Ciao a tutti, ieri mio fratello si è accorto ke avevamo il Firewall di Windows disattivato e nel riattivarlo ha scoperto ke nn si riesce + ad attivarlo...io avevo notato già da qualke gg ke il pc era un pò rallentato ma nn pensavo ke ci fosse il firewall disattivato, questo è quello ke succede quando tento di attivarlo:

http://img524.imageshack.us/img524/8316/errorefirewall1xp3.jpg

http://img300.imageshack.us/img300/3148/errorefirewall2zi9.jpg

http://img300.imageshack.us/img300/7880/errorefirewall3la6.jpg

Oggi ho anke fatto una scansione con l'AntiVir, ha tolto 5 virus ma nn ho risolto nulla...cosa posso fare?

Grazie, ciauz!

Ho fatto una scansione con "HijackThis" ed ecco cosa è uscito fuori:

Logfile of HijackThis v1.99.1
Scan saved at 16.24.55, on 16/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\VideoLAN\VLC\vlc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\De francisci\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O8 - Extra context menu item: Download with Rapget - C:\Programmi\Rapget\rapget.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmi\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmi\VisualRoute\vrie.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.archivio.name
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.otherchance.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/.../GAME_UNO1.cab
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {C6BEBA53-1F7E-4A0A-B738-61FBB49E0B06} (VPDefaultX Control) - http://videopostaumail.alice.it/resources/VPDefault.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

Cosa mi consigliate di fare?

mmmmm
ho postato il tuo "resoconto" su www.hijackthis.de ed è apparso qalkosina
O15 - Trusted Zone: www.archivio.name
O15 - Trusted Zone: www.archiviosex.net
mentre questo lo danno come insicuro
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
dacci un okkiata di persona xo xke questi 2 li da kme inutili
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
O16 - DPF: {C6BEBA53-1F7E-4A0A-B738-61FBB49E0B06} (VPDefaultX Control) - http://videopostaumail.alice.it/resources/VPDefault.ocx
kmnque ti konsiglio di fixre i primi 3 x sikurezza,mentre gli altri 2 e meglio se decide te kontrollando attentamente sul sito ke ti ho skritto sopra

passatina con gmer grazie

e skrivi ksa trovi in rosso

passatina con gmer grazie
Eccola quà!!!

GMER 1.0.12.12244 - http://www.gmer.net
Rootkit scan 2007-06-17 22:05:05
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT \??\C:\WINDOWS\system32\windev-335b-7a94.sys ZwEnumerateKey
SSDT \??\C:\WINDOWS\system32\windev-335b-7a94.sys ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\system32\windev-335b-7a94.sys ZwQueryDirectoryFile

Code F8806D98 ZwCreateFile
Code F8807A88 ZwCreateKey
Code F8807964 ZwEnumerateKey
Code F8807A28 ZwEnumerateValueKey
Code F8806CE0 ZwOpenFile
Code F8807B1C ZwOpenKey
Code F8806BCE ZwQueryDirectoryFile
Code F8808708 ZwTerminateProcess
Code F8806D97 NtCreateFile
Code F8806CDF NtOpenFile
Code F8806BCD NtQueryDirectoryFile

---- Kernel code sections - GMER 1.0.12 ----

PAGE ntoskrnl.exe!ZwOpenKey 805684D5 5 Bytes JMP F8807B20
PAGE ntoskrnl.exe!ZwCreateKey 8056F063 5 Bytes JMP F8807A8C
PAGE ntoskrnl.exe!ZwEnumerateKey 8056F76A 5 Bytes JMP F8807968
PAGE ntoskrnl.exe!NtOpenFile 805715E7 5 Bytes JMP F8806CE4
PAGE ntoskrnl.exe!NtCreateFile 8057164C 5 Bytes JMP F8806D9C
PAGE ntoskrnl.exe!NtQueryDirectoryFile 80574DAD 5 Bytes JMP F8806BD2
PAGE ntoskrnl.exe!ZwEnumerateValueKey 805801FE 5 Bytes JMP F8807A2C
PAGE ntoskrnl.exe!ZwTerminateProcess 8058AE1E 5 Bytes JMP F880870C
? C:\WINDOWS\system32\DRIVERS\update.sys
? C:\WINDOWS\system32\windev-335b-7a94.sys Impossibile trovare il file specificato.

---- Devices - GMER 1.0.12 ----

Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [B37D07A0] windev-335b-7a94.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [B37D07A0] windev-335b-7a94.sys
Device \Driver\poof \Device\poofpoof IRP_MJ_CREATE F88056D0
Device \Driver\poof \Device\poofpoof IRP_MJ_CLOSE F88056D0
Device \Driver\poof \Device\poofpoof IRP_MJ_DEVICE_CONTROL F88055C8
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [B37D07A0] windev-335b-7a94.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [B37D07A0] windev-335b-7a94.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [B37D07A0] windev-335b-7a94.sys

---- Modules - GMER 1.0.12 ----
Module \??\C:\WINDOWS\system32\poof (*** hidden *** ) F8805000-F880D000 (32768 bytes)

---- Processes - GMER 1.0.12 ----
Process C:\WINDOWS\system32\koos.exe (*** hidden *** ) 812

---- Services - GMER 1.0.12 ----
Service C:\WINDOWS\system32\windev-335b-7a94.sys (*** hidden *** ) [AUTO] windev-335b-7a94 <-- ROOTKIT !!!


Che dite??

mmmmm
ho postato il tuo "resoconto" su www.hijackthis.de ed è apparso qalkosina
O15 - Trusted Zone: www.archivio.name
O15 - Trusted Zone: www.archiviosex.net
mentre questo lo danno come insicuro
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
dacci un okkiata di persona xo xke questi 2 li da kme inutili
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
O16 - DPF: {C6BEBA53-1F7E-4A0A-B738-61FBB49E0B06} (VPDefaultX Control) - http://videopostaumail.alice.it/resources/VPDefault.ocx
kmnque ti konsiglio di fixre i primi 3 x sikurezza,mentre gli altri 2 e meglio se decide te kontrollando attentamente sul sito ke ti ho skritto sopra
Ok grazie!!

PS. Non riesco neanche ad attivare il Firewall di Windows dal pannello di controllo, e mi dà questo errore:
http://img294.imageshack.us/img294/9093/ghjuo3.jpg

:/