Rimuovere Spyware XXX Adultkey e e1xplorer

Ultimamente mi è capitato un pò troppo spesso di imbattermi in PC infetti con questo fastidiosissimo spyware. Ho deciso quindi di fare una cosa “buona e giusta” e pubblicare le istruzioni per debellare definitivamente questo problema.

  1. Iniziamo scaricando il software Process Explorer.
  2. Una volta decompresso ed installato, avviatelo.
  3. Nella parte alta del programma, clicchiamo due volte su winlogon.exe e visualizziamo la finestra delle proprietà.
  4. Clicchiamo sul tab THREADS in alto in questa finestra.
  5. Qui individuiamo tutte le voci con scritto winbfi32.dll e clicchiamo sul pulsante kill.
  6. Una volta cancellate tutte le voci suddette clicchiamo su ok.
  7. Ora clicchiamo due volte su explorer.exe e anche in questo caso selezioniamo e killiamo tutte le voci con winbfi32.dll.
  8. Ora scarichiamo il software Ccleaner.
  9. Prima di eseguirlo, andiamo in Opzioni -> Avanzate e togliamo la spunta da :(elimina file solo se più vecchi di 48 ore).
  10. Al termine della pulizia con Ccleaner riavviamo il tutto.

 A questo punto il problema dovrebbe essere risolto. E’ consigliabile eventualmente anche una “passata” con hijackthis, fixando le seguenti voci:

O16 – DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) – file://F:\components\wmvhdrating.ocx
O16 – DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) – file://F:\components\A9.ocx

19 Risposte

  1. Clicchiamo sul tab THREADS in alto in questa finestra.
    Qui individuiamo tutte le voci con scritto winbfi32.dll e clicchiamo sul pulsante kill.

    io le voci con scritto winbfi32.dll non le trovo…

  2. Ciao Luca…

    Probabilmente allora hai qualche variante di questo fastidiosissimo spyware. Queste voci non riesci a trovarle nè cliccando su winlogon.exe nè su explorer.exe??

    Fammi sapere. Ciao.

  3. Anche io mi chiamo Luca e anche io mi sono “beccato” XXX Adultkey… seguo la tua procedura e non trovo winbfi32.dll da nessuna parte…. uso anche Spybot e mi trova “Citoferara”… elimino il tutto, lancio anche Ad-aware …. riavvio il pc e magari per un paio d’ore non ho problemi ma poi il dialer torna…. e sono di nuovo al punto di prima!!!
    AIUTOOOOO!!!
    ciao e grazie
    Luca

  4. Mi informerò ed eventualmente farò un post integrativo… questa evidentemente è solo una variante di questo spyware.

    A presto. Ciao.

  5. allora, usando process explorer, vedo che quando mi si apre la finestra del dialer, partono vari files .exe. sono tutti dei processi che stanno sotto svchost.exe. se faccio kill solo sul file, la finestra si chiude, ma dopo un po’ di minuti ricompare. se invece faccio kill su svchost.exe, il problema non si ripresenta finchè non spengo e riaccendo il computer…
    non so se mi sono spiegato…

  6. A te interessa semplicemente che siano perfettamente chiusi e che non siano presenti nelle code di svchost.exe ed explorer.exe.

    La funzione di Kill serve proprio a terminare i processi per permetterne la cancellazione…

    Se poi mi dici che, pur effettuano tutta la procedura, al riavvio ti ricompare di nuovo il tutto, allora posterò anche la guida d’suo con HiJackthis.

    Ciao.

  7. non ho capito niente!

