526488-854245398-500\Dc1.exe
Adware:Adware/GoodSearchNow Not disinfected C:\RECYCLER\S-1-5-21-448539723-1682526488-854245398-500\Dc2.exe
Adware:Adware/IEDriver Not disinfected C:\RECYCLER\S-1-5-21-448539723-1682526488-854245398-500\Dc3.exe
Spyware:Spyware/UrlSpy Not disinfected C:\RECYCLER\S-1-5-21-448539723-1682526488-854245398-500\Dc4.exe
Spyware:Spyware/BetterInet Not disinfected C:\RECYCLER\S-1-5-21-448539723-1682526488-854245398-500\Dc7\updmgr\data2.dat
Adware:Adware/GoodSearchNow Not disinfected C:\WINDOWS\iexplore32.dll
Spyware:Spyware/UrlSpy Not disinfected C:\WINDOWS\system32\a3d55138.exe
Adware:Adware/IEDriver Not disinfected C:\WINDOWS\system32\Searchx.htm
Virus:W32/Sober.D.worm Disinfected C:\WINDOWS\system32\wintmpx33.dat[C:\WINDOWS\system32\wintmpx33.zip][MS-Q4232367791.exe]
Potentially unwanted tool:Application/Altnet Not disinfected C:\WINDOWS\Temp\Altnet\dmfiles.cab[AltnetUninstall.exe]
Potentially unwanted tool:Application/Altnet Not disinfected C:\WINDOWS\Temp\Altnet\Setup.exe
Adware:Adware/GoodSearchNow Not disinfected C:\WINDOWS\Temp\_avast4_\trzF.tmp

Smjert

Svuota il cestino!
Hai dei malware probabilmente cancellati prima là dentro!

Prima di tutto scarica VundoFix sul desktop.
Avvialo e premi Scan for Vundo, quando ha finito la scansione (se ha trovato qualcosa) premi Remove Vundo.
Il tuo desktop diventerà bianco e il tool comincerà la rimozione.
Quando ha finito ti chiede di spegnere (o riavviare) il pc, tu accetta.

Riavvia il pc in Modalità Provvisoria (quando ti fa il calcolo della memoria, ti segna gli hd collegati ecc premi continuamente F8 finchè non appare un menu, da lì scegli con le freccie la modalità).

Scriviti da qualche parte le seguenti operazioni perchè non potrai accedere ad internet.

jahmarley · Mortale devoto Registrato: 11/01/07 19:54 Messaggi: 14

ho fatto la scansione con kasperksy. ecco il risultato:

KASPERSKY ONLINE SCANNER REPORT
Saturday, January 13, 2007 4:43:07 PM
Operating System: Microsoft Windows XP Professional, (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 13/01/2007
Kaspersky Anti-Virus database records: 258180
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 91888
Number of viruses found: 16
Number of infected objects: 39 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:21:45

