Command Service e spyware....aiutoooo!!!!

baycoreano · 20-03-2006, 18:04

Aiuto ragazzi... ho formattato il pc,e nel periodo in cui sono rimasto senza antivirus secondo me ho preso una brutta bestia, command service. Faccio la scanzione con spybot, lo rilevo e lo elimino, ma al momento di riaccedere al sistema lo ritrovo sempre li' a dare fastidio, per non parlare delle 1000 finestre che si aprono mentre navigo in Intrnet. Mi aiutate per favore, non vorrei formattare di nuovo!!!
Vi posto il log di Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 18.57.48, on 20/03/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\Explorer.EXE
C:\sdkhj.exe
C:\WINDOWS\System32\Sygate.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\Softwin\BitDefender8\bdmcon.exe
C:\Programmi\Softwin\BitDefender8\bdnagent.exe
C:\WINDOWS\System32\lsass_322.exe
C:\windows\mousepad4.exe
C:\Programmi\webHancer\Programs\whagent.exe
C:\Programmi\webHancer\Programs\whsurvey.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\newfrn.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\devldr32.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Nello\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS\DH.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Programmi\webHancer\programs\whiehlpr.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [mdc] C:\sdkhj.exe
O4 - HKLM\..\Run: [Microsoft Update] Sygate.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programmi\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [zpfq32] lsass_322.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard4.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad4.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname4.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Programmi\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Programmi\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NewFrn] C:\WINDOWS\newfrn.exe
O4 - HKLM\..\RunServices: [Microsoft Update] Sygate.exe
O4 - HKLM\..\RunServices: [zpfq32] lsass_322.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Run Service Vxdrun] vxddirectx32.exe
O4 - HKCU\..\Run: [Microsoft Update] Sygate.exe
O4 - HKCU\..\Run: [MS Windows System Alert] MSWSA32.exe
O4 - HKCU\..\Run: [MS Windows Local Directory] MSWLD32.exe
O4 - HKCU\..\RunServices: [Run Service Vxdrun] vxddirectx32.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C7C7DC7-C2BC-4C87-893B-CDFF6E596BF2}: NameServer = 85.37.17.9 85.38.28.75
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: RunOnceEx - C:\WINDOWS\system32\uitheme.dll
O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\m0ju0a19ed.dll (file missing)
O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINDOWS\System32\wuapi.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: Defragmentation Management Handler (FAT Defragmentation) - Unknown owner - C:\WINDOWS\System32\dfrgfat32.exe
O23 - Service: Msn Service (MSNSVC) - Unknown owner - C:\WINDOWS\msnsrv.exe (file missing)
O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing)
O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

andorra24 · 20-03-2006, 18:08

Ciao, posta il log nell'apposito thread in rilievo cosi te lo analizzo con calma.
Questo thread lo chiuderanno sicuramente.

baycoreano · 20-03-2006, 19:19

Qual'è il thread in rilievo. Quello ufficiale di Hijackthis??

Psycho9 · 20-03-2006, 19:22

Vai quì:

http://hijackthis.de/

andorra24 · 20-03-2006, 19:24

Quote:

Originariamente inviato da baycoreano

Qual'è il thread in rilievo. Quello ufficiale di Hijackthis??

E' il thread ufficiale di hijackthis. Posta il log cosi ti dico cosa devi eliminare.

http://www.hwupgrade.it/forum/showth...&goto=lastpost

baycoreano · 20-03-2006, 19:44

Sono andato all'indirizzo che mi hai dato, ho analizzato il log di hijackthis e mi ha riscontrato tanti errori( file sospetti).Ti riposto il log, così mi dici anche come devo operare per eliminare i file:

Logfile of HijackThis v1.99.1
Scan saved at 18.57.48, on 20/03/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\Explorer.EXE
C:\sdkhj.exe
C:\WINDOWS\System32\Sygate.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\Softwin\BitDefender8\bdmcon.exe
C:\Programmi\Softwin\BitDefender8\bdnagent.exe
C:\WINDOWS\System32\lsass_322.exe
C:\windows\mousepad4.exe
C:\Programmi\webHancer\Programs\whagent.exe
C:\Programmi\webHancer\Programs\whsurvey.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\newfrn.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\devldr32.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Nello\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS\DH.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Programmi\webHancer\programs\whiehlpr.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [mdc] C:\sdkhj.exe
O4 - HKLM\..\Run: [Microsoft Update] Sygate.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programmi\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [zpfq32] lsass_322.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard4.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad4.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname4.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Programmi\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Programmi\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NewFrn] C:\WINDOWS\newfrn.exe
O4 - HKLM\..\RunServices: [Microsoft Update] Sygate.exe
O4 - HKLM\..\RunServices: [zpfq32] lsass_322.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Run Service Vxdrun] vxddirectx32.exe
O4 - HKCU\..\Run: [Microsoft Update] Sygate.exe
O4 - HKCU\..\Run: [MS Windows System Alert] MSWSA32.exe
O4 - HKCU\..\Run: [MS Windows Local Directory] MSWLD32.exe
O4 - HKCU\..\RunServices: [Run Service Vxdrun] vxddirectx32.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C7C7DC7-C2BC-4C87-893B-CDFF6E596BF2}: NameServer = 85.37.17.9 85.38.28.75
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: RunOnceEx - C:\WINDOWS\system32\uitheme.dll
O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\m0ju0a19ed.dll (file missing)
O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINDOWS\System32\wuapi.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: Defragmentation Management Handler (FAT Defragmentation) - Unknown owner - C:\WINDOWS\System32\dfrgfat32.exe
O23 - Service: Msn Service (MSNSVC) - Unknown owner - C:\WINDOWS\msnsrv.exe (file missing)
O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing)
O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

andorra24 · 20-03-2006, 19:47

baycoreano ti avevo detto di postare il log di hijackthis nel thread ufficiale in rilievo.

http://www.hwupgrade.it/forum/showth...&goto=lastpost

andorra24 · 20-03-2006, 20:06

Visto che hai molta difficolta' a postare il log di hijackthis nell'apposito thread in rilievo per questa volta te lo analizzo in questo thread SPERANDO CHE I MODERATORI non lo chiudano (dopo la fatica che ho fatto).

