Command Service e spyware....aiutoooo!!!! [Archivio]

View Full Version : Command Service e spyware....aiutoooo!!!!

baycoreano

20-03-2006, 19:04

Aiuto ragazzi... ho formattato il pc,e nel periodo in cui sono rimasto senza antivirus secondo me ho preso una brutta bestia, command service. Faccio la scanzione con spybot, lo rilevo e lo elimino, ma al momento di riaccedere al sistema lo ritrovo sempre li' a dare fastidio, per non parlare delle 1000 finestre che si aprono mentre navigo in Intrnet. Mi aiutate per favore, non vorrei formattare di nuovo!!!
Vi posto il log di Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 18.57.48, on 20/03/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\Explorer.EXE
C:\sdkhj.exe
C:\WINDOWS\System32\Sygate.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\Softwin\BitDefender8\bdmcon.exe
C:\Programmi\Softwin\BitDefender8\bdnagent.exe
C:\WINDOWS\System32\lsass_322.exe
C:\windows\mousepad4.exe
C:\Programmi\webHancer\Programs\whagent.exe
C:\Programmi\webHancer\Programs\whsurvey.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\newfrn.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\devldr32.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Nello\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS\DH.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Programmi\webHancer\programs\whiehlpr.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [mdc] C:\sdkhj.exe
O4 - HKLM\..\Run: [Microsoft Update] Sygate.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programmi\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [zpfq32] lsass_322.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard4.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad4.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname4.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Programmi\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Programmi\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NewFrn] C:\WINDOWS\newfrn.exe
O4 - HKLM\..\RunServices: [Microsoft Update] Sygate.exe
O4 - HKLM\..\RunServices: [zpfq32] lsass_322.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Run Service Vxdrun] vxddirectx32.exe
O4 - HKCU\..\Run: [Microsoft Update] Sygate.exe
O4 - HKCU\..\Run: [MS Windows System Alert] MSWSA32.exe
O4 - HKCU\..\Run: [MS Windows Local Directory] MSWLD32.exe
O4 - HKCU\..\RunServices: [Run Service Vxdrun] vxddirectx32.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C7C7DC7-C2BC-4C87-893B-CDFF6E596BF2}: NameServer = 85.37.17.9 85.38.28.75
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: RunOnceEx - C:\WINDOWS\system32\uitheme.dll
O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\m0ju0a19ed.dll (file missing)
O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINDOWS\System32\wuapi.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: Defragmentation Management Handler (FAT Defragmentation) - Unknown owner - C:\WINDOWS\System32\dfrgfat32.exe
O23 - Service: Msn Service (MSNSVC) - Unknown owner - C:\WINDOWS\msnsrv.exe (file missing)
O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing)
O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

andorra24

20-03-2006, 19:08

Ciao, posta il log nell'apposito thread in rilievo cosi te lo analizzo con calma.
Questo thread lo chiuderanno sicuramente.

baycoreano

20-03-2006, 20:19

Qual'è il thread in rilievo. Quello ufficiale di Hijackthis??

Psycho9

20-03-2006, 20:22

Vai quì:

http://hijackthis.de/

andorra24

20-03-2006, 20:24

Qual'è il thread in rilievo. Quello ufficiale di Hijackthis??
E' il thread ufficiale di hijackthis. Posta il log cosi ti dico cosa devi eliminare.

http://www.hwupgrade.it/forum/showthread.php?t=937676&goto=lastpost

baycoreano

20-03-2006, 20:44

Sono andato all'indirizzo che mi hai dato, ho analizzato il log di hijackthis e mi ha riscontrato tanti errori( file sospetti).Ti riposto il log, così mi dici anche come devo operare per eliminare i file:

