problema con virus

[Pesciolone]

Ciao a tuttiii, sono nuovo del forum , chi mi puo aiutare ho problemi con dei virus , vi posto il log:



Logfile of HijackThis v1.99.1
Scan saved at 0.33.06, on 29/04/02
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 SP1 (5.50.4522.1800)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\PDESK\PDESK.EXE
C:\PROGRAMMI\THOFFICE\THOFFICE.EXE
C:\PROGRAMMI\FILE COMUNI\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\PROGRAMMI\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\M7XC7F1PUFXETHD.EXE
C:\WINDOWS\SYSTEM\CARPSERV.EXE
C:\PROGRAMMI\YAHOO!\MESSENGER\YPAGER.EXE
C:\PROGRAMMI\TELECOM ITALIA MEDIA\FAST 800-840 TIN.IT\DSLMON.EXE
C:\PROGRAMMI\LG PC SUITE\LG PC SYNC\LGSYNCMANAGER.EXE
C:\PROGRAMMI\INCREDIMAIL\BIN\IMAPP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE
C:\WINDOWS\DESKTOP\NUOVA CARTELLA\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://letgohome.com/sp.htm?id=31130
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://letgohome.com/sp.htm?id=31130
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://letgohome.com/sp.htm?id=31130
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://letgohome.com/hp.htm?id=31130
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://letgohome.com/sp.htm?id=31130
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-AC-70EB5BE2F076} - (no file)
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\SYSTEM\IG5FFM~1.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1040,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\PROGRAMMI\NAVEXCEL SEARCH TOOLBAR\NAVEXCELBAR.DLL (file missing)
O3 - Toolbar: IEMenuExtension toolbar - {6b95678d-30a4-4ff8-a72f-4208340c1f7f} - C:\PROGRAMMI\IEMENUEXTENSION\TBEXTN.DLL (file missing)
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\SYSTEM\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [THOffice] C:\Programmi\THOffice\THOffice.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Programmi\File comuni\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programmi\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [dnscleaner] C:\WINDOWS\DNSCLEANER.EXE
O4 - HKLM\..\Run: [Control handler] C:\WINDOWS\SYSTEM\M7XC7F1PUFXETHD.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Startup: DSLMON.lnk = C:\Programmi\Telecom Italia Media\Fast 800-840 Tin.it\dslmon.exe
O4 - Startup: Reboot.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O4 - Startup: LG Sync Manager.lnk = C:\Programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe
O4 - Startup: LG SyncManager.lnk = C:\Programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAMMI\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAMMI\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {CE5CE6C0-5B04-11D6-ADA7-444553540000} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {CE5CE6C0-5B04-11D6-ADA7-444553540000} - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.it
O15 - Trusted Zone: *.greg-search.com
O15 - Trusted Zone: http://www.master69.biz/
O15 - Trusted Zone: http://www.sgrunt.biz/
O15 - Trusted Zone: http://www.yeak.net/
O15 - Trusted Zone: http://www.skymasters.biz/
O15 - Trusted Zone: http://www.archiviosex.net/
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O15 - Trusted IP range: 213.159.117.202 (HKLM)
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/content...er/imloader.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O18 - Filter: text/plain - (no CLSID) - (no file)

perfavore chi mi dice quale devo fixare ?? grazie mille

[Vurdalak]

Ciao a tuttiii, sono nuovo del forum , chi mi puo aiutare ho problemi con dei virus , vi posto il log:

perfavore chi mi dice quale devo fixare ?? grazie mille

io non conosco tutti i processi a memoria e poi alcuni cambiano da pc a pc... secondo me ti conviene cercarli uno x uno su google e vedere cosa scopri...
ma prima fai un controllo con AD-Aware... è molto buono e free... si scarica velocemente e ti toglie molta roba strana anche se non contiene virus... prima questo poi cerca...

PS Benvenuto nel forum...
e non dimenticare l regolamento...

[Pesciolone]

Grazie del cosiglio ma ho gia provato con tutti gli antivirus possibili,ho visto che molte persono sui forum hanno risolto cosi, riportando il log, perfavore aiuto

[Vurdalak]

Grazie del cosiglio ma ho gia provato con tutti gli antivirus possibili,ho visto che molte persono sui forum hanno risolto cosi, riportando il log, perfavore aiuto

prova con quel prog... non è un antivirus vero e proprio... x gli altri comincia a cercarli anche tu... mi sa che hai messo su troppa roba e spaventerai un pò di gente... non voglio essere s***** ma mi sa che devi cercarli x conto tuo... io fra un pò esco e non riesco a cecarteli... mi disp...

[RedMoon]

lavasoft per scaricare ad-aware

[Pesciolone]

Ho capito ,iniziero a cercare ,graze mille, se qualcuno ad okki gia mi sa dire quali posso fixare perfavore me lo faccia sapere

[Sah]

mi sembrano più spyware che virus, usa adware e spybot e vedrai che risolvi

[L'Esorcista]

Quale antivirus ha generato questo log?????? Usi ancora Internet Explorer 5.5??????? Brrrrrrrrrr...........Windows98SE è aggiornato???????

[Pesciolone]

allora per dirla tutta il pc non è il mio,e di un mio amico, mi ha chiesto il favore di aggiustarlo alla meglio, ma forse ho sbagliato ho fatto la scansione non in modalita provvisoria per questo motivo sono venuti fuori tanti processi , giusto?se mai adesso la faccio in modalita prov e vi posto di nuovo il log, adware l'ho gia provato ma niente

[Pesciolone]

Logfile of HijackThis v1.99.1
Scan saved at 0.00.58, on 29/04/02
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 SP1 (5.50.4522.1800)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\DESKTOP\NUOVA CARTELLA\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://letgohome.com/sp.htm?id=31130
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://letgohome.com/sp.htm?id=31130
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://letgohome.com/sp.htm?id=31130
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://letgohome.com/hp.htm?id=31130
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://letgohome.com/sp.htm?id=31130
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-AC-70EB5BE2F076} - (no file)
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\SYSTEM\IG5FFM~1.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1040,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\PROGRAMMI\NAVEXCEL SEARCH TOOLBAR\NAVEXCELBAR.DLL (file missing)
O3 - Toolbar: IEMenuExtension toolbar - {6b95678d-30a4-4ff8-a72f-4208340c1f7f} - C:\PROGRAMMI\IEMENUEXTENSION\TBEXTN.DLL (file missing)
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\SYSTEM\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [THOffice] C:\Programmi\THOffice\THOffice.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Programmi\File comuni\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programmi\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [dnscleaner] C:\WINDOWS\DNSCLEANER.EXE
O4 - HKLM\..\Run: [Control handler] C:\WINDOWS\SYSTEM\M7XC7F1PUFXETHD.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Startup: DSLMON.lnk = C:\Programmi\Telecom Italia Media\Fast 800-840 Tin.it\dslmon.exe
O4 - Startup: Reboot.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O4 - Startup: LG Sync Manager.lnk = C:\Programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe
O4 - Startup: LG SyncManager.lnk = C:\Programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAMMI\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAMMI\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {CE5CE6C0-5B04-11D6-ADA7-444553540000} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {CE5CE6C0-5B04-11D6-ADA7-444553540000} - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.it
O15 - Trusted Zone: *.greg-search.com
O15 - Trusted Zone: www.master69.biz
O15 - Trusted Zone: www.sgrunt.biz
O15 - Trusted Zone: www.yeak.net
O15 - Trusted Zone: www.skymasters.biz
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O15 - Trusted IP range: 213.159.117.202 (HKLM)
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents...r/imloader.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O18 - Filter: text/plain - (no CLSID) - (no file)

ECCO QUESTO MI VIENE IN MODALITA PROVVISORIA CHI MI AIUTAAAAA

[L'Esorcista]

Che programma usi?????

[Pesciolone]

hijackthis per il log, adware, symetec antivirus 2004,ho eliminato il grosso ma rimangono alcuni norton mi dice che c'è un virus bloodhound.w32 che ha infettato alcuni file , cio significa che norton non sa nemmeno come si chiama sto virus o trojan o spyware

[L'Esorcista]

hijackthis per il log, adware, symetec antivirus 2004,ho eliminato il grosso ma rimangono alcuni norton mi dice che c'è un virus bloodhound.w32 che ha infettato alcuni file , cio significa che norton non sa nemmeno come si chiama sto virus o trojan o spyware

Prova a usare un motore di scansione online come quello offerto da panda www.pandasoftware.it o www.symantec.it

[Pesciolone]

ho provato di tutto , anche il panda via internet se no mica postavo il log, non voglio disturbare, cmq grazie per l'aiuto. il panda me gli elimina poi vado ad riavviare e faccio la scansione e mi da sempre i virus

[Sep]

usa come antivirus AVG www.grisoft.com scarica la versione free. e aggiornala ciao spero di esserti stato utile.