Fixa:

C:\sdkhj.exe
C:\WINDOWS\System32\Sygate.exe
C:\WINDOWS\System32\lsass_322.exe
C:\windows\mousepad4.exe
C:\Programmi\webHancer\Programs\whagent.exe
C:\Programmi\webHancer\Programs\whsurvey.exe
C:\WINDOWS\newfrn.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS\DH.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Programmi\webHancer\programs\whiehlpr.dll
O4 - HKLM\..\Run: [mdc] C:\sdkhj.exe
O4 - HKLM\..\Run: [Microsoft Update] Sygate.exe
O4 - HKLM\..\Run: [zpfq32] lsass_322.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard4.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad4.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname4.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Programmi\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Programmi\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [NewFrn] C:\WINDOWS\newfrn.exe
O4 - HKLM\..\RunServices: [Microsoft Update] Sygate.exe
O4 - HKLM\..\RunServices: [zpfq32] lsass_322.exe
O4 - HKCU\..\Run: [Run Service Vxdrun] vxddirectx32.exe
O4 - HKCU\..\Run: [Microsoft Update] Sygate.exe
O4 - HKCU\..\Run: [MS Windows System Alert] MSWSA32.exe
O4 - HKCU\..\Run: [MS Windows Local Directory] MSWLD32.exe
O4 - HKCU\..\RunServices: [Run Service Vxdrun] vxddirectx32.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CAB
O20 - Winlogon Notify: RunOnceEx - C:\WINDOWS\system32\uitheme.dll
O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\m0ju0a19ed.dll (file missing)
O23 - Service: Defragmentation Management Handler (FAT Defragmentation) - Unknown owner - C:\WINDOWS\System32\dfrgfat32.exe
O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINDOWS\System32\wuapi.exe (file missing)
O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing)
O23 - Service: Msn Service (MSNSVC) - Unknown owner - C:\WINDOWS\msnsrv.exe (file missing)
O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe (file missing)

baycoreano · 20-03-2006, 22:46

Ho fixato gli elementi che hai detto, mi ha datto problema solo per 010 WinSock LSP, che mi dice che posso eliminare con SpyBot. Avvio la scansiobe com spybot e mi trova ancora delle voci:

-Smitfraud-C

Eseguibile
c:\MTE3NDI60DoxNg.exe

Dati
c:\windows\teller2.chk

Dati
c:windows\drsmartload2.dat

Eseguibile
c:\drsmartload1.exe

Impostazioni
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\.........

Impostazioni
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\.......

Impostazioni
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\drsmartload2

-webHancer

<$WINSOCK>
webHancer

Assistente del Browser(BHO)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CurrentVersion\Explorer\Browser Helper Object\..........

Classe radice (Root)
HKEY_LOCAL_MACHINE\Software\Classes\WhleHelperObj.WhleHelperObj.1

Classe radice (Root)
HKEY_LOCAL_MACHINE\Software\Classes\WhleHelperObj.WhleHelperObj

ID di classe
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\.........

Impostazioni di disinstallazione
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent

Impostazioni globali
HKEY_LOCAL_MACHINE\Software\webHancer

Interfaccia
HKEY_CLASSES_ROOT\Interface\...............

Libreria dei tipi
HKEY_CLASSES_ROOT\TypeLib\................

-Network Monitor

File di testo
C:\WINDOWS\uninstall_nmon.vbs

Cartella di programma
C:\Programmi\Network Monitor\

Cartella di programma
C:\Documents and Settings\LocalService\Dati applicazioni\NetMon\

Impostazioni di disinstallazione
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\..........

-MediaPlex

Cookie tracciante (Internet Explorer:Nello)
Internet Explorer (Nello): Cookie:nello@mediaplex.com/()

-Deskwizz

Eseguibile
C:\WINDOWS\newfrn.exe

File di cofigurazione
C:\WINDOWS\dh.ini

Libreria
C:\WINDOWS\DH.dll

ID di classe
HKEY_CLASSES_ROOT\CLSID\.............

-CoolWWWSearch

Pagina di ricerca di IE
HKEY_USERSS-1-5-21-1957994488-484763869-10602842298-1003\Software\Microsoft\Internet Explorer\Search\SearchAssistant Explorer\Main\Default_Search_URL=about:blank

-Command Service

Eseguibile
C:\Documents and Settings\Nello\Impostazioni locali\Temp\cmdinst.exe

Impostazioni di disinstallazione
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\..................

Alcune di queste voci non mi erano mai uscite. Ora le ho eliminate e ho corretto gli errori trovati. Ti posto il nuovo log di Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 23.34.23, on 20/03/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\Softwin\BitDefender8\bdmcon.exe
C:\Programmi\Softwin\BitDefender8\bdnagent.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\devldr32.exe
C:\Documents and Settings\Nello\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programmi\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\q0680ajuedo80.dll
O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINDOWS\System32\wuapi.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: Defragmentation Management Handler (FAT Defragmentation) - Unknown owner - C:\WINDOWS\System32\dfrgfat32.exe
O23 - Service: Msn Service (MSNSVC) - Unknown owner - C:\WINDOWS\msnsrv.exe (file missing)
O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Stev-O · 20-03-2006, 22:52

hai fatto anche una scansione con ewido??

andorra24 · 20-03-2006, 22:53

Fixa queste voci:

O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\q0680ajuedo80.dll
O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINDOWS\System32\wuapi.exe (file missing)
O23 - Service: Defragmentation Management Handler (FAT Defragmentation) - Unknown owner - C:\WINDOWS\System32\dfrgfat32.exe
O23 - Service: Msn Service (MSNSVC) - Unknown owner - C:\WINDOWS\msnsrv.exe (file missing)
O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing)

Fai una scansione con questo tool seguendo attentamente le istruzioni:
http://www.bleepingcomputer.com/files/smitRem.php

Stev-O · 20-03-2006, 22:58

mai visto un log da fixare a "passate"

baycoreano · 21-03-2006, 18:59

Ciao ho fixato gli elementi che mi hai indicato, e ho fatto una scansione con smitrem. Ora ti posto il nuovo log di hijackthis, mi sembra che apre ancora le spyware:

Scan saved at 19.50.37, on 21/03/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\Softwin\BitDefender8\bdmcon.exe
C:\Programmi\Softwin\BitDefender8\bdnagent.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\explorer.exe
C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE
C:\Documents and Settings\Nello\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programmi\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C7C7DC7-C2BC-4C87-893B-CDFF6E596BF2}: NameServer = 85.37.17.9 85.38.28.75
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\en2ql1f51.dll
O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINDOWS\System32\wuapi.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: Defragmentation Management Handler (FAT Defragmentation) - Unknown owner - C:\WINDOWS\System32\dfrgfat32.exe
O23 - Service: Msn Service (MSNSVC) - Unknown owner - C:\WINDOWS\msnsrv.exe (file missing)
O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

andorra24 · 21-03-2006, 19:12

Fixa queste:

O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\en2ql1f51.dll
O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINDOWS\System32\wuapi.exe (file missing)
O23 - Service: Defragmentation Management Handler (FAT Defragmentation) - Unknown owner - C:\WINDOWS\System32\dfrgfat32.exe
O23 - Service: Msn Service (MSNSVC) - Unknown owner - C:\WINDOWS\msnsrv.exe (file missing)
O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing)

baycoreano · 21-03-2006, 19:31

Fixato queste voci, ho fatto anche una scansione con Ewido e mi ha trovato 80 file infetti. Ora posto sia il niovo log di hijackthis e sia il log di Ewido:

Logfile of HijackThis v1.99.1
Scan saved at 20.19.41, on 21/03/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\Softwin\BitDefender8\bdmcon.exe
C:\Programmi\Softwin\BitDefender8\bdnagent.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\explorer.exe
C:\Programmi\ewido anti-malware\ewidoguard.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nello\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programmi\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C7C7DC7-C2BC-4C87-893B-CDFF6E596BF2}: NameServer = 85.37.17.9 85.38.28.75
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\en2ql1f51.dll
O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINDOWS\System32\wuapi.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido anti-malware\ewidoguard.exe
O23 - Service: Defragmentation Management Handler (FAT Defragmentation) - Unknown owner - C:\WINDOWS\System32\dfrgfat32.exe
O23 - Service: Msn Service (MSNSVC) - Unknown owner - C:\WINDOWS\msnsrv.exe (file missing)
O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

EWIDO

---------------------------------------------------------
ewido anti-malware - Rapporto Scansione
---------------------------------------------------------

+ Creato il: 20.14.49, 21/03/2006
+ Report-Checksum: 614A8A4A

+ Risultati scansione:

[1016] C:\WINDOWS\system32\vfrifier.dll -> Adware.Look2Me : Errore durante la pulizia
[1992] C:\WINDOWS\system32\vfrifier.dll -> Adware.Look2Me : Errore durante la pulizia
C:\argc.exe -> Downloader.Adload.t : Pulito con Backup
C:\Documents and Settings\Nello\Cookies\nello@2o7[2].txt -> TrackingCookie.2o7 : Pulito con Backup
C:\Documents and Settings\Nello\Cookies\nello@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Pulito con Backup
C:\Documents and Settings\Nello\Cookies\nello@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Pulito con Backup
C:\Documents and Settings\Nello\Cookies\nello@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Pulito con Backup
C:\Documents and Settings\Nello\Cookies\nello@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Pulito con Backup
C:\Documents and Settings\Nello\Cookies\nello@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : Pulito con Backup
C:\Documents and Settings\Nello\Cookies\nello@ilead.itrack[1].txt -> TrackingCookie.Itrack : Pulito con Backup
C:\Documents and Settings\Nello\Cookies\nello@media.top-banners[1].txt -> TrackingCookie.Top-banners : Pulito con Backup
C:\Documents and Settings\Nello\Cookies\nello@overture[1].txt -> TrackingCookie.Overture : Pulito con Backup
C:\Documents and Settings\Nello\Cookies\nello@project2.realtracker[2].txt -> TrackingCookie.Realtracker : Pulito con Backup
C:\Documents and Settings\Nello\Cookies\nello@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Pulito con Backup
C:\Documents and Settings\Nello\Cookies\nello@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Pulito con Backup
C:\Documents and Settings\Nello\Cookies\nello@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Pulito con Backup
C:\Documents and Settings\Nello\Cookies\nello@vip.clickzs[2].txt -> TrackingCookie.Clickzs : Pulito con Backup
C:\Documents and Settings\Nello\Cookies\nello@vip2.clickzs[2].txt -> TrackingCookie.Clickzs : Pulito con Backup
C:\Documents and Settings\Nello\Cookies\nello@www.adtrak[1].txt -> TrackingCookie.Adtrak : Pulito con Backup
C:\Documents and Settings\Nello\Cookies\nello@www.popuptraffic[2].txt -> TrackingCookie.Popuptraffic : Pulito con Backup
C:\Documents and Settings\Nello\Cookies\nello@xxxcounter[2].txt -> TrackingCookie.Xxxcounter : Pulito con Backup
:mozilla.12:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Cpvfeed : Pulito con Backup
:mozilla.24:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Revenue : Pulito con Backup
:mozilla.28:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Zedo : Pulito con Backup
:mozilla.29:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Zedo : Pulito con Backup
:mozilla.30:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Zedo : Pulito con Backup
:mozilla.31:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Zedo : Pulito con Backup
:mozilla.32:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Zedo : Pulito con Backup
:mozilla.33:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Yieldmanager : Pulito con Backup
:mozilla.34:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Yieldmanager : Pulito con Backup
:mozilla.35:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Yieldmanager : Pulito con Backup
:mozilla.44:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Reliablestats : Pulito con Backup
:mozilla.45:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Reliablestats : Pulito con Backup
:mozilla.46:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Reliablestats : Pulito con Backup
:mozilla.47:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Reliablestats : Pulito con Backup
:mozilla.48:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Reliablestats : Pulito con Backup
:mozilla.49:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Reliablestats : Pulito con Backup
:mozilla.50:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Reliablestats : Pulito con Backup
:mozilla.51:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Reliablestats : Pulito con Backup
:mozilla.52:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Reliablestats : Pulito con Backup
:mozilla.53:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Reliablestats : Pulito con Backup
:mozilla.54:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Reliablestats : Pulito con Backup
C:\Documents and Settings\Nello\Desktop\hijackthis\backups\backup-20060320-225143-487.dll -> Dialer.VB.j : Pulito con Backup
C:\Documents and Settings\Nello\zikra.exe -> Downloader.Adload.t : Pulito con Backup
C:\Programmi\webHancer\Programs\webhdll.dll -> Adware.WebHancer : Pulito con Backup
C:\Programmi\webHancer\Programs\whagent.exe -> Adware.WebHancer : Pulito con Backup
C:\Programmi\webHancer\Programs\whiehlpr.dll -> Adware.WebHancer : Pulito con Backup
C:\Programmi\webHancer\Programs\whsurvey.exe -> Adware.WebHancer : Pulito con Backup
C:\Programmi\whInstall -> Adware.Webhancer : Pulito con Backup
C:\Programmi\whInstall\license.txt -> Adware.Webhancer : Pulito con Backup
C:\Programmi\whInstall\readme.txt -> Adware.Webhancer : Pulito con Backup
C:\Programmi\whInstall\whAgent.ini -> Adware.Webhancer : Pulito con Backup
C:\WHCC2.exe/whAgent.exe -> Adware.WebHancer : Pulito con Backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERST_0001_N68M0602NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Pulito con Backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UERST_0001_N68M0602NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Pulito con Backup
C:\WINDOWS\Downloaded Program Files\UERST_0001_N68M0602NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Pulito con Backup
C:\WINDOWS\system32\a.exe -> Backdoor.SdBot.aad : Pulito con Backup
C:\WINDOWS\system32\ad.html -> Hijacker.Agent.e : Pulito con Backup
C:\WINDOWS\system32\asvpack.dll -> Adware.Look2Me : Pulito con Backup
C:\WINDOWS\system32\cndial32.dll -> Adware.Look2Me : Pulito con Backup
C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\0T6ROX67\rp5[1].exe -> Backdoor.SdBot.aad : Pulito con Backup
C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\0T6ROX67\rp5[2].exe -> Backdoor.SdBot.aad : Pulito con Backup
C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\K9Y3WPUF\drsmartload556a[1].exe -> Downloader.Adload.t : Pulito con Backup
C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\K9Y3WPUF\drsmartload[1].exe -> Downloader.Adload.u : Pulito con Backup
C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\SL6V0XIF\rp5[2].exe -> Backdoor.SdBot.aad : Pulito con Backup
C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\SL6V0XIF\winsysban12[1].exe -> Hijacker.VB.li : Pulito con Backup
C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\SLA78PMB\rp5[1].exe -> Backdoor.SdBot.aad : Pulito con Backup
C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\SLA78PMB\rp5[2].exe -> Backdoor.SdBot.aad : Pulito con Backup
C:\WINDOWS\system32\guard.tmp -> Adware.Look2Me : Pulito con Backup
C:\WINDOWS\system32\mZg_hook.dll -> Adware.Look2Me : Pulito con Backup
C:\WINDOWS\system32\mzxoci.dll -> Adware.Look2Me : Pulito con Backup
C:\WINDOWS\system32\tHpi32.dll -> Adware.Look2Me : Pulito con Backup
C:\WINDOWS\system32\winabra.exe -> Heuristic.Win32.Morphine-Crypted : Pulito con Backup
C:\WINDOWS\system32\wzppmht.exe -> Dropper.Paradrop.a : Pulito con Backup
C:\WINDOWS\system32\zikra.exe -> Downloader.Adload.t : Pulito con Backup
C:\WINDOWS\system32\__delete_on_reboot__vfrifier.dll -> Adware.Look2Me : Pulito con Backup
C:\WINDOWS\THVjaWFubw\asappsrv.dll -> Adware.CommAd : Pulito con Backup
C:\WINDOWS\THVjaWFubw\command.exe -> Adware.CommAd : Pulito con Backup
C:\WINDOWS\wallpap.exe -> Hijacker.Agent.gp : Pulito con Backup
C:\winsysban12.exe -> Hijacker.VB.li : Pulito con Backup