Logfile of HijackThis v1.99.1
Scan saved at 18.57.48, on 20/03/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\Explorer.EXE
C:\sdkhj.exe
C:\WINDOWS\System32\Sygate.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\Softwin\BitDefender8\bdmcon.exe
C:\Programmi\Softwin\BitDefender8\bdnagent.exe
C:\WINDOWS\System32\lsass_322.exe
C:\windows\mousepad4.exe
C:\Programmi\webHancer\Programs\whagent.exe
C:\Programmi\webHancer\Programs\whsurvey.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\newfrn.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\devldr32.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Nello\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS\DH.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Programmi\webHancer\programs\whiehlpr.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [mdc] C:\sdkhj.exe
O4 - HKLM\..\Run: [Microsoft Update] Sygate.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programmi\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [zpfq32] lsass_322.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard4.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad4.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname4.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Programmi\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Programmi\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NewFrn] C:\WINDOWS\newfrn.exe
O4 - HKLM\..\RunServices: [Microsoft Update] Sygate.exe
O4 - HKLM\..\RunServices: [zpfq32] lsass_322.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Run Service Vxdrun] vxddirectx32.exe
O4 - HKCU\..\Run: [Microsoft Update] Sygate.exe
O4 - HKCU\..\Run: [MS Windows System Alert] MSWSA32.exe
O4 - HKCU\..\Run: [MS Windows Local Directory] MSWLD32.exe
O4 - HKCU\..\RunServices: [Run Service Vxdrun] vxddirectx32.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C7C7DC7-C2BC-4C87-893B-CDFF6E596BF2}: NameServer = 85.37.17.9 85.38.28.75
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: RunOnceEx - C:\WINDOWS\system32\uitheme.dll
O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\m0ju0a19ed.dll (file missing)
O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINDOWS\System32\wuapi.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: Defragmentation Management Handler (FAT Defragmentation) - Unknown owner - C:\WINDOWS\System32\dfrgfat32.exe
O23 - Service: Msn Service (MSNSVC) - Unknown owner - C:\WINDOWS\msnsrv.exe (file missing)
O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing)
O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

andorra24

20-03-2006, 20:47

baycoreano ti avevo detto di postare il log di hijackthis nel thread ufficiale in rilievo.

http://www.hwupgrade.it/forum/showthread.php?t=937676&goto=lastpost

andorra24

20-03-2006, 21:06

Visto che hai molta difficolta' a postare il log di hijackthis nell'apposito thread in rilievo per questa volta te lo analizzo in questo thread SPERANDO CHE I MODERATORI non lo chiudano (dopo la fatica che ho fatto).

Fixa:

C:\sdkhj.exe
C:\WINDOWS\System32\Sygate.exe
C:\WINDOWS\System32\lsass_322.exe
C:\windows\mousepad4.exe
C:\Programmi\webHancer\Programs\whagent.exe
C:\Programmi\webHancer\Programs\whsurvey.exe
C:\WINDOWS\newfrn.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS\DH.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Programmi\webHancer\programs\whiehlpr.dll
O4 - HKLM\..\Run: [mdc] C:\sdkhj.exe
O4 - HKLM\..\Run: [Microsoft Update] Sygate.exe
O4 - HKLM\..\Run: [zpfq32] lsass_322.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard4.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad4.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname4.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Programmi\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Programmi\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [NewFrn] C:\WINDOWS\newfrn.exe
O4 - HKLM\..\RunServices: [Microsoft Update] Sygate.exe
O4 - HKLM\..\RunServices: [zpfq32] lsass_322.exe
O4 - HKCU\..\Run: [Run Service Vxdrun] vxddirectx32.exe
O4 - HKCU\..\Run: [Microsoft Update] Sygate.exe
O4 - HKCU\..\Run: [MS Windows System Alert] MSWSA32.exe
O4 - HKCU\..\Run: [MS Windows Local Directory] MSWLD32.exe
O4 - HKCU\..\RunServices: [Run Service Vxdrun] vxddirectx32.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CAB
O20 - Winlogon Notify: RunOnceEx - C:\WINDOWS\system32\uitheme.dll
O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\m0ju0a19ed.dll (file missing)
O23 - Service: Defragmentation Management Handler (FAT Defragmentation) - Unknown owner - C:\WINDOWS\System32\dfrgfat32.exe
O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINDOWS\System32\wuapi.exe (file missing)
O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing)
O23 - Service: Msn Service (MSNSVC) - Unknown owner - C:\WINDOWS\msnsrv.exe (file missing)
O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe (file missing)

baycoreano

20-03-2006, 23:46

Ho fixato gli elementi che hai detto, mi ha datto problema solo per 010 WinSock LSP, che mi dice che posso eliminare con SpyBot. Avvio la scansiobe com spybot e mi trova ancora delle voci:

-Smitfraud-C

Eseguibile
c:\MTE3NDI60DoxNg.exe

Dati
c:\windows\teller2.chk

Dati
c:windows\drsmartload2.dat

Eseguibile
c:\drsmartload1.exe

Impostazioni
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\.........

Impostazioni
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\.......