  8. sara’ un caso ma … ecco come (pare) abbia risolto la questione… mentre xxx adultkey cercava di aprire la “sua” finestra in Explorer e’ andato in “blocco” il file dcomcfg.exe (con comparsa della relativa finestrella e pulsante “Termina ora”)…. dato che non vi era nessun’altra applicazione in corso di esecuzione e/o apertura ho effettuato una ricerca del file in questione sul mio hard disk e poi lo cancellato…. da quel momento il dialer non si e’ piu’ presentato…. magari ho cancellato un file “essenziale” ma visto che tutto funziona…. che mi dici takashi75? ho combinayo qualche casino???? corro rischi dopo aver cancellato quel file??? Grazie e ciao Luca2

  9. Non mi risulta essere un file di sistema, almeno ad una prima occhiata. Da quale cartella l’hai cancellata? Fammi sapere. Ciao.

  10. non ricordo…ho fatto la ricerca con “Cerca” in Start… comunque ad tutt’oggi non ho piu’ avuto il problema e tutto funziona alla perfezione!!!
    ciao
    Luca2

  11. Anche sul mio pc risulta come citoferara! Lunedì proverò a rimuoverla

  12. installare ed usare Firefox?

  13. Anch’io ho questo problema nonriesco a venirne a capo aiutatemi please!!!! Questo è il mio logfile se vi può essere d’aiuto.

    Logfile of HijackThis v1.99.1
    Scan saved at 17.14.00, on 20/09/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PTC\flexlm\i486_nt\obj\lmgrd.exe
    C:\ptc\intralink\fileserver\i486_nt\obj\nfsserv.exe
    C:\PTC\flexlm\i486_nt\obj\lmgrd.exe
    C:\ptc\intralink\fileserver\i486_nt\obj\nfsserv.exe
    C:\Programmi\File comuni\LightScribe\LSSrvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\PTC\flexlm\i486_nt\obj\ptc_d.exe
    C:\Programmi\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\ptc\intralink\osa\oraprod\bin\agntsrvc.exe
    C:\Programmi\Java\jre1.5.0_08\bin\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Programmi\Winamp\winampa.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Programmi\QuickTime\qttask.exe
    C:\Programmi\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\spoolsvc.exe
    C:\ptc\intralink\osa\oraprod\BIN\TNSLSNR.exe
    C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\WINDOWS\system32\cmd.exe
    C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
    C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Programmi\Messenger\msmsgs.exe
    c:\ptc\intralink\osa\oraprod\bin\ORACLE.EXE
    C:\Programmi\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
    C:\Programmi\MouseWare\system\em_exec.exe
    C:\ptc\intralink\osa\oraprod\bin\dbsnmp.exe
    C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
    C:\Programmi\PDF Complete\pdfsvc.exe
    C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
    C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
    C:\PROGRA~1\Allume\StuffIt\MXTask.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Programmi\iPod\bin\iPodService.exe
    C:\PROGRA~1\Allume\StuffIt\mxtask.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Programmi\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Programmi\Google\Google Desktop Search\GoogleDesktopDisplay.exe
    C:\Programmi\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Programmi\Google\Google Desktop Search\GoogleDesktopOE.exe
    C:\Programmi\File comuni\Autodesk Shared\WSCommCntr1.exe
    C:\Programmi\Everstrike Software\Lock Folder XP 3.3\LF30.exe
    C:\HijackThis_Programma\HijackThis.exe