::Fine Rapportoਊ

Ma non è che queste operazioni devo farle in modalità provvisoria???

andorra24 · 21-03-2006, 19:39

Ewido ti ha trovato tantissime infezioni, avevi il pc davvero molto inquinato. Ci sono alcune voci del log di hijackthis che devi fixare in modalita' provvisoria dopo aver disattivato il ripristino di sistema e sono queste:

O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\en2ql1f51.dll
O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINDOWS\System32\wuapi.exe (file missing)
O23 - Service: Defragmentation Management Handler (FAT Defragmentation) - Unknown owner - C:\WINDOWS\System32\dfrgfat32.exe
O23 - Service: Msn Service (MSNSVC) - Unknown owner - C:\WINDOWS\msnsrv.exe (file missing)
O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing)

Per disattivare il ripristino di sistema segui le istruzioni:
http://service1.symantec.com/SUPPORT...20823151930924

Per andare in modalita' provvisoria:
http://service1.symantec.com/SUPPORT...20722090503924

ps: gia' che vai in modalita' provvisoria ripeti anche la scansione con ewido.

baycoreano · 21-03-2006, 21:59

Sono andato in modalità provvisoria, ma hijackthis non lo trovo, come mai?? La scansione la faccio solo con Ewido??

andorra24 · 21-03-2006, 22:07

Quote:

Originariamente inviato da baycoreano

Sono andato in modalità provvisoria, ma hijackthis non lo trovo, come mai?? La scansione la faccio solo con Ewido??

In che senso non lo trovi?

In qualche cartella deve esserci per forza, cercalo meglio. Ci sono quelle voci del log che vanno fixate. Se non riesci in modalita' normale devi insistere in mod.provvisoria. Inoltre ripeti la scansione con ewido sempre in mod.provvisoria.

Stev-O · 21-03-2006, 22:09

ma è sempre lo stesso log di ieri???

andorra24 · 21-03-2006, 22:14

Quote:

Originariamente inviato da Stev-O

ma è sempre lo stesso log di ieri???

Si, era pieno zeppo di malwares.

20-03-2006, 18:04	#1
baycoreano Member Iscritto dal: Feb 2006 Città: Salerno Messaggi: 55	Command Service e spyware....aiutoooo!!!! Aiuto ragazzi... ho formattato il pc,e nel periodo in cui sono rimasto senza antivirus secondo me ho preso una brutta bestia, command service. Faccio la scanzione con spybot, lo rilevo e lo elimino, ma al momento di riaccedere al sistema lo ritrovo sempre li' a dare fastidio, per non parlare delle 1000 finestre che si aprono mentre navigo in Intrnet. Mi aiutate per favore, non vorrei formattare di nuovo!!! Vi posto il log di Hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 18.57.48, on 20/03/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Programmi\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe C:\WINDOWS\Explorer.EXE C:\sdkhj.exe C:\WINDOWS\System32\Sygate.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Programmi\Softwin\BitDefender8\bdmcon.exe C:\Programmi\Softwin\BitDefender8\bdnagent.exe C:\WINDOWS\System32\lsass_322.exe C:\windows\mousepad4.exe C:\Programmi\webHancer\Programs\whagent.exe C:\Programmi\webHancer\Programs\whsurvey.exe C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\newfrn.exe C:\WINDOWS\System32\ctfmon.exe C:\Programmi\Messenger\msmsgs.exe C:\Programmi\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\System32\devldr32.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Nello\Desktop\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS\DH.dll O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Programmi\webHancer\programs\whiehlpr.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [mdc] C:\sdkhj.exe O4 - HKLM\..\Run: [Microsoft Update] Sygate.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender8\bdmcon.exe" O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programmi\Softwin\BitDefender8\bdnagent.exe" O4 - HKLM\..\Run: [zpfq32] lsass_322.exe O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard4.exe O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad4.exe O4 - HKLM\..\Run: [newname] C:\windows\newname4.exe O4 - HKLM\..\Run: [webHancer Agent] C:\Programmi\webHancer\Programs\whagent.exe O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Programmi\webHancer\Programs\whsurvey.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [NewFrn] C:\WINDOWS\newfrn.exe O4 - HKLM\..\RunServices: [Microsoft Update] Sygate.exe O4 - HKLM\..\RunServices: [zpfq32] lsass_322.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Run Service Vxdrun] vxddirectx32.exe O4 - HKCU\..\Run: [Microsoft Update] Sygate.exe O4 - HKCU\..\Run: [MS Windows System Alert] MSWSA32.exe O4 - HKCU\..\Run: [MS Windows Local Directory] MSWLD32.exe O4 - HKCU\..\RunServices: [Run Service Vxdrun] vxddirectx32.exe O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CAB O17 - HKLM\System\CCS\Services\Tcpip\..\{5C7C7DC7-C2BC-4C87-893B-CDFF6E596BF2}: NameServer = 85.37.17.9 85.38.28.75 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: RunOnceEx - C:\WINDOWS\system32\uitheme.dll O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\m0ju0a19ed.dll (file missing) O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINDOWS\System32\wuapi.exe (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe O23 - Service: Defragmentation Management Handler (FAT Defragmentation) - Unknown owner - C:\WINDOWS\System32\dfrgfat32.exe O23 - Service: Msn Service (MSNSVC) - Unknown owner - C:\WINDOWS\msnsrv.exe (file missing) O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing) O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

20-03-2006, 18:08	#2
andorra24 Senior Member Iscritto dal: May 2005 Città: Palermo Messaggi: 6390	Ciao, posta il log nell'apposito thread in rilievo cosi te lo analizzo con calma. Questo thread lo chiuderanno sicuramente. Ultima modifica di andorra24 : 20-03-2006 alle 18:29.

20-03-2006, 22:52	#10
Stev-O Senior Member Iscritto dal: Sep 2005 Città: Opinions are like assholes: anybody has one... Messaggi: 34290	hai fatto anche una scansione con ewido?? __________________ Ну давай !! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Cina, bugiardo - stolen conto: non paghi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . *NON CERCO PIU' UN ALIMENTATORE DECENTE ----------------> LINK*

20-03-2006, 22:58	#12
Stev-O Senior Member Iscritto dal: Sep 2005 Città: Opinions are like assholes: anybody has one... Messaggi: 34290	mai visto un log da fixare a "passate" __________________ Ну давай !! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Cina, bugiardo - stolen conto: non paghi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . *NON CERCO PIU' UN ALIMENTATORE DECENTE ----------------> LINK*

21-03-2006, 22:09	#19
Stev-O Senior Member Iscritto dal: Sep 2005 Città: Opinions are like assholes: anybody has one... Messaggi: 34290	ma è sempre lo stesso log di ieri??? __________________ Ну давай !! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Cina, bugiardo - stolen conto: non paghi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . *NON CERCO PIU' UN ALIMENTATORE DECENTE ----------------> LINK*

20-03-2006, 19:19	#3
baycoreano Member Iscritto dal: Feb 2006 Città: Salerno Messaggi: 55	Qual'è il thread in rilievo. Quello ufficiale di Hijackthis??

20-03-2006, 19:22	#4
Psycho9 Member Iscritto dal: Jan 2006 Messaggi: 135	Vai quì: http://hijackthis.de/

20-03-2006, 19:44	#6
baycoreano Member Iscritto dal: Feb 2006 Città: Salerno Messaggi: 55	Sono andato all'indirizzo che mi hai dato, ho analizzato il log di hijackthis e mi ha riscontrato tanti errori( file sospetti).Ti riposto il log, così mi dici anche come devo operare per eliminare i file: Logfile of HijackThis v1.99.1 Scan saved at 18.57.48, on 20/03/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Programmi\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe C:\WINDOWS\Explorer.EXE C:\sdkhj.exe C:\WINDOWS\System32\Sygate.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Programmi\Softwin\BitDefender8\bdmcon.exe C:\Programmi\Softwin\BitDefender8\bdnagent.exe C:\WINDOWS\System32\lsass_322.exe C:\windows\mousepad4.exe C:\Programmi\webHancer\Programs\whagent.exe C:\Programmi\webHancer\Programs\whsurvey.exe C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\newfrn.exe C:\WINDOWS\System32\ctfmon.exe C:\Programmi\Messenger\msmsgs.exe C:\Programmi\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\System32\devldr32.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Nello\Desktop\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS\DH.dll O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Programmi\webHancer\programs\whiehlpr.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [mdc] C:\sdkhj.exe O4 - HKLM\..\Run: [Microsoft Update] Sygate.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender8\bdmcon.exe" O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programmi\Softwin\BitDefender8\bdnagent.exe" O4 - HKLM\..\Run: [zpfq32] lsass_322.exe O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard4.exe O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad4.exe O4 - HKLM\..\Run: [newname] C:\windows\newname4.exe O4 - HKLM\..\Run: [webHancer Agent] C:\Programmi\webHancer\Programs\whagent.exe O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Programmi\webHancer\Programs\whsurvey.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [NewFrn] C:\WINDOWS\newfrn.exe O4 - HKLM\..\RunServices: [Microsoft Update] Sygate.exe O4 - HKLM\..\RunServices: [zpfq32] lsass_322.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Run Service Vxdrun] vxddirectx32.exe O4 - HKCU\..\Run: [Microsoft Update] Sygate.exe O4 - HKCU\..\Run: [MS Windows System Alert] MSWSA32.exe O4 - HKCU\..\Run: [MS Windows Local Directory] MSWLD32.exe O4 - HKCU\..\RunServices: [Run Service Vxdrun] vxddirectx32.exe O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CAB O17 - HKLM\System\CCS\Services\Tcpip\..\{5C7C7DC7-C2BC-4C87-893B-CDFF6E596BF2}: NameServer = 85.37.17.9 85.38.28.75 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: RunOnceEx - C:\WINDOWS\system32\uitheme.dll O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\m0ju0a19ed.dll (file missing) O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINDOWS\System32\wuapi.exe (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe O23 - Service: Defragmentation Management Handler (FAT Defragmentation) - Unknown owner - C:\WINDOWS\System32\dfrgfat32.exe O23 - Service: Msn Service (MSNSVC) - Unknown owner - C:\WINDOWS\msnsrv.exe (file missing) O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing) O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

20-03-2006, 19:47	#7
andorra24 Senior Member Iscritto dal: May 2005 Città: Palermo Messaggi: 6390	baycoreano ti avevo detto di postare il log di hijackthis nel thread ufficiale in rilievo. http://www.hwupgrade.it/forum/showth...&goto=lastpost