Impostazioni
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\drsmartload2

-webHancer

<$WINSOCK>
webHancer

Assistente del Browser(BHO)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CurrentVersion\Explorer\Browser Helper Object\..........

Classe radice (Root)
HKEY_LOCAL_MACHINE\Software\Classes\WhleHelperObj.WhleHelperObj.1

Classe radice (Root)
HKEY_LOCAL_MACHINE\Software\Classes\WhleHelperObj.WhleHelperObj

ID di classe
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\.........

Impostazioni di disinstallazione
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent

Impostazioni globali
HKEY_LOCAL_MACHINE\Software\webHancer

Interfaccia
HKEY_CLASSES_ROOT\Interface\...............

Libreria dei tipi
HKEY_CLASSES_ROOT\TypeLib\................

-Network Monitor

File di testo
C:\WINDOWS\uninstall_nmon.vbs

Cartella di programma
C:\Programmi\Network Monitor\

Cartella di programma
C:\Documents and Settings\LocalService\Dati applicazioni\NetMon\

Impostazioni di disinstallazione
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\..........

-MediaPlex

Cookie tracciante (Internet Explorer:Nello)
Internet Explorer (Nello): Cookie:[email protected]/()

-Deskwizz

Eseguibile
C:\WINDOWS\newfrn.exe

File di cofigurazione
C:\WINDOWS\dh.ini

Libreria
C:\WINDOWS\DH.dll

ID di classe
HKEY_CLASSES_ROOT\CLSID\.............

-CoolWWWSearch

Pagina di ricerca di IE
HKEY_USERSS-1-5-21-1957994488-484763869-10602842298-1003\Software\Microsoft\Internet Explorer\Search\SearchAssistant Explorer\Main\Default_Search_URL=about:blank

-Command Service

Eseguibile
C:\Documents and Settings\Nello\Impostazioni locali\Temp\cmdinst.exe

Impostazioni di disinstallazione
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\..................

Alcune di queste voci non mi erano mai uscite. Ora le ho eliminate e ho corretto gli errori trovati. Ti posto il nuovo log di Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 23.34.23, on 20/03/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\Softwin\BitDefender8\bdmcon.exe
C:\Programmi\Softwin\BitDefender8\bdnagent.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\devldr32.exe
C:\Documents and Settings\Nello\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programmi\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\q0680ajuedo80.dll
O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINDOWS\System32\wuapi.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: Defragmentation Management Handler (FAT Defragmentation) - Unknown owner - C:\WINDOWS\System32\dfrgfat32.exe
O23 - Service: Msn Service (MSNSVC) - Unknown owner - C:\WINDOWS\msnsrv.exe (file missing)
O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Stev-O

20-03-2006, 23:52

hai fatto anche una scansione con ewido??

andorra24

20-03-2006, 23:53

Fixa queste voci:

O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\q0680ajuedo80.dll
O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINDOWS\System32\wuapi.exe (file missing)
O23 - Service: Defragmentation Management Handler (FAT Defragmentation) - Unknown owner - C:\WINDOWS\System32\dfrgfat32.exe
O23 - Service: Msn Service (MSNSVC) - Unknown owner - C:\WINDOWS\msnsrv.exe (file missing)
O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing)

Fai una scansione con questo tool seguendo attentamente le istruzioni:
http://www.bleepingcomputer.com/files/smitRem.php

Stev-O

20-03-2006, 23:58

mai visto un log da fixare a "passate" :eek:

baycoreano

21-03-2006, 19:59

Ciao ho fixato gli elementi che mi hai indicato, e ho fatto una scansione con smitrem. Ora ti posto il nuovo log di hijackthis, mi sembra che apre ancora le spyware:

Scan saved at 19.50.37, on 21/03/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\Softwin\BitDefender8\bdmcon.exe
C:\Programmi\Softwin\BitDefender8\bdnagent.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\explorer.exe
C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE
C:\Documents and Settings\Nello\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programmi\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C7C7DC7-C2BC-4C87-893B-CDFF6E596BF2}: NameServer = 85.37.17.9 85.38.28.75
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\en2ql1f51.dll
O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINDOWS\System32\wuapi.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: Defragmentation Management Handler (FAT Defragmentation) - Unknown owner - C:\WINDOWS\System32\dfrgfat32.exe
O23 - Service: Msn Service (MSNSVC) - Unknown owner - C:\WINDOWS\msnsrv.exe (file missing)
O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

andorra24

21-03-2006, 20:12

Fixa queste:

O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\en2ql1f51.dll
O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINDOWS\System32\wuapi.exe (file missing)
O23 - Service: Defragmentation Management Handler (FAT Defragmentation) - Unknown owner - C:\WINDOWS\System32\dfrgfat32.exe
O23 - Service: Msn Service (MSNSVC) - Unknown owner - C:\WINDOWS\msnsrv.exe (file missing)
O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing)

baycoreano

21-03-2006, 20:31

Fixato queste voci, ho fatto anche una scansione con Ewido e mi ha trovato 80 file infetti. Ora posto sia il niovo log di hijackthis e sia il log di Ewido:

Logfile of HijackThis v1.99.1
Scan saved at 20.19.41, on 21/03/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\Softwin\BitDefender8\bdmcon.exe
C:\Programmi\Softwin\BitDefender8\bdnagent.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\explorer.exe
C:\Programmi\ewido anti-malware\ewidoguard.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nello\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programmi\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C7C7DC7-C2BC-4C87-893B-CDFF6E596BF2}: NameServer = 85.37.17.9 85.38.28.75
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\en2ql1f51.dll
O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINDOWS\System32\wuapi.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido anti-malware\ewidoguard.exe
O23 - Service: Defragmentation Management Handler (FAT Defragmentation) - Unknown owner - C:\WINDOWS\System32\dfrgfat32.exe
O23 - Service: Msn Service (MSNSVC) - Unknown owner - C:\WINDOWS\msnsrv.exe (file missing)
O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

EWIDO

---------------------------------------------------------
ewido anti-malware - Rapporto Scansione
---------------------------------------------------------

+ Creato il: 20.14.49, 21/03/2006
+ Report-Checksum: 614A8A4A

+ Risultati scansione:

