Discussione: virus o semplice problema di linea?

The Locust

#16 07-12-07 23:53

---

Ho avuto (sperando che non ricompaia) lo stesso problema e non era un virus o dialer (ho fatto scansioni con Avast,Spybot,NOD32,Hijackthis,ad-aware,ma nada).

The Duccio

#17 07-12-07 23:59

---

The Locust

Ho avuto (sperando che non ricompaia) lo stesso problema e non era un virus o dialer (ho fatto scansioni con Avast,Spybot,NOD32,Hijackthis,ad-aware,ma nada).

ma a quanto pare il nostro amico ha un pò di robetta dentro al pc, che potrebbe essere la causa della disconnessione

FulValBot

#18 08-12-07 01:17

---

controlla il file hosts che sta su c:\windows\system32\drivers\etc aprendolo con wordpad. dentro cancella i siti che hanno accanto 127.0.0.1 (attenzione: NON gli esempi!!!) quindi riprova anche con avg.

kreza93

#19 08-12-07 22:28

---

avg mi ha trovato dei tracking cookie...
ora provo a fare ciò ke ha detto fulvalbot

kreza93

#20 09-12-07 14:23

---

qualke aiuto?

The Duccio

#21 09-12-07 19:40

---

kreza93

qualke aiuto?

che ti è rimasto nel pc?

Valek

#22 09-12-07 23:05

---

kreza93

salve ragazzi,da un pò di tempo ho un problema molto fastidioso..
l'adsl mi si diskonnette ogni 20 minuti cirka.
Premettendo che ho una abbonamento adsl con alice (da 4mb/s) ho provato in vari modi a sistemarlo,ho kiamato al 187 ma m'hanno detto ke probabilmente è un virus,ho fatto un sakko di skansioni(sia con avasta sia kon nod32) ma nn ho trovato niente.
Per ristabilire la konnessione devo spegnere il PC(certe volte anke più di una volta)..kosa potrebbe essere?

please..sto impazzendo

ho lo stesso problema anche io e non l'ho risolto se non impostando la riconnessione dopo 1 secondo...sono giunto cmq a dire che è il modem il problema...dato che ho anche formatatto...e lo fa lo stesso...ho anche provato prima via USB poi ETHERNET...IDEM...non capisco...dovrei provare un'altro modem...

The Wizard

#23 09-12-07 23:23

---

saranno sbalzi di tensione e quando capita l alimentatore che molto robabilmente sara a malapena capace di alimentare il modem lo fa disconnettere
a me capitava con un modem-router di merda prima che comprassi un buon modem

kreza93

#24 10-12-07 10:38

---

mi sn rimasti quel trojian e quei file trovati da prevx csi...non riesco a kancellarli poikè mi da accesso negato..ho provato a kambiare i permessi ma non me lo fa fare lo stesso!

The Duccio

#25 10-12-07 14:35

---

kreza93

mi sn rimasti quel trojian e quei file trovati da prevx csi...non riesco a kancellarli poikè mi da accesso negato..ho provato a kambiare i permessi ma non me lo fa fare lo stesso!

allora fammi un log cn hijackthis

kreza93

#26 10-12-07 15:46

---

mmm ora lo faccio...lo posto sul 3d ufficiale?

cmq eccolo qui..

Spoiler:

Logfile of HijackThis v1.99.1
Scan saved at 14.47.09, on 10/12/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Windows\System32\rundll32.exe
D:\Programmi\avast\ashDisp.exe
C:\Windows\svchost32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\ryjbryhqibh.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToo lbarNotifier.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\SCMain.exe
C:\Windows\WCMain.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Users\Edoardo\Desktop\cpu-z-142\cpuz.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Edoardo\Desktop\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/yco...//it.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.serial99.com/?a
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.serial99.com/?a
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/yco...//it.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Serial99.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {024738-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Programmi\Free Download Manager\iefdmcks.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-6D-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [System Files Updater] C:\Windows\FlyakiteOSX\System Files Updater.exe /S
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\avast\ashDisp.exe
O4 - HKLM\..\Run: [svchost32] "c:\windows\svchost32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ryjbryhqibh] C:\Windows\System32\ryjbryhqibh.exe
O4 - HKLM\..\Run: [ytagpegxf] C:\Windows\System32\ytagpegxf.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PrevxCSI] "C:\Program Files\PrevxCSI\prevxcsi.exe" -boot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Free Download Manager] D:\Programmi\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToo lbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent] "D:\Programmi\bittorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O4 - Global Startup: Stardust Screen Saver Control 2003.lnk = C:\Windows\SCMain.exe
O4 - Global Startup: Stardust Wallpaper Control 2003.lnk = C:\Windows\WCMain.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download all with Free Download Manager - file://D:\Programmi\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://D:\Programmi\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://D:\Programmi\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - WWW Prefix: http://www.serial99.com/?
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{0AEA5772-5EA2-4478-BBB5-6D7B24C88C23}: NameServer = 85.37.17.50 85.38.28.76
O17 - HKLM\System\CS1\Services\Tcpip\..\{0AEA5772-5EA2-4478-BBB5-6D7B24C88C23}: NameServer = 85.37.17.50 85.38.28.76
O17 - HKLM\System\CS2\Services\Tcpip\..\{0AEA5772-5EA2-4478-BBB5-6D7B24C88C23}: NameServer = 85.37.17.50 85.38.28.76
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - igfxdev.dll (file missing)
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Unknown owner - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Programmi\avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Programmi\avast\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Programmi\avast\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Programmi\avast\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Convalida password di Symantec IS (ISPwdSvc) - Unknown owner - c:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Print Spooler Service (orw0j4kaeih8qe) - Unknown owner - C:\Windows\System32\ryjbryhqibh.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Programmi\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)