20-03-2006, 20:06	#8
andorra24 Senior Member Iscritto dal: May 2005 Città: Palermo Messaggi: 6390	Visto che hai molta difficolta' a postare il log di hijackthis nell'apposito thread in rilievo per questa volta te lo analizzo in questo thread SPERANDO CHE I MODERATORI non lo chiudano (dopo la fatica che ho fatto). Fixa: C:\sdkhj.exe C:\WINDOWS\System32\Sygate.exe C:\WINDOWS\System32\lsass_322.exe C:\windows\mousepad4.exe C:\Programmi\webHancer\Programs\whagent.exe C:\Programmi\webHancer\Programs\whsurvey.exe C:\WINDOWS\newfrn.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS\DH.dll O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Programmi\webHancer\programs\whiehlpr.dll O4 - HKLM\..\Run: [mdc] C:\sdkhj.exe O4 - HKLM\..\Run: [Microsoft Update] Sygate.exe O4 - HKLM\..\Run: [zpfq32] lsass_322.exe O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard4.exe O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad4.exe O4 - HKLM\..\Run: [newname] C:\windows\newname4.exe O4 - HKLM\..\Run: [webHancer Agent] C:\Programmi\webHancer\Programs\whagent.exe O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Programmi\webHancer\Programs\whsurvey.exe O4 - HKLM\..\Run: [NewFrn] C:\WINDOWS\newfrn.exe O4 - HKLM\..\RunServices: [Microsoft Update] Sygate.exe O4 - HKLM\..\RunServices: [zpfq32] lsass_322.exe O4 - HKCU\..\Run: [Run Service Vxdrun] vxddirectx32.exe O4 - HKCU\..\Run: [Microsoft Update] Sygate.exe O4 - HKCU\..\Run: [MS Windows System Alert] MSWSA32.exe O4 - HKCU\..\Run: [MS Windows Local Directory] MSWLD32.exe O4 - HKCU\..\RunServices: [Run Service Vxdrun] vxddirectx32.exe O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CAB O20 - Winlogon Notify: RunOnceEx - C:\WINDOWS\system32\uitheme.dll O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\m0ju0a19ed.dll (file missing) O23 - Service: Defragmentation Management Handler (FAT Defragmentation) - Unknown owner - C:\WINDOWS\System32\dfrgfat32.exe O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINDOWS\System32\wuapi.exe (file missing) O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing) O23 - Service: Msn Service (MSNSVC) - Unknown owner - C:\WINDOWS\msnsrv.exe (file missing) O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe (file missing)

20-03-2006, 22:46	#9
baycoreano Member Iscritto dal: Feb 2006 Città: Salerno Messaggi: 55	Ho fixato gli elementi che hai detto, mi ha datto problema solo per 010 WinSock LSP, che mi dice che posso eliminare con SpyBot. Avvio la scansiobe com spybot e mi trova ancora delle voci: -Smitfraud-C Eseguibile c:\MTE3NDI60DoxNg.exe Dati c:\windows\teller2.chk Dati c:windows\drsmartload2.dat Eseguibile c:\drsmartload1.exe Impostazioni HKEY_LOCAL_MACHINE\SOFTWARE\Policies\......... Impostazioni HKEY_LOCAL_MACHINE\SOFTWARE\Policies\....... Impostazioni HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\drsmartload2 -webHancer <$WINSOCK> webHancer Assistente del Browser(BHO) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CurrentVersion\Explorer\Browser Helper Object\.......... Classe radice (Root) HKEY_LOCAL_MACHINE\Software\Classes\WhleHelperObj.WhleHelperObj.1 Classe radice (Root) HKEY_LOCAL_MACHINE\Software\Classes\WhleHelperObj.WhleHelperObj ID di classe HKEY_LOCAL_MACHINE\Software\Classes\CLSID\......... Impostazioni di disinstallazione HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent Impostazioni globali HKEY_LOCAL_MACHINE\Software\webHancer Interfaccia HKEY_CLASSES_ROOT\Interface\............... Libreria dei tipi HKEY_CLASSES_ROOT\TypeLib\................ -Network Monitor File di testo C:\WINDOWS\uninstall_nmon.vbs Cartella di programma C:\Programmi\Network Monitor\ Cartella di programma C:\Documents and Settings\LocalService\Dati applicazioni\NetMon\ Impostazioni di disinstallazione HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\.......... -MediaPlex Cookie tracciante (Internet Explorer:Nello) Internet Explorer (Nello): Cookie:nello@mediaplex.com/() -Deskwizz Eseguibile C:\WINDOWS\newfrn.exe File di cofigurazione C:\WINDOWS\dh.ini Libreria C:\WINDOWS\DH.dll ID di classe HKEY_CLASSES_ROOT\CLSID\............. -CoolWWWSearch Pagina di ricerca di IE HKEY_USERSS-1-5-21-1957994488-484763869-10602842298-1003\Software\Microsoft\Internet Explorer\Search\SearchAssistant Explorer\Main\Default_Search_URL=about:blank -Command Service Eseguibile C:\Documents and Settings\Nello\Impostazioni locali\Temp\cmdinst.exe Impostazioni di disinstallazione HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\.................. Alcune di queste voci non mi erano mai uscite. Ora le ho eliminate e ho corretto gli errori trovati. Ti posto il nuovo log di Hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 23.34.23, on 20/03/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Programmi\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Programmi\Softwin\BitDefender8\bdmcon.exe C:\Programmi\Softwin\BitDefender8\bdnagent.exe C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\System32\ctfmon.exe C:\Programmi\Messenger\msmsgs.exe C:\Programmi\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\System32\devldr32.exe C:\Documents and Settings\Nello\Desktop\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender8\bdmcon.exe" O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programmi\Softwin\BitDefender8\bdnagent.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\q0680ajuedo80.dll O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINDOWS\System32\wuapi.exe (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe O23 - Service: Defragmentation Management Handler (FAT Defragmentation) - Unknown owner - C:\WINDOWS\System32\dfrgfat32.exe O23 - Service: Msn Service (MSNSVC) - Unknown owner - C:\WINDOWS\msnsrv.exe (file missing) O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

20-03-2006, 22:53	#11
andorra24 Senior Member Iscritto dal: May 2005 Città: Palermo Messaggi: 6390	Fixa queste voci: O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\q0680ajuedo80.dll O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINDOWS\System32\wuapi.exe (file missing) O23 - Service: Defragmentation Management Handler (FAT Defragmentation) - Unknown owner - C:\WINDOWS\System32\dfrgfat32.exe O23 - Service: Msn Service (MSNSVC) - Unknown owner - C:\WINDOWS\msnsrv.exe (file missing) O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing) Fai una scansione con questo tool seguendo attentamente le istruzioni: http://www.bleepingcomputer.com/files/smitRem.php