[1016] C:\WINDOWS\system32\vfrifier.dll -> Adware.Look2Me : Errore durante la pulizia
[1992] C:\WINDOWS\system32\vfrifier.dll -> Adware.Look2Me : Errore durante la pulizia
C:\argc.exe -> Downloader.Adload.t : Pulito con Backup
C:\Documents and Settings\Nello\Cookies\nello@2o7[2].txt -> TrackingCookie.2o7 : Pulito con Backup
C:\Documents and Settings\Nello\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Pulito con Backup
C:\Documents and Settings\Nello\Cookies\[email protected][1].txt -> TrackingCookie.Searchingbooth : Pulito con Backup
C:\Documents and Settings\Nello\Cookies\nello@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Pulito con Backup
C:\Documents and Settings\Nello\Cookies\[email protected][2].txt -> TrackingCookie.Sexcounter : Pulito con Backup
C:\Documents and Settings\Nello\Cookies\[email protected][2].txt -> TrackingCookie.Clickzs : Pulito con Backup
C:\Documents and Settings\Nello\Cookies\[email protected][1].txt -> TrackingCookie.Itrack : Pulito con Backup
C:\Documents and Settings\Nello\Cookies\[email protected][1].txt -> TrackingCookie.Top-banners : Pulito con Backup
C:\Documents and Settings\Nello\Cookies\nello@overture[1].txt -> TrackingCookie.Overture : Pulito con Backup
C:\Documents and Settings\Nello\Cookies\[email protected][2].txt -> TrackingCookie.Realtracker : Pulito con Backup
C:\Documents and Settings\Nello\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : Pulito con Backup
C:\Documents and Settings\Nello\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : Pulito con Backup
C:\Documents and Settings\Nello\Cookies\nello@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Pulito con Backup
C:\Documents and Settings\Nello\Cookies\[email protected][2].txt -> TrackingCookie.Clickzs : Pulito con Backup
C:\Documents and Settings\Nello\Cookies\[email protected][2].txt -> TrackingCookie.Clickzs : Pulito con Backup
C:\Documents and Settings\Nello\Cookies\[email protected][1].txt -> TrackingCookie.Adtrak : Pulito con Backup
C:\Documents and Settings\Nello\Cookies\[email protected][2].txt -> TrackingCookie.Popuptraffic : Pulito con Backup
C:\Documents and Settings\Nello\Cookies\nello@xxxcounter[2].txt -> TrackingCookie.Xxxcounter : Pulito con Backup
:mozilla.12:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Cpvfeed : Pulito con Backup
:mozilla.24:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Revenue : Pulito con Backup
:mozilla.28:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Zedo : Pulito con Backup
:mozilla.29:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Zedo : Pulito con Backup
:mozilla.30:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Zedo : Pulito con Backup
:mozilla.31:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Zedo : Pulito con Backup
:mozilla.32:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Zedo : Pulito con Backup
:mozilla.33:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Yieldmanager : Pulito con Backup
:mozilla.34:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Yieldmanager : Pulito con Backup
:mozilla.35:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Yieldmanager : Pulito con Backup
:mozilla.44:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Reliablestats : Pulito con Backup
:mozilla.45:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Reliablestats : Pulito con Backup
:mozilla.46:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Reliablestats : Pulito con Backup
:mozilla.47:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Reliablestats : Pulito con Backup
:mozilla.48:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Reliablestats : Pulito con Backup
:mozilla.49:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Reliablestats : Pulito con Backup
:mozilla.50:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Reliablestats : Pulito con Backup
:mozilla.51:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Reliablestats : Pulito con Backup
:mozilla.52:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Reliablestats : Pulito con Backup
:mozilla.53:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Reliablestats : Pulito con Backup
:mozilla.54:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Reliablestats : Pulito con Backup
C:\Documents and Settings\Nello\Desktop\hijackthis\backups\backup-20060320-225143-487.dll -> Dialer.VB.j : Pulito con Backup
C:\Documents and Settings\Nello\zikra.exe -> Downloader.Adload.t : Pulito con Backup
C:\Programmi\webHancer\Programs\webhdll.dll -> Adware.WebHancer : Pulito con Backup
C:\Programmi\webHancer\Programs\whagent.exe -> Adware.WebHancer : Pulito con Backup
C:\Programmi\webHancer\Programs\whiehlpr.dll -> Adware.WebHancer : Pulito con Backup
C:\Programmi\webHancer\Programs\whsurvey.exe -> Adware.WebHancer : Pulito con Backup
C:\Programmi\whInstall -> Adware.Webhancer : Pulito con Backup
C:\Programmi\whInstall\license.txt -> Adware.Webhancer : Pulito con Backup
C:\Programmi\whInstall\readme.txt -> Adware.Webhancer : Pulito con Backup
C:\Programmi\whInstall\whAgent.ini -> Adware.Webhancer : Pulito con Backup
C:\WHCC2.exe/whAgent.exe -> Adware.WebHancer : Pulito con Backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERST_0001_N68M0602NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Pulito con Backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UERST_0001_N68M0602NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Pulito con Backup
C:\WINDOWS\Downloaded Program Files\UERST_0001_N68M0602NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Pulito con Backup
C:\WINDOWS\system32\a.exe -> Backdoor.SdBot.aad : Pulito con Backup
C:\WINDOWS\system32\ad.html -> Hijacker.Agent.e : Pulito con Backup
C:\WINDOWS\system32\asvpack.dll -> Adware.Look2Me : Pulito con Backup
C:\WINDOWS\system32\cndial32.dll -> Adware.Look2Me : Pulito con Backup
C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\0T6ROX67\rp5[1].exe -> Backdoor.SdBot.aad : Pulito con Backup
C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\0T6ROX67\rp5[2].exe -> Backdoor.SdBot.aad : Pulito con Backup
C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\K9Y3WPUF\drsmartload556a[1].exe -> Downloader.Adload.t : Pulito con Backup
C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\K9Y3WPUF\drsmartload[1].exe -> Downloader.Adload.u : Pulito con Backup
C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\SL6V0XIF\rp5[2].exe -> Backdoor.SdBot.aad : Pulito con Backup
C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\SL6V0XIF\winsysban12[1].exe -> Hijacker.VB.li : Pulito con Backup
C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\SLA78PMB\rp5[1].exe -> Backdoor.SdBot.aad : Pulito con Backup
C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\SLA78PMB\rp5[2].exe -> Backdoor.SdBot.aad : Pulito con Backup
C:\WINDOWS\system32\guard.tmp -> Adware.Look2Me : Pulito con Backup
C:\WINDOWS\system32\mZg_hook.dll -> Adware.Look2Me : Pulito con Backup
C:\WINDOWS\system32\mzxoci.dll -> Adware.Look2Me : Pulito con Backup
C:\WINDOWS\system32\tHpi32.dll -> Adware.Look2Me : Pulito con Backup
C:\WINDOWS\system32\winabra.exe -> Heuristic.Win32.Morphine-Crypted : Pulito con Backup
C:\WINDOWS\system32\wzppmht.exe -> Dropper.Paradrop.a : Pulito con Backup
C:\WINDOWS\system32\zikra.exe -> Downloader.Adload.t : Pulito con Backup
C:\WINDOWS\system32\__delete_on_reboot__vfrifier.dll -> Adware.Look2Me : Pulito con Backup
C:\WINDOWS\THVjaWFubw\asappsrv.dll -> Adware.CommAd : Pulito con Backup
C:\WINDOWS\THVjaWFubw\command.exe -> Adware.CommAd : Pulito con Backup
C:\WINDOWS\wallpap.exe -> Hijacker.Agent.gp : Pulito con Backup
C:\winsysban12.exe -> Hijacker.VB.li : Pulito con Backup

