diegodica

Ecco il log di virit: --------------------------------------------- 14/10/2007 - 10:52:38 [sCANSIONE DEL REGISTRO] OK [C:] MASTER BOOT RECORD: OK BOOT SECTOR: OK C:\WINDOWS\Downloaded Program Files\CONFLICT.1\di2.exe Possibile variante da Trojan.Win32.Dialer.BG C:\WINDOWS\Downloaded Program Files\di2.exe Possibile variante da Trojan.Win32.Dialer.BG Chiavi Registro infette: 0. Files Infetti: 2. Files Sospetti: 0. Files Analizzati: 76024. Files Totali: 76024. Chiavi Registro rimosse: 0. Virus Rimossi: 0. ------------------------------------------- Questi 2 file non riesco a trovarli e quindi a eliminarli, come posso fare? Ed ecco il log di hijack: hijackthis.log ci sono però delle cose che non capisco sul log di hijack: 1---------------------------- O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) 1---------------------------- 2---------------------------- O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1138976322906 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab 2----------------------------

A questo punto (se avete copiato il file del linguaggio italiano nella cartella "Language" del programma) cliccate su "OPTIONS" nel menu in alto ed impostate la lingua italiana: Ciao ho da segnalare una cosa alquanto strana che mi succede: ho scaricato il programma, l' ho installato, l' ho avviato ho fatto il backup del registro ma al momento di scegliere la lingua mi dà un errore: ho provato anche ad aprire il file ini della lingua ma mi dà accesso negato, è capitato anche voi? e cosa posso fare per rimediare? ciao e grazie