21-03-2006, 18:59	#13
baycoreano Member Iscritto dal: Feb 2006 Città: Salerno Messaggi: 55	Ciao ho fixato gli elementi che mi hai indicato, e ho fatto una scansione con smitrem. Ora ti posto il nuovo log di hijackthis, mi sembra che apre ancora le spyware: Scan saved at 19.50.37, on 21/03/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Programmi\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Programmi\Softwin\BitDefender8\bdmcon.exe C:\Programmi\Softwin\BitDefender8\bdnagent.exe C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\System32\ctfmon.exe C:\Programmi\Messenger\msmsgs.exe C:\Programmi\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\System32\devldr32.exe C:\WINDOWS\explorer.exe C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE C:\Documents and Settings\Nello\Desktop\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender8\bdmcon.exe" O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programmi\Softwin\BitDefender8\bdnagent.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O17 - HKLM\System\CCS\Services\Tcpip\..\{5C7C7DC7-C2BC-4C87-893B-CDFF6E596BF2}: NameServer = 85.37.17.9 85.38.28.75 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\en2ql1f51.dll O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINDOWS\System32\wuapi.exe (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe O23 - Service: Defragmentation Management Handler (FAT Defragmentation) - Unknown owner - C:\WINDOWS\System32\dfrgfat32.exe O23 - Service: Msn Service (MSNSVC) - Unknown owner - C:\WINDOWS\msnsrv.exe (file missing) O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

21-03-2006, 19:12	#14
andorra24 Senior Member Iscritto dal: May 2005 Città: Palermo Messaggi: 6390	Fixa queste: O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\en2ql1f51.dll O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINDOWS\System32\wuapi.exe (file missing) O23 - Service: Defragmentation Management Handler (FAT Defragmentation) - Unknown owner - C:\WINDOWS\System32\dfrgfat32.exe O23 - Service: Msn Service (MSNSVC) - Unknown owner - C:\WINDOWS\msnsrv.exe (file missing) O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing)

21-03-2006, 19:31	#15
baycoreano Member Iscritto dal: Feb 2006 Città: Salerno Messaggi: 55	Fixato queste voci, ho fatto anche una scansione con Ewido e mi ha trovato 80 file infetti. Ora posto sia il niovo log di hijackthis e sia il log di Ewido: Logfile of HijackThis v1.99.1 Scan saved at 20.19.41, on 21/03/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Programmi\Softwin\BitDefender8\bdmcon.exe C:\Programmi\Softwin\BitDefender8\bdnagent.exe C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\System32\ctfmon.exe C:\Programmi\Messenger\msmsgs.exe C:\Programmi\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\System32\devldr32.exe C:\WINDOWS\explorer.exe C:\Programmi\ewido anti-malware\ewidoguard.exe C:\Programmi\ewido anti-malware\ewidoctrl.exe C:\Programmi\Mozilla Firefox\firefox.exe C:\Documents and Settings\Nello\Desktop\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender8\bdmcon.exe" O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programmi\Softwin\BitDefender8\bdnagent.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O17 - HKLM\System\CCS\Services\Tcpip\..\{5C7C7DC7-C2BC-4C87-893B-CDFF6E596BF2}: NameServer = 85.37.17.9 85.38.28.75 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\en2ql1f51.dll O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINDOWS\System32\wuapi.exe (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido anti-malware\ewidoguard.exe O23 - Service: Defragmentation Management Handler (FAT Defragmentation) - Unknown owner - C:\WINDOWS\System32\dfrgfat32.exe O23 - Service: Msn Service (MSNSVC) - Unknown owner - C:\WINDOWS\msnsrv.exe (file missing) O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) EWIDO --------------------------------------------------------- ewido anti-malware - Rapporto Scansione --------------------------------------------------------- + Creato il: 20.14.49, 21/03/2006 + Report-Checksum: 614A8A4A + Risultati scansione: [1016] C:\WINDOWS\system32\vfrifier.dll -> Adware.Look2Me : Errore durante la pulizia [1992] C:\WINDOWS\system32\vfrifier.dll -> Adware.Look2Me : Errore durante la pulizia C:\argc.exe -> Downloader.Adload.t : Pulito con Backup C:\Documents and Settings\Nello\Cookies\nello@2o7[2].txt -> TrackingCookie.2o7 : Pulito con Backup C:\Documents and Settings\Nello\Cookies\nello@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Pulito con Backup C:\Documents and Settings\Nello\Cookies\nello@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Pulito con Backup C:\Documents and Settings\Nello\Cookies\nello@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Pulito con Backup C:\Documents and Settings\Nello\Cookies\nello@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Pulito con Backup C:\Documents and Settings\Nello\Cookies\nello@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : Pulito con Backup C:\Documents and Settings\Nello\Cookies\nello@ilead.itrack[1].txt -> TrackingCookie.Itrack : Pulito con Backup C:\Documents and Settings\Nello\Cookies\nello@media.top-banners[1].txt -> TrackingCookie.Top-banners : Pulito con Backup C:\Documents and Settings\Nello\Cookies\nello@overture[1].txt -> TrackingCookie.Overture : Pulito con Backup C:\Documents and Settings\Nello\Cookies\nello@project2.realtracker[2].txt -> TrackingCookie.Realtracker : Pulito con Backup C:\Documents and Settings\Nello\Cookies\nello@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Pulito con Backup C:\Documents and Settings\Nello\Cookies\nello@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Pulito con Backup C:\Documents and Settings\Nello\Cookies\nello@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Pulito con Backup C:\Documents and Settings\Nello\Cookies\nello@vip.clickzs[2].txt -> TrackingCookie.Clickzs : Pulito con Backup C:\Documents and Settings\Nello\Cookies\nello@vip2.clickzs[2].txt -> TrackingCookie.Clickzs : Pulito con Backup C:\Documents and Settings\Nello\Cookies\nello@www.adtrak[1].txt -> TrackingCookie.Adtrak : Pulito con Backup C:\Documents and Settings\Nello\Cookies\nello@www.popuptraffic[2].txt -> TrackingCookie.Popuptraffic : Pulito con Backup C:\Documents and Settings\Nello\Cookies\nello@xxxcounter[2].txt -> TrackingCookie.Xxxcounter : Pulito con Backup :mozilla.12:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Cpvfeed : Pulito con Backup :mozilla.24:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Revenue : Pulito con Backup :mozilla.28:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Zedo : Pulito con Backup :mozilla.29:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Zedo : Pulito con Backup :mozilla.30:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Zedo : Pulito con Backup :mozilla.31:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Zedo : Pulito con Backup :mozilla.32:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Zedo : Pulito con Backup :mozilla.33:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Yieldmanager : Pulito con Backup :mozilla.34:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Yieldmanager : Pulito con Backup :mozilla.35:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Yieldmanager : Pulito con Backup :mozilla.44:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Reliablestats : Pulito con Backup :mozilla.45:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Reliablestats : Pulito con Backup :mozilla.46:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Reliablestats : Pulito con Backup :mozilla.47:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Reliablestats : Pulito con Backup :mozilla.48:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Reliablestats : Pulito con Backup :mozilla.49:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Reliablestats : Pulito con Backup :mozilla.50:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Reliablestats : Pulito con Backup :mozilla.51:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Reliablestats : Pulito con Backup :mozilla.52:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Reliablestats : Pulito con Backup :mozilla.53:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Reliablestats : Pulito con Backup :mozilla.54:C:\Documents and Settings\Nello\Dati applicazioni\Mozilla\Firefox\Profiles\0u1emfgv.default\cookies.txt -> TrackingCookie.Reliablestats : Pulito con Backup C:\Documents and Settings\Nello\Desktop\hijackthis\backups\backup-20060320-225143-487.dll -> Dialer.VB.j : Pulito con Backup C:\Documents and Settings\Nello\zikra.exe -> Downloader.Adload.t : Pulito con Backup C:\Programmi\webHancer\Programs\webhdll.dll -> Adware.WebHancer : Pulito con Backup C:\Programmi\webHancer\Programs\whagent.exe -> Adware.WebHancer : Pulito con Backup C:\Programmi\webHancer\Programs\whiehlpr.dll -> Adware.WebHancer : Pulito con Backup C:\Programmi\webHancer\Programs\whsurvey.exe -> Adware.WebHancer : Pulito con Backup C:\Programmi\whInstall -> Adware.Webhancer : Pulito con Backup C:\Programmi\whInstall\license.txt -> Adware.Webhancer : Pulito con Backup C:\Programmi\whInstall\readme.txt -> Adware.Webhancer : Pulito con Backup C:\Programmi\whInstall\whAgent.ini -> Adware.Webhancer : Pulito con Backup C:\WHCC2.exe/whAgent.exe -> Adware.WebHancer : Pulito con Backup C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERST_0001_N68M0602NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Pulito con Backup C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UERST_0001_N68M0602NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Pulito con Backup C:\WINDOWS\Downloaded Program Files\UERST_0001_N68M0602NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Pulito con Backup C:\WINDOWS\system32\a.exe -> Backdoor.SdBot.aad : Pulito con Backup C:\WINDOWS\system32\ad.html -> Hijacker.Agent.e : Pulito con Backup C:\WINDOWS\system32\asvpack.dll -> Adware.Look2Me : Pulito con Backup C:\WINDOWS\system32\cndial32.dll -> Adware.Look2Me : Pulito con Backup C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\0T6ROX67\rp5[1].exe -> Backdoor.SdBot.aad : Pulito con Backup C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\0T6ROX67\rp5[2].exe -> Backdoor.SdBot.aad : Pulito con Backup C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\K9Y3WPUF\drsmartload556a[1].exe -> Downloader.Adload.t : Pulito con Backup C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\K9Y3WPUF\drsmartload[1].exe -> Downloader.Adload.u : Pulito con Backup C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\SL6V0XIF\rp5[2].exe -> Backdoor.SdBot.aad : Pulito con Backup C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\SL6V0XIF\winsysban12[1].exe -> Hijacker.VB.li : Pulito con Backup C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\SLA78PMB\rp5[1].exe -> Backdoor.SdBot.aad : Pulito con Backup C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\SLA78PMB\rp5[2].exe -> Backdoor.SdBot.aad : Pulito con Backup C:\WINDOWS\system32\guard.tmp -> Adware.Look2Me : Pulito con Backup C:\WINDOWS\system32\mZg_hook.dll -> Adware.Look2Me : Pulito con Backup C:\WINDOWS\system32\mzxoci.dll -> Adware.Look2Me : Pulito con Backup C:\WINDOWS\system32\tHpi32.dll -> Adware.Look2Me : Pulito con Backup C:\WINDOWS\system32\winabra.exe -> Heuristic.Win32.Morphine-Crypted : Pulito con Backup C:\WINDOWS\system32\wzppmht.exe -> Dropper.Paradrop.a : Pulito con Backup C:\WINDOWS\system32\zikra.exe -> Downloader.Adload.t : Pulito con Backup C:\WINDOWS\system32\__delete_on_reboot__vfrifier.dll -> Adware.Look2Me : Pulito con Backup C:\WINDOWS\THVjaWFubw\asappsrv.dll -> Adware.CommAd : Pulito con Backup C:\WINDOWS\THVjaWFubw\command.exe -> Adware.CommAd : Pulito con Backup C:\WINDOWS\wallpap.exe -> Hijacker.Agent.gp : Pulito con Backup C:\winsysban12.exe -> Hijacker.VB.li : Pulito con Backup ::Fine Rapportoਊ Ma non è che queste operazioni devo farle in modalità provvisoria???

21-03-2006, 19:39	#16
andorra24 Senior Member Iscritto dal: May 2005 Città: Palermo Messaggi: 6390	Ewido ti ha trovato tantissime infezioni, avevi il pc davvero molto inquinato. Ci sono alcune voci del log di hijackthis che devi fixare in modalita' provvisoria dopo aver disattivato il ripristino di sistema e sono queste: O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\en2ql1f51.dll O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINDOWS\System32\wuapi.exe (file missing) O23 - Service: Defragmentation Management Handler (FAT Defragmentation) - Unknown owner - C:\WINDOWS\System32\dfrgfat32.exe O23 - Service: Msn Service (MSNSVC) - Unknown owner - C:\WINDOWS\msnsrv.exe (file missing) O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing) Per disattivare il ripristino di sistema segui le istruzioni: http://service1.symantec.com/SUPPORT...20823151930924 Per andare in modalita' provvisoria: http://service1.symantec.com/SUPPORT...20722090503924 ps: gia' che vai in modalita' provvisoria ripeti anche la scansione con ewido.

21-03-2006, 21:59	#17
baycoreano Member Iscritto dal: Feb 2006 Città: Salerno Messaggi: 55	Sono andato in modalità provvisoria, ma hijackthis non lo trovo, come mai?? La scansione la faccio solo con Ewido??

Strumenti
Mostra una versione stampabile Invia questa pagina per email