::Fine Rapportoਊ

Ma non è che queste operazioni devo farle in modalità provvisoria???

andorra24

21-03-2006, 20:39

Ewido ti ha trovato tantissime infezioni, avevi il pc davvero molto inquinato. Ci sono alcune voci del log di hijackthis che devi fixare in modalita' provvisoria dopo aver disattivato il ripristino di sistema e sono queste:

O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\en2ql1f51.dll
O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINDOWS\System32\wuapi.exe (file missing)
O23 - Service: Defragmentation Management Handler (FAT Defragmentation) - Unknown owner - C:\WINDOWS\System32\dfrgfat32.exe
O23 - Service: Msn Service (MSNSVC) - Unknown owner - C:\WINDOWS\msnsrv.exe (file missing)
O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing)

Per disattivare il ripristino di sistema segui le istruzioni:
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/idocid/20020823151930924

Per andare in modalita' provvisoria:
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/idocid/20020722090503924

ps: gia' che vai in modalita' provvisoria ripeti anche la scansione con ewido.

baycoreano

21-03-2006, 22:59

Sono andato in modalità provvisoria, ma hijackthis non lo trovo, come mai?? La scansione la faccio solo con Ewido??

andorra24

21-03-2006, 23:07

Sono andato in modalità provvisoria, ma hijackthis non lo trovo, come mai?? La scansione la faccio solo con Ewido??
In che senso non lo trovi? :confused:
In qualche cartella deve esserci per forza, cercalo meglio. Ci sono quelle voci del log che vanno fixate. Se non riesci in modalita' normale devi insistere in mod.provvisoria. Inoltre ripeti la scansione con ewido sempre in mod.provvisoria.

Stev-O

21-03-2006, 23:09

ma è sempre lo stesso log di ieri??? :eek:

andorra24

21-03-2006, 23:14

ma è sempre lo stesso log di ieri??? :eek:
Si, era pieno zeppo di malwares. :rolleyes:

wgator

21-03-2006, 23:16

Ciao,

ehm... è un po' che tengo d'occhio questo thread (che avrei dovuto chiudere perchè fuori posto)
Non l'ho fatto solo per rispetto al lavoro di Andorra che lo ha analizzato.
Prego baycoreano di seguire le regole della sezione. I log di Hijackthis vanno postati solo ed esclusivamente qui: http://www.hwupgrade.it/forum/showthread.php?t=937676

andorra24

21-03-2006, 23:21

Stev-O

21-03-2006, 23:22

non è che ne risenta molto l'economia della sezione comunque eh? :cool:

Stev-O

21-03-2006, 23:23

Si, era pieno zeppo di malwares. :rolleyes:
ma se faceva la scansione con ewido PRIMA di postare il log non si semplificava l'operazione di eliminazione mailware?? :)

andorra24

21-03-2006, 23:26

ma se faceva la scansione con ewido PRIMA di postare il log non si semplificava l'operazione di eliminazione mailware?? :)
Sul suo log di hijackthis compaiono sia bitdefender che ewido e quindi deduco (o spero) che li abbia usati prima di postare il log. :rolleyes:

Stev-O

21-03-2006, 23:28

ma allora dopo come mai contunuava a dargli della roba ewido???

andorra24

21-03-2006, 23:32

ma allora dopo come mai contunuava a dargli della roba ewido???
Non chiederlo a me. :)