    R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    R1 – HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.roxio.com/oem/oemprodid/ps7oem:hpc7:15
    R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    R3 – Default URLSearchHook is missing
    O1 – Hosts: 200.73.174.154 STORAGE.HOSTANCE.NET
    O1 – Hosts: 200.73.174.154 STORAGE-TASP.COM
    O2 – BHO: AcroIEHlprObj Class – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 – BHO: Google Toolbar Helper – {AA58ED58-01DD-4d91-8333-CF10577473F7} – c:\programmi\google\googletoolbar1.dll
    O2 – BHO: Class – {D3346961-4480-2274-7A67-DA7BEFEDE9A2} – C:\WINDOWS\kjsho1.dll
    O3 – Toolbar: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 – Toolbar: &Google – {2318C2B1-4965-11d4-9B18-009027A5CD4F} – c:\programmi\google\googletoolbar1.dll
    O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Programmi\Java\jre1.5.0_08\bin\jusched.exe”
    O4 – HKLM\..\Run: [WindowsServicesStartup] C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\svchost.exe 1
    O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 – HKLM\..\Run: [DrefIW] C:\WINDOWS\system32\SysDrefIWv2.exe
    O4 – HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
    O4 – HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 – HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
    O4 – HKLM\..\Run: [QuickTime Task] “C:\Programmi\QuickTime\qttask.exe” -atboottime
    O4 – HKLM\..\Run: [iTunesHelper] “C:\Programmi\iTunes\iTunesHelper.exe”
    O4 – HKLM\..\Run: [cpfo1.exe] C:\WINDOWS\TEMP\cpfo1.exe
    O4 – HKLM\..\Run: [Systems] C:\WINDOWS\system32\spoolsvc.exe
    O4 – HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 – HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe”
    O4 – HKCU\..\Run: [Google Desktop Search] “C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe” /startup
    O4 – HKCU\..\Run: [MSMSGS] “C:\Programmi\Messenger\msmsgs.exe” /background
    O4 – HKCU\..\Run: [DrefIW] C:\WINDOWS\system32\SysDrefIWv2.exe
    O4 – HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
    O4 – Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
    O4 – Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe
    O4 – Startup: Y’z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
    O4 – Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 – Global Startup: Gestione servizi.lnk = C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 – Global Startup: Tasto di scelta rapida per l’avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe
    O8 – Extra context menu item: E&sporta in Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 – Extra button: (no name) – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Programmi\Java\jre1.5.0_08\bin\ssv.dll
    O9 – Extra ‘Tools’ menuitem: Sun Java Console – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Programmi\Java\jre1.5.0_08\bin\ssv.dll
    O9 – Extra button: Ricerche – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Programmi\Messenger\msmsgs.exe
    O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Programmi\Messenger\msmsgs.exe
    O10 – Hijacked Internet access by New.Net
    O15 – Trusted Zone: http://www.1987324.com
    O15 – Trusted Zone: *.aflashcounter.com
    O16 – DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} (ProductView Express) – file://C:\PTC\proeWildfire2_0\i486_nt\obj\pvx_install.exe
    O20 – AppInit_DLLs: \\?\C:\WINDOWS\com5.yvk
    O20 – Winlogon Notify: WgaLogon – C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 – Service: Adobe LM Service – Adobe Systems – C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 – Service: Autodesk Licensing Service – Autodesk – C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
    O23 – Service: Backbone Service (BBDemon) – Unknown owner – G:\Programmi\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe” -service (file missing)
    O23 – Service: FLEXlm server for PTC – Macrovision Corporation – C:\PTC\flexlm\i486_nt\obj\lmgrd.exe
    O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 – Service: Intralink Fileserver – PTC – C:\ptc\intralink\fileserver\i486_nt\obj\nfsserv.exe
    O23 – Service: iPod Service – Apple Computer, Inc. – C:\Programmi\iPod\bin\iPodService.exe
    O23 – Service: LightScribeService Direct Disc Labeling Service (LightScribeService) – Unknown owner – C:\Programmi\File comuni\LightScribe\LSSrvc.exe
    O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
    O23 – Service: OracleOSIA_ORAAgent – Oracle Corporation – C:\ptc\intralink\osa\oraprod\bin\agntsrvc.exe
    O23 – Service: OracleOSIA_ORAClientCache – Unknown owner – C:\ptc\intralink\osa\oraprod\BIN\ONRSD.EXE
    O23 – Service: OracleOSIA_ORATNSListener – Unknown owner – C:\ptc\intralink\osa\oraprod\BIN\TNSLSNR.exe
    O23 – Service: OracleServiceILNK – Oracle Corporation – c:\ptc\intralink\osa\oraprod\bin\ORACLE.EXE
    O23 – Service: PDF Document Manager (pdfcDispatcher) – PDF Complete Inc – C:\Programmi\PDF Complete\pdfsvc.exe
    O23 – Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) – Analog Devices, Inc. – C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
    O23 – Service: StuffIt Task Manager – Allume Systems, Inc. – C:\PROGRA~1\Allume\StuffIt\MXTask.exe
    O23 – Service: Windows Log – Unknown owner – C:\WINDOWS\system32\nvsvcd.exe

