troian reindirizza pagine internet

troian reindirizza pagine internet

ho preso un troian(credo) che mi reindirizza al sito windowsclick.com o a un sito tipo speedownloading ecc..

con CCCLEANER ho visto ke mi dava all'avvio un file .exe sconosciuto: sono riuscito a eliminarlo! Ma continuava a farmelo: ho usato HJThis e sono riuscito almeno a scegliere la pagina iniziale del browser(che naturalmente era bloccata). Ma non riesco a eliminarlo definitivamente.

Vi premetto che ho provato le soluzione principale che gira su internet(disinstalare driver UACd.sys ma io quel driver non lo ho proprio). Kasperky non me lo toglie.....Aiutatemi!!!!:sonno::sonno::sonno:

allora, in questi casi è consigliato usare un antipyware come SUPERantispyware http://www.superantispyware.com (gratuito) e poi fare una scansione con Spybot Search and Destroy (gratuito) http://www.safer-networking.org/it/download/index.html

Ti invito poi a visionare questa guida http://forumnops.altervista.org/showthread.php?tid=11 e a fare il tutto dalla modalità provvisoria (f8 prima che windows si carichi all'avvio del PC, le scritte sono normali)

grazie

grazie proverò e ti farò sapere.

cmq spybot lo avevo già provato...o:o:

Log Hjthis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21.53.03, on 24/02/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20978)

Boot mode: Normal



Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32spoolsv.exe

C:WINDOWSsystem32CTsvcCDA.exe

C:WINDOWSsystem32svchost.exe

CrogrammiJavajre6binjqs.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32nvsvc32.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32wbemwmiapsrv.exe

C:WINDOWSExplorer.EXE

C:WINDOWSSOUNDMAN.EXE

C:WINDOWSsystem32RUNDLL32.EXE

C:WINDOWSsystem32rundll32.exe

CrogrammiSonyContent TransferContentTransferWMDetector.exe

CrogrammiCreativeCreative ZENZEN Media ExplorerCTCheck.exe

C:WINDOWSsystem32ctfmon.exe

CrogrammiSkypePhoneSkype.exe

CrogrammiCreativeSync Manager UnicodeCTSyncU.exe

CrogrammiNokiaNokia PC Suite 6PcSync2.exe

CROGRA~1FILECO~1NokiaMPAPIMPAPI3s.exe

CROGRA~1FILECO~1PCSuiteServicesSERVIC~1.EXE

CrogrammiSkypePlugin ManagerskypePM.exe

CrogrammiWindows LiveMessengermsnmsgr.exe

CrogrammiWindows LiveMessengerusnsvc.exe

CrogrammiWinRARWinRAR.exe

C:WINDOWSsystem32NOTEPAD.EXE

COCUME~1ADMINI~1IMPOST~1TempRar$EX87.797RiccardoHiJackThis.exe



R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.it/

O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup

O4 - HKLM..Run: [nwiz] nwiz.exe /install

O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit

O4 - HKLM..Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM..Run: [ContentTransferWMDetector.exe] CrogrammiSonyContent TransferContentTransferWMDetector.exe

O4 - HKLM..Run: [CTCheck] CrogrammiCreativeCreative ZENZEN Media ExplorerCTCheck.exe

O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe

O4 - HKCU..Run: [Skype] "CrogrammiSkypePhoneSkype.exe" /nosplash /minimized

O4 - HKCU..Run: [CTSyncU.exe] "CrogrammiCreativeSync Manager UnicodeCTSyncU.exe"

O4 - HKCU..Run: [PcSync] CrogrammiNokiaNokia PC Suite 6PcSync2.exe /NoDialog

O4 - HKCU..PoliciesExplorerRun: [NT Printing Services6] dllhosts.exe

O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SERVIZIO DI RETE')

O4 - HKUSS-1-5-20..Run: [MsnMsgr] "CrogrammiWindows LiveMessengerMsnMsgr.Exe" /background (User 'SERVIZIO DI RETE')

O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://CROGRA~1MICROS~1Office12EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - CROGRA~1MICROS~1Office12REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O17 - HKLMSystemCCSServicesTcpip..{BE3B563F-CFF6-46BC-B46B-650C416E83AE}: NameServer = 85.37.17.17 85.38.28.72

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - CROGRA~1FILECO~1SkypeSKYPE4~1.DLL

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:WINDOWSsystem32CTsvcCDA.exe

O23 - Service: Google Updater Service (gusvc) - Google - CrogrammiGoogleCommonGoogle UpdaterGoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - CrogrammiJavajre6binjqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe



--

End of file - 4412 bytes

fixa quest

iO4 - HKLM..Run: [ContentTransferWMDetector.exe] CrogrammiSonyContent TransferContentTransferWMDetector.exe

O4 - HKCU..PoliciesExplorerRun: [NT Printing Services6] dllhosts.exe

[quote name='leo4555']fixa quest

iO4 - HKLM..Run: [ContentTransferWMDetector.exe] CrogrammiSonyContent TransferContentTransferWMDetector.exe

O4 - HKCU..PoliciesExplorerRun: [NT Printing Services6] dllhosts.exe[/QUOTE]



Per cancellare file insistenti usa Avenger.

http://www.megalab.it/2656/