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\End User\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\End User\Dati applicazioni\screensavers.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\Documents and Settings\End User\Desktop\programmi\CodecPackElisoft140.exe/divx511\fsg_4104.exe Infected: not-a-virus:AdWare.Win32.Gator.4104 skipped
C:\Documents and Settings\End User\Desktop\programmi\CodecPackElisoft140.exe Gentee: infected - 1 skipped
C:\Documents and Settings\End User\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\End User\Impostazioni locali\Cronologia\History.IE5\MSHist012007011320070114\index.dat Object is locked skipped
C:\Documents and Settings\End User\Impostazioni locali\Dati applicazioni\Identities\{288CBF66-DCDA-41D0-AB23-9289AA449AEC}\Microsoft\Outlook Express\Posta inviata.dbx/[From "Claudia Antonazzo" <claudia.antonazzo@libero.it>][Date Fri, 20 Feb 2004 19:39:33 +0100]/UNNAMED/caliente.exe Infected: not-virus:BadJoke.Win32.Zappa skipped
C:\Documents and Settings\End User\Impostazioni locali\Dati applicazioni\Identities\{288CBF66-DCDA-41D0-AB23-9289AA449AEC}\Microsoft\Outlook Express\Posta inviata.dbx/[From "Claudia Antonazzo" <claudia.antonazzo@libero.it>][Date Fri, 20 Feb 2004 19:39:33 +0100]/UNNAMED Infected: not-virus:BadJoke.Win32.Zappa skipped
C:\Documents and Settings\End User\Impostazioni locali\Dati applicazioni\Identities\{288CBF66-DCDA-41D0-AB23-9289AA449AEC}\Microsoft\Outlook Express\Posta inviata.dbx/[From "Claudia Antonazzo" <claudia.antonazzo@libero.it>][Date Fri, 20 Feb 2004 19:49:50 +0100]/UNNAMED/Test.exe Infected: not-virus:BadJoke.Win32.Idiot skipped
C:\Documents and Settings\End User\Impostazioni locali\Dati applicazioni\Identities\{288CBF66-DCDA-41D0-AB23-9289AA449AEC}\Microsoft\Outlook Express\Posta inviata.dbx/[From "Claudia Antonazzo" <claudia.antonazzo@libero.it>][Date Fri, 20 Feb 2004 19:49:50 +0100]/UNNAMED Infected: not-virus:BadJoke.Win32.Idiot skipped
C:\Documents and Settings\End User\Impostazioni locali\Dati applicazioni\Identities\{288CBF66-DCDA-41D0-AB23-9289AA449AEC}\Microsoft\Outlook Express\Posta inviata.dbx Mail MS Outlook 5: infected - 4 skipped
C:\Documents and Settings\End User\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\End User\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\End User\Impostazioni locali\Temp\app175.tmp/data0002/data0002 Infected: Trojan-Downloader.Win32.Keenval skipped
C:\Documents and Settings\End User\Impostazioni locali\Temp\app175.tmp/data0002/data0004 Infected: Trojan-Downloader.Win32.Keenval skipped
C:\Documents and Settings\End User\Impostazioni locali\Temp\app175.tmp/data0002/data0005 Infected: Trojan-Downloader.Win32.Keenval skipped
C:\Documents and Settings\End User\Impostazioni locali\Temp\app175.tmp/data0002 Infected: Trojan-Downloader.Win32.Keenval skipped
C:\Documents and Settings\End User\Impostazioni locali\Temp\app175.tmp/data0008 Infected: Trojan-Downloader.Win32.Keenval.b skipped
C:\Documents and Settings\End User\Impostazioni locali\Temp\app175.tmp/data0009 Infected: Trojan-Downloader.Win32.Keenval.e skipped
C:\Documents and Settings\End User\Impostazioni locali\Temp\app175.tmp NSIS: infected - 6 skipped
C:\Documents and Settings\End User\Impostazioni locali\Temp\UpdatedUpdaterInstall.exe/data0002 Infected: Trojan-Downloader.Win32.Keenval skipped
C:\Documents and Settings\End User\Impostazioni locali\Temp\UpdatedUpdaterInstall.exe/data0003 Infected: Trojan-Downloader.Win32.Keenval.d skipped
C:\Documents and Settings\End User\Impostazioni locali\Temp\UpdatedUpdaterInstall.exe/data0004 Infected: Trojan-Downloader.Win32.Keenval skipped
C:\Documents and Settings\End User\Impostazioni locali\Temp\UpdatedUpdaterInstall.exe NSIS: infected - 3 skipped