  14. Ho un problema che non riesco a risolvere. Premetto che ho Win Xp Home Ed., Norton Antivirus, antispyware, malware removal tools, tutto freeware o con licenze. Malgrado cio’, al lancio di InternetExlorer “qualcosa” tenta di far collegare la macchina al sito (evidentemente porno) http://www.archiviosex.net. Norton (ma anche NODS32) rilevano il malware ma non riescono a disinfettare. Ho cercato con ProcessExplorer dei processi sospetti, inutilmente.

    Vi allego il log di Hijackthis speramdo in un aiuto

    logfile of HijackThis vl.99.1 hijackthis.log
    scan saved at 9.39.22, on 21/09/2006
    Platform: windows XP SP2 (winNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5700.0006)

    Running processes:
    c:\WINDOWS\SyStem32\smss.exe
    c:\WINDOWS\SYSTEM32\winlogon.exe
    c:\WINDOWS\SyStem32\services.exe
    c:\WINDOWS\SyStem32\lsass.exe
    c:\WINDOWS\SyStem32\Ati2evxx.exe
    c:\WINDOWS\SyStem32\svchost.exe
    c:\WINDOWS\SyStem32\svchost.exe
    c:\Programmi\File comuni\symantec shared\ccsetmgr.exe
    c:\Programmi\File comuni\symantec shared\SNDsrvc.exe
    c:\Programmi\File comuni\symantec shared\sPBBC\SPBBCSvc.exe
    c:\Programmi\File comuni\symantec shared\cCEvtmgr.exe
    c:\WINDOWS\System32\spoolsv.exe
    c:\Programmi\Norton Antivirus\navapsvc.exe
    c:\Programmi\Norton AntivirUS\IWP\NPFMntor.exe
    c:\WINDOWS\,System32\svchost.exe
    c:\Programmi\File comuni\symantec shared\ccPD-LC\SyMlcsvc.exe
    c:\WINDOWS\SyStem32\CAP3RSK.EXE
    c:\WINDOWS\SYSTEm32\sPOOL\DRIVERS\W32x86\3\CAP3SWK.EXE
    c:\WINDOWS\SYSTEM32\Ati2evxx.exe
    c:\WINDOWS\EXplorer.EXE
    c:\Programmi\ATI TechnologieS\ATI control Panel\atiptaxx.exe
    c:\WINDOWS\SyStem32\rundll32.exe
    c:\SW\Ad-Aware SE Professional\Ad-watch.exe
    c:\Programmi\File comuni\symantec shared\CCApp.exe
    c:\Programmi\3ava\j2rel.4.2-08\bin\jusched.exe
    c:\Programmi\microsoft AntiSpyware\gcaSDtserv.exe
    c:\Programmi\messenger\msmsgs.exe
    c:\Programmi\skype\phone\si(ype.exe
    c:\WINDOWS\System32\ctfmon.exe
    c:\Programmi\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
    c:\Programmi\openoffice.org 2.O\program\soffice.exe
    c:\Programmi\openoffice.org 2.O\program\soffice.BIN
    c:\Programmi\Internet EXplorer\IEXPLORE.EXE
    c:\Programmi\HijackthiS\HijackThis.exe

    Rl – HKCU\Software\microsoft\Internet EXplorer,searchURL = http://searchmiracle'com/sp.php
    RO – HKCU\Software\microsoft\Internet EXplorer\main,start Page = http://www.aruba.it/
    Rl – HKLM\Software\microsoft\Internet EXplorer\main,Default-Page-URL = http://go.microsoft.com/fwlink/?Linkid=54729
    Rl – HKLM\Software\microsoft\Internet EXplorer\Main,search Page = http://go.microsoft.com/fwlink/?Linkid=54896
    RO – HKLM\Software\microsoft\internet EXplorer\main,start Page = http://go.microsoft.com/fwlink/?Linkid=55245&clcid={SUB-CLCID}
    RO – HKLM\Software\mic-ro@oft\Internet EXplorer\search,customizesearch
    RO – HKCU\Software\microsoft\Internet EXplorer@Toolbar,LinkSFolderName = collegamenti
    O2 – BHO: Yahoo! Toolbar Helper – {02478D38-c3F9-4EFB-9B51-769SECA05670} c:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll 02 – BHO: Google Toolbar Helper – {AA58ED58-01DD-4d91-8333-CF10577473F7} c:\programmi\google\googletoolbarl.dll
    O2 – BHO: CNaVEXtBho Class – {BDF3E430~BlOl-42AD-A544-FADc6B084872} c:\Programmi\Norton,AntivirUS\NavshEXt.dll
    O3 – Toolbar: Norton Antivirus ~ {42CDD1BF-3FFB-4238-8AD1~7859DFOOB1D6} c:\Programmi\Norton AntivirUS\NavshEXt.dll
    O3 – Toolbar: &Gooqle – {2318c2B1-4965-11d4-9B18-009027A5CD4F} c:\programmi\google\googletoolbarl.dll
    O3 – Toolbar: Yahoo! Toolbar – {EF99BD32-ClFB-11D2-892F-0090271D4F88} c:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 – HKLM\..\Run: [ATIPTAI c:\Programmi\ATI Technologies\ATI control Panel\atiptaxx.exe
    O4 – HKLM\..\Run: [AdslTaskBarl rundll32.exe stmctrl.dll,TaskBar
    O4 – HKLM\..\Run: EAWMONI “c:\SW\Ad-Aware SE Professional\Ad-watch.exe”
    O4 – HKLM\..\Run: [gcasserv] “c:\Programmi\microSoft Antispyware\gcasserv.exe”
    O4 – HKLM\..\Run: ECCAppl “c:\Programmi\File comuni\symantec shared\CCApp.exe”
    O4 – HKLM\..\Run: [Suniavaupdatesched] c:\Programmi\3ava\j2rel.4.2-08\bin\jusched.exe
    O4 – HKLM\..\Run: [symantec NetDriver monitor] c:\PROGRA-l\SYMNET-I\SNDmon.exe /Consumer
    O4 – HKCU\..\Run: EMSMSGS] “c:\Programmi\messenger\msmsgs.exe:: /back round
    O4 – HKCU\..\Run: Eskype] “c:\Programmi\skype\Phone\skype.exe /nospqash/minimized
    O4 – HKCU\..\Run: [ctfmon.exe] c:\WINDOWS\system32\ctfmon.exe
    O4 – HKCU\..\Run: lswg]c:\Programmi\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotìfier.exe
    O4 – startup: openoffice.org 2.O.Ink = c:\Programmi\openoffice.org 2.O\program\quickstart.exe
    O4 – Global startup: HELPEXpress.lnk = c:\Programmi\HELPEXpress\bin\matcli.exe