Buongiorno a tutti, ho un problema con un dialer, appena acceso il pc mi parte la scansione automatica di virit e mi dice di rimuovere il file msboot.exe. Non sapendo cosa fosse ho fatto fare la scansione dell' antivirus e il log di hijackthis che seguono: -------------------------------------------------------- 14/10/2007 - 07:41:20 [sCANSIONE DEL REGISTRO] {FFFF0003-0001-101A-A3C9-08002B2F49FB} Infetto da Trojan.Win32.Dialer.AL {FFFF0003-0001-101A-A3C9-08002B2F49FB} Infetto da Trojan.Win32.Dialer.AO {FFFF0003-0001-101A-A3C9-08002B2F49FB} Infetto da Trojan.Win32.Dialer.AP {FFFF0003-0001-101A-A3C9-08002B2F49FB} Infetto da Trojan.Win32.Small.DP {FFFF0003-0001-101A-A3C9-08002B2F49FB} Infetto da Trojan.Win32.Dialer.CI {FFFF0003-0001-101a-a3c9-08002b2f49fb} Infetto da Trojan.Win32.Dialer.CM {FFFF0003-0001-101A-A3C9-08002B2F49FB} Infetto da Trojan.Win32.Small.LD [C:] MASTER BOOT RECORD: OK BOOT SECTOR: OK C:\Documents and Settings\Diego\Dati applicazioni\semanatiba\syslcznp.exe Infetto da Trojan.Win32.Dialer.IU C:\WINDOWS\Downloaded Program Files\CONFLICT.1\di2.exe Possibile variante da Trojan.Win32.Dialer.BG C:\WINDOWS\Downloaded Program Files\di2.exe Possibile variante da Trojan.Win32.Dialer.BG C:\WINDOWS\system32\msboot.exe Infetto da Trojan.Win32.Agent.AYP Chiavi Registro infette: 7. Files Infetti: 4. Files Sospetti: 0. Files Analizzati: 80965. Files Totali: 80965. Chiavi Registro rimosse: 0. Virus Rimossi: 0. --------------------------------------------------------------------------------------------------------------------------------------------- (log di hijackthis) Logfile of HijackThis v1.99.1 Scan saved at 7.56.52, on 14/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe c:\programmi\dvrmstoolbox\dvrmsfilewatcherservice.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Programmi\CA\eTrust Antivirus\InoRpc.exe C:\Programmi\CA\eTrust Antivirus\InoRT.exe C:\Programmi\Kontiki\KService.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\SPYWARE\VEXPLITE\viritsvc.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Programmi\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\WIRELE~1\Mouse\Amoumain.exe C:\SPYWARE\VEXPLITE\MONLITE.EXE C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe C:\PROGRA~1\CA\ETRUST~1\realmon.exe C:\PROGRA~1\WIRELE~1\Keyboard\Ikeymain.exe C:\Programmi\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Programmi\HP\HP Software Update\HPWuSchd2.exe C:\Programmi\DU Meter\DUMeter.exe C:\Programmi\D-Tools\daemon.exe C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Programmi\Unlocker\UnlockerAssistant.exe C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Documents and Settings\Diego\Dati applicazioni\semanatiba\syslcznp.exe C:\Programmi\TGTSoft\StyleXP\StyleXP.exe C:\Programmi\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Windows Media Player\WMPNSCFG.exe C:\Programmi\eMule\emule.exe C:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe C:\Programmi\HP\Digital Imaging\bin\hpqnrs08.exe C:\SPYWARE\VEXPLITE\VIRITEXP.EXE C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\HPZinw12.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\NTRights\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O1 - Hosts: HP54E35B HP00187154E35B O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\WIRELE~1\Mouse\Amoumain.exe O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\SPYWARE\VEXPLITE\MONLITE.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\WIRELE~1\Keyboard\Ikeymain.exe O4 - HKLM\..\Run: [iAAnotif] C:\Programmi\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DU Meter] C:\Programmi\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [AntivirusRegistration] C:\Programmi\CA\Etrust Antivirus\Register.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe] "C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe" O4 - HKLM\..\Run: [unlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [startCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [auoie] C:\Documents and Settings\Diego\Dati applicazioni\semanatiba\syslcznp.exe O4 - HKCU\..\Run: [sTYLEXP] C:\Programmi\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [RealPopup] "C:\Programmi\RealPopup\RealPopup.exe" BOOT O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msboot.exe] C:\WINDOWS\system32\msboot.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: Avvio di Emule.lnk = C:\Programmi\eMule\emule.exe O4 - Global Startup: Avvio rapido HP Photosmart Premier.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: DSLMON.lnk = C:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: LG SyncManager.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O15 - Trusted Zone: www.698698698.info O15 - Trusted Zone: www.nodialup.name O15 - Trusted Zone: www.sgnappo.com O15 - Trusted Zone: www.whatsnew.name O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.coolstreaming.us/webtv/tvkoo/KooPlayer.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1138976322906 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1138976310187 O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} (MediaControl Class) - http://vep.intel.com/Entriq_3_6_0_15_Silent.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://www.nodialup.name/ciuccia.exe O20 - Winlogon Notify: WB - C:\Programmi\AlienGUIse\fastload.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: DVRMSFileWatcherService - - c:\programmi\dvrmstoolbox\dvrmsfilewatcherservice.exe O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Programmi\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Programmi\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programmi\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programmi\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programmi\CA\eTrust Antivirus\InoTask.exe O23 - Service: KService - Unknown owner - C:\Programmi\Kontiki\KService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: StyleXPService - Unknown owner - C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\SPYWARE\VEXPLITE\viritsvc.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe Mi servirebbe che qualcuno mi aiuti a identificare le righe che posso eliminare e la procedura da intraprendere. PS. Alcune righe le ho individuate ma non sono sicuro se posso eliminarle aspetto un vostro consiglio sul da farsi grazie e ciao.

Ciao, io ho risolto tutto. Grazie del vostro aiuto, ciao.

Ciao, anche io sono affetto da questo problema, ho risolto in parte il problema con vari software antispayware ma mi sipresenta un file sospetto "LPT7.EWY" che non trovo sul pc, cosa devo fare?? Poi per quanto riguarda il post di Luke57, anche io ho notato in creazione oggetti tocken lo stesso discorso, posso eliminarlo?? Ultimo problema, non riesco ad aprire le pagine che voi linkate nelle risposte è un problema imputabile a linkoptimizer??