C:\Documents and Settings\End User\Impostazioni locali\Temp\__unin__.exe Infected: not-a-virus:AdWare.Win32.Altnet.b skipped
C:\Documents and Settings\End User\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\End User\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\End User\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Programmi\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Programmi\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Programmi\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Programmi\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Programmi\MediaLoads\notify\notify.exe Infected: not-a-virus:AdWare.Win32.DownloadWare skipped
C:\Programmi\MediaLoads\v1\ML.exe Infected: not-a-virus:AdWare.Win32.DownloadWare skipped
C:\Programmi\MyWay\myBar\1.bin\MY2NS.EXE Infected: not-a-virus:AdWare.Win32.MyWay.b skipped
C:\RECYCLER\S-1-5-21-448539723-1682526488-854245398-500\Dc1.exe Infected: Packed.Win32.PolyCrypt.a skipped
C:\RECYCLER\S-1-5-21-448539723-1682526488-854245398-500\Dc2.exe Infected: Packed.Win32.PolyCrypt.a skipped
C:\RECYCLER\S-1-5-21-448539723-1682526488-854245398-500\Dc3.exe Infected: not-a-virus:AdWare.Win32.IEDriver.a skipped
C:\RECYCLER\S-1-5-21-448539723-1682526488-854245398-500\Dc4.exe Infected: not-a-virus:AdWare.Win32.UrlSpy.a skipped
C:\System Volume Information\_restore{47082687-2BB3-4B35-9D02-5CEF886247C7}\RP222\A0439118.exe Infected: Packed.Win32.PolyCrypt.a skipped
C:\System Volume Information\_restore{47082687-2BB3-4B35-9D02-5CEF886247C7}\RP222\A0439125.dll Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\System Volume Information\_restore{47082687-2BB3-4B35-9D02-5CEF886247C7}\RP223\A0439136.dll Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\System Volume Information\_restore{47082687-2BB3-4B35-9D02-5CEF886247C7}\RP223\A0439141.exe Infected: Packed.Win32.PolyCrypt.a skipped
C:\System Volume Information\_restore{47082687-2BB3-4B35-9D02-5CEF886247C7}\RP223\change.log Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\iexplore32.dll Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\WINDOWS\ModemLog_SoftK56 Data Fax Voice Speakerphone CARP.txt Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{F9964314-635F-4DD8-8A6E-3799135A5159}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\a3d55138.exe Infected: not-a-virus:AdWare.Win32.UrlSpy.a skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\Temp\Altnet\dmfiles.cab/AltnetUninstall.exe Infected: not-a-virus:AdWare.Win32.Altnet.b skipped
C:\WINDOWS\Temp\Altnet\dmfiles.cab CAB: infected - 1 skipped
C:\WINDOWS\Temp\Altnet\mysearch.cab/mySetp.exe Infected: not-a-virus:AdWare.Win32.MyWay.j skipped
C:\WINDOWS\Temp\Altnet\mysearch.cab CAB: infected - 1 skipped
C:\WINDOWS\Temp\Altnet\Setup.exe Infected: not-a-virus:AdWare.Win32.Altnet.b skipped
C:\WINDOWS\Temp\Perflib_Perfdata_5c8.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\trzF.tmp Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

intanto ora faccio tutto il resto che mi hai detto di fare prima.
grazie ancora

Smjert

Ma poi hai svuotato il cestino?

Hai alcuni virus nel punto di ripristino, segui queste operazioni:

jahmarley · Mortale devoto Registrato: 11/01/07 19:54 Messaggi: 14

allora io ho fatto tutto, ho cancellato anche PeDev.dll.
ora che devo fare?!? ho fatto tutto?
devo fare qualche altra scansione per verificare...

Boston

Ho avuto un problema simile.... avevo postato in connettività in quanto credevo fosse un problema di connessione.

Credevo onestamente un po piu "forte" avast! , ma è gia la seconda volta che mi fa passare email con virus!! Evil or Very Mad

Ora l'ho disinstallato e messo kaspersky ke mi ha risolto i problemi Wink

Cmq, posso dirti che... con Smjert sei in buone mani! Very Happy

Anke a me ha gia salvato da bei casini.... Wink

Ciao a tutti...

Smjert