    O9 – Extra button: (no name) – {08BOEScO-4FCB-11CF-AAAS-00401c608501} c:\WINDOWS\SyStem32\msjava.dll
    O9 – Extra ‘TOOIS’ menuitem: Sun 3ava console {08BOESCO-4FCB-11CF-AAAS-00401C608501} – c:\WINDOWS\System32\msjava.dll
    O9 – Extra button: Messenger – {FBSF1910-F110-11d2-BB9E-00CO4F795683} c:\Programmi\messenger\msmsgs.exe
    O9 – Extra ‘TOOIS’ menuitem: windows Messenger {FBSF1910-F110-11d2-BB9E-00CO4F795683} – c:\Programmi\messenger\msmsgs.exe
    O11 – options group: [INTERNATIONALI International*
    O15 – Trusted zone: *.http://www.master69.biz
    O17 – HKLM\System\CCS\Services\Tcpip\..\{OFEBASE8-1E41-4473-A016-211ABC826C60}: Nameserver = 151.99.125.1,151.99.0.100
    O17 – HKLM\SyStem\CCS\Services\TCpip\..\{AB0878E2-1604-4121-9FD9-2E4F07CCCED6}:Nameserver = 62.211.69.150,212.48.4.15
    O17 ~ HKLM\SyStem\CCS\Services\TCpip\..\{BB049135-3225-483D-984A-64E55854038F}:Nameserver = 193.12.150.2 212.247.152.2
    O17 – HKLM\SyStem\CSl\serviceS\TCpip\..\{OFEBASE8-1E41-4473-A016-211ABC826C60}:Nameserver = 151.99.125.1,151.99.0.100
    O20 – winlogon Notify: wgalo on c:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 – service: Ati HotKey Poqler ATI Technologies Inc. -c:\WINDOWS\System32\Ati2evxx.exe
    023 – Service: ATI Smart – unknown owner – c:\WINDOWS\SyStem32\atì2sgag.exe
    023 – service: symantec Event manager (CCEVtmgr) – symantec corporation c:\Programmi\File comuni\symantec shared\CCEVtmgr.exe
    023 – service: Symantec Password validation (ccpwdsvc) – symantec corporation c:\Programmi\File comuni\symantec shared\ccpwdsvc.exe
    023 – service: symantec settings manager (ccsetmgr) – symantec corporation c:\Programmi\File comuni\symantec shared\ccsetmgr.exe
    023 – service: servizio AUto-Protect di Norton AntiVirus (navapsvc) – symantec corporation – c:\Programmi\Norton Antívirus\navapsvc.exe
    023 – service: Norton AntivirUS Firewall monitor service (NPFMntor) – Symantec corporation – c:\Programmi\Norton AntiVirUS\IWP\NPFMntor.exe
    023 – service: SAVScan – symantec Corporation – c:\Programmi\Norton AntiVirus\SAVScan.exe
    023 – service: scriptblocking service (SBservice) – symantec corporation c:\PROGRA-l\FILECO-l\SYMANT-l\SCRIPT-l\SBServ.exe
    023 – service: Symantec Network Drivers service (SNDsrvc) – symantec corporation – c:\Programmi\File comuni\symantec shared\SNDsrvc.exe
    023 – service: Symantec SPBBCSVC (SPBBCSVC) – Symantec corporation c:\Programmi\File comuni\symantec shared\SPBBC\SPBBCSvc.exe
    023 – service: Symantec Core LC – Symantec corporation – c:\Programmi\File comuni\Symantec Shared\ccPD-LC\SyMlcsvc.exe

  15. firefox nn serve perke almeno da me mi disconnete quando tenta la connessione… io uso antidialer della digisoft

  16. Qualcuno mi aiuti sono disperato ho proovato tutto:
    Logfile of HijackThis v1.99.1
    Scan saved at 21.08.44, on 04/10/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
    C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
    C:\Programmi\Norton Internet Security\ISSVC.exe
    C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
    C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
    C:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    C:\Programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
    C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
    C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programmi\sony\vaio update 2\VAIOUpdt.exe
    C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
    C:\Programmi\File comuni\Symantec Shared\ccApp.exe
    C:\Programmi\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
    C:\Programmi\Utimaco\SafeGuard PrivateDisk\pdservice.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Programmi\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
    C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Programmi\Sony\sonicstage mastering studio\audio filter\SSMSFilter.exe
    C:\Programmi\Sony\VAIO Launcher\Launcher.exe
    C:\Programmi\File comuni\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
    C:\Programmi\Mozilla Firefox\firefox.exe
    C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE
    G:\HijackThis.exe

    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com/
    R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 – BHO: Yahoo! Toolbar Helper – {02478D38-C3F9-4EFB-9B51-7695ECA05670} – C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 – BHO: AcroIEHlprObj Class – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 – BHO: SSVHelper Class – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
    O2 – BHO: CNisExtBho Class – {9ECB9560-04F9-4bbc-943D-298DDF1699E1} – C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
    O2 – BHO: Google Toolbar Helper – {AA58ED58-01DD-4d91-8333-CF10577473F7} – c:\programmi\google\googletoolbar2.dll
    O2 – BHO: CNavExtBho Class – {BDF3E430-B101-42AD-A544-FADC6B084872} – C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 – Toolbar: Norton Internet Security – {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} – C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
    O3 – Toolbar: Norton AntiVirus – {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} – C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 – Toolbar: &Google – {2318C2B1-4965-11d4-9B18-009027A5CD4F} – c:\programmi\google\googletoolbar2.dll
    O3 – Toolbar: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 – HKLM\..\Run: [TVTunerLib] C:\Programmi\File comuni\Sony Shared\TVTunerLib\TVTLInstTool.exe
    O4 – HKLM\..\Run: [VAIO Update 2] “C:\Programmi\sony\vaio update 2\VAIOUpdt.exe” /Stationary
    O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
    O4 – HKLM\..\Run: [ccApp] “C:\Programmi\File comuni\Symantec Shared\ccApp.exe”
    O4 – HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 – HKLM\..\Run: [VZRemoteCommander] C:\Programmi\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
    O4 – HKLM\..\Run: [PDService.exe] C:\Programmi\Utimaco\SafeGuard PrivateDisk\pdservice.exe
    O4 – HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 – HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
    O4 – HKLM\..\Run: [Systems] C:\WINDOWS\system32\sescmgr.exe
    O4 – HKCU\..\Run: [Yahoo! Pager] C:\Programmi\Yahoo!\Messenger\ypager.exe -quiet
    O4 – HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
    O4 – Startup: VAIO Launcher.lnk = C:\Programmi\Sony\VAIO Launcher\Launcher.exe
    O4 – Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 – Global Startup: Audio Filter.lnk = C:\Programmi\Sony\sonicstage mastering studio\audio filter\SSMSFilter.exe
    O4 – Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
    O8 – Extra context menu item: E&sporta in Microsoft Excel – res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 – Extra button: (no name) – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
    O9 – Extra ‘Tools’ menuitem: Sun Java Console – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
    O9 – Extra button: Ricerche – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Programmi\Messenger\msmsgs.exe
    O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Programmi\Messenger\msmsgs.exe
    O14 – IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
    O15 – Trusted Zone: *.sony-europe.com
    O15 – Trusted Zone: *.sonystyle-europe.com
    O15 – Trusted Zone: *.vaio-link.com
    O16 – DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O17 – HKLM\System\CCS\Services\Tcpip\..\{764E354B-D8C9-4C91-A1AF-FE10569927AB}: NameServer = 62.211.69.150 212.48.4.15
    O20 – Winlogon Notify: WgaLogon – C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 – Service: Adobe Active File Monitor (AdobeActiveFileMonitor) – Unknown owner – C:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
    O23 – Service: Symantec Network Proxy (ccProxy) – Symantec Corporation – C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
    O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
    O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
    O23 – Service: EpsonBidirectionalService – Unknown owner – C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
    O23 – Service: Image Converter video recording monitor for VAIO Entertainment – Sony Corporation – C:\Programmi\Sony\image converter 2\IcVzMon.exe
    O23 – Service: ISSvc (ISSVC) – Symantec Corporation – C:\Programmi\Norton Internet Security\ISSVC.exe
    O23 – Service: LiveUpdate – Symantec Corporation – C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 – Service: MSCSPTISRV – Sony Corporation – C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 – Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) – Symantec Corporation – C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
    O23 – Service: PACSPTISVR – Sony Corporation – C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
    O23 – Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) – Unknown owner – C:\Programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    O23 – Service: SAVScan – Symantec Corporation – C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
    O23 – Service: Symantec SPBBCSvc (SPBBCSvc) – Symantec Corporation – C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 – Service: Sony SPTI Service (SPTISRV) – Sony Corporation – C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
    O23 – Service: SonicStage SCSI Service (SSScsiSV) – Sony Corporation – C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
    O23 – Service: SymWMI Service (SymWSC) – Symantec Corporation – C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
    O23 – Service: Utilità di pianificazione di LiveUpdate automatico – Symantec Corporation – C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 – Service: VAIO Entertainment Aggregation and Control Service – Sony Corporation – C:\Programmi\File comuni\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
    O23 – Service: VAIO Entertainment Task Scheduler – Sony Corporation – C:\Programmi\Sony\vaio entertainment\VzTaskScheduler.exe
    O23 – Service: VAIO Entertainment TV Device Arbitration Service – Sony Corporation – C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
    O23 – Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) – Sony Corporation – C:\Programmi\Sony\VAIO Media Integrated Server\VMISrv.exe
    O23 – Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) – Unknown owner – C:\Programmi\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe” /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot=”SOFTWARE\Sony Corporation\VAIO Media Platform\2.0″ /RegExt=”Applications\IntegratedServer\HTTP (file missing)
    O23 – Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) – Sony Corporation – C:\Programmi\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 – Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) – Unknown owner – C:\Programmi\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe” /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot=”SOFTWARE\Sony Corporation\VAIO Media Platform\2.0″ /RegExt=”\Addons\Packages\Mobile\Gateway” /DisplayName=”VAIO Media Gateway Server (file missing)
    O23 – Service: VAIO Entertainment UPnP Client Adapter (Vcsw) – Sony Corporation – C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    O23 – Service: VAIO Entertainment Database Service (VzCdbSvc) – Sony Corporation – C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    O23 – Service: VAIO Entertainment File Import Service (VzFw) – Sony Corporation – C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