Stev-O

21-03-2006, 23:35

in ogni caso su questo thread si cercava di dare una mano a una persona in difficoltà più che fare dell'accademia :)

andorra24

21-03-2006, 23:43

in ogni caso su questo thread si cercava di dare una mano a una persona in difficoltà più che fare dell'accademia :)
Certo. L'utente evidentemente si e' confuso e non e' riuscito a postare il log nel thread in rilievo (nonostante gliel'abbia detto 3 volte). Credo che sia stato giusto aiutarlo ugualmente invece di chiudergli il thread. :)

baycoreano

22-03-2006, 18:43

Ragazzi sembra che vada tutto meglio, non mi si aprono più nemmeno le finestre spyware. Ho fatto una scansione con SpyBot e non mi ha rilevato nulla, ne ho fatta una con Ewido e mi ha rilevato 7 file infetti, e ne ho fatta anche una con Hijackthis.Ora vi posto anche il log di Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 18.35.09, on 22/03/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\Programmi\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\Softwin\BitDefender8\bdmcon.exe
C:\Programmi\Softwin\BitDefender8\bdnagent.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\devldr32.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nello\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programmi\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\ir60l5jm1.dll (file missing)
O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINDOWS\System32\wuapi.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido anti-malware\ewidoguard.exe
O23 - Service: Defragmentation Management Handler (FAT Defragmentation) - Unknown owner - C:\WINDOWS\System32\dfrgfat32.exe
O23 - Service: Msn Service (MSNSVC) - Unknown owner - C:\WINDOWS\msnsrv.exe (file missing)
O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

andorra24

22-03-2006, 18:50

Cerca di fixare queste:

O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\ir60l5jm1.dll (file missing)
O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINDOWS\System32\wuapi.exe (file missing)
O23 - Service: Defragmentation Management Handler (FAT Defragmentation) - Unknown owner - C:\WINDOWS\System32\dfrgfat32.exe
O23 - Service: Msn Service (MSNSVC) - Unknown owner - C:\WINDOWS\msnsrv.exe (file missing)
O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing)

Se non riesci in mod. normale riprova in mod. provvisoria. Comunque la situazione e' migliorata adesso.

baycoreano

22-03-2006, 19:33

Ho fixato le voci che mi hai detto, sia in modalità normale che provvisoria, ma le seguenti voci continuano a rimanere:

O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINDOWS\System32\wuapi.exe (file missing)
O23 - Service: Defragmentation Management Handler (FAT Defragmentation) - Unknown owner - C:\WINDOWS\System32\dfrgfat32.exe
O23 - Service: Msn Service (MSNSVC) - Unknown owner - C:\WINDOWS\msnsrv.exe (file missing)
O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing)

Non capisco il motivo non vogliono proprio eliminarsi.

andorra24

22-03-2006, 19:48

O23 - Service: Defragmentation Management Handler (FAT Defragmentation) - Unknown owner - C:\WINDOWS\System32\dfrgfat32.exe

Elimina questo dfrgfat32.exe utilizzando killbox:
http://www.bleepingcomputer.com/files/killbox.php

Le altre voci comunque non dovrebbero costituire un problema perche' risultano come ''file missing''.

baycoreano

22-03-2006, 19:57

Fatto anche se mi risulta ancora con hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 19.56.35, on 22/03/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\Programmi\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\Softwin\BitDefender8\bdmcon.exe
C:\Programmi\Softwin\BitDefender8\bdnagent.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\System32\devldr32.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nello\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programmi\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C7C7DC7-C2BC-4C87-893B-CDFF6E596BF2}: NameServer = 85.255.114.104 85.255.112.103
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINDOWS\System32\wuapi.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido anti-malware\ewidoguard.exe
O23 - Service: Defragmentation Management Handler (FAT Defragmentation) - Unknown owner - C:\WINDOWS\System32\dfrgfat32.exe (file missing)
O23 - Service: Msn Service (MSNSVC) - Unknown owner - C:\WINDOWS\msnsrv.exe (file missing)
O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Comunque non mi sta dando più tanti problemi, mi consigli anche qualche buon firewall??

andorra24

22-03-2006, 20:01

Comunque non mi sta dando più tanti problemi, mi consigli anche qualche buon firewall??

Se vuoi un firewall a pagamento Outpost Pro e' molto valido. Se vuoi un firewall free puoi mettere sygate oppure zone alarm.

Stev-O

22-03-2006, 23:01

un router ancora meglio

baycoreano

23-03-2006, 13:17

Infatti devo comprarlo un router, visto che ho acquistato un portatile e voglio condividere la connessione adsl tra il pc da tavolo e il mio portatile.Cosa mi consigliate di buono e di non troppo costoso??

Stev-O

23-03-2006, 13:29

anche il netgear :read: