FARMMEXTE.EXE

[tigre652]

Ho questo file che tenta di connettersi, probabilmente un troyan! Per ora non son riuscito ad eliminarlo, sapete aiutarmi?
Vi posto il log di hjthis cosà agari mi aiutate. CIAO grazie!

Logfile of HijackThis v1.97.7
Scan saved at 0.48.12, on 28/02/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Programmi\File comuni\EPSON\eEBAPI\SAgent2.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programmi\Ghost 2005\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmi\Nokia PC Suite 5\DataLayer.exe
C:\WINDOWS\system32\atwtusb.exe
C:\PROGRA~1\SPRINT~1.0OF\Sprint\CAgent.exe
C:\WINDOWS\tppaldr.exe
C:\Programmi\Ghost 2005\Agent\GhostTray.exe
C:\Programmi\File comuni\Real\Update_OB\evntsvc.exe
C:\WINDOWS\system32\gsicon.exe
C:\WINDOWS\system32\dslagent.exe
C:\windows\system32\uizopij.exe
C:\Programmi\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Programmi\File comuni\Nokia\Services\ServiceLayer.exe
C:\windows\system32\calc.exe
C:\Programmi\Copernic 2001 Basic\Copernic.exe
C:\Programmi\Internet Explorer\iexplore.exe
D:\Programmi\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.libero.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - C:\WINDOWS\dlmax.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [ABBYY Community Agent] C:\PROGRA~1\SPRINT~1.0OF\Sprint\CAgent.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Programmi\Ghost 2005\Agent\GhostTray.exe
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [TkBellExe] C:\Programmi\File comuni\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [uizopij] c:\windows\system32\uizopij.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\ZoneAlarm\zlclient.exe"
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con FlashGet - C:\Programmi\FlashGet\jc_link.htm
O8 - Extra context menu item: Scarica tutto con FlashGet - C:\Programmi\FlashGet\jc_all.htm
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.celebritaspoglie.net/all.exe
O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://C:\Documents and Settings\Tigre652\Impostazioni locali\Temp\WAS8305.tmp\html\painter.exe
O16 - DPF: {15320607-1001-1831-1000-118599957123} - ms-its:mhtml:file://C:\PATH.MHT!http://195.225.176.5//d//aknghod//qp...::/painter.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...8f5a9fca2cbb23
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-445535400000} - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1044446.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{022BB2FB-51AC-423A-9A91-8F7ACB39B87C}: NameServer = 85.37.17.8 151.99.125.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{022BB2FB-51AC-423A-9A91-8F7ACB39B87C}: NameServer = 85.37.17.8 151.99.125.1

[MrOZ]

sì è un troyan/spyware.

mandami x email alcuni file che ti chiedo in pvt.

ciao.