  17. ciao ho riscontrato anch’io lo stesso problema ma con Hijackthis non funzia; il file dcomcfg.exe è un fil che si trova nella system32 ma non è un file di sistema; sta di fatto però che ogni volta che si cancella torna tranquillamente a caricare il tutto… sto provando ora con winfix appena ho news vi faccio sape… è possibile che sia un aservizio in background????
    bye

  18. L’HO SCONFITTO!!!!
    ho avuto per mesi l’icona e si apriva la pagina continuamente.
    Pochi giorni fa mi è apparso il solito messaggio VERDE “complimenti ….”, ed ho cliccato su AVANTI. Prima che si aprisse la pagina Internet ho arrestato il sisitema. Mi è apparso il messaggio che interrompre l’applicazione ecc ecc, ed io ho chiuso lo stesso.
    NON SI E’ PIU’ PRESENTATO. FUNZIONA.

  19. Good site!!!

Lascia un commento

Inserisci i tuoi dati qui sotto o clicca su un'icona per effettuare l'accesso:

Logo WordPress.com

Stai commentando usando il tuo account WordPress.com. Chiudi sessione / Modifica )

Foto Twitter

Stai commentando usando il tuo account Twitter. Chiudi sessione / Modifica )

Foto di Facebook

Stai commentando usando il tuo account Facebook. Chiudi sessione / Modifica )

Google+ photo

Stai commentando usando il tuo account Google+. Chiudi sessione / Modifica )

Connessione a %s...

%d blogger cliccano Mi Piace per questo: