Mi sono inguaiato con ErrorSafe ecc.

[unbrividoxlui]

Carissimi,

anzitutto vi ammiro per la vostra competenza informatica

Due giorni fa un popup molto ben mascherato mi ha convinto a scaricare ErrorSafe, che prometteva di togliermi spyware e trojan e malware e quant'altro, e invece anziché togliermeli me li mette

Il mio antivirus è BitDefender Free Edition, ho malamente disinstallato Norton Antivirus 2005 (il giorno stesso) e come antispyware uso AdAware, MalwarRemover, Microsoft Antispyware, SpywareBlaster, Spybot Search & Destroy e NoAdware.

Nessuno di questi, tuttavia, è riuscito, finora, a togliermi il problema dei popup di ogni tipo che mi si aprono ogni 30 secondi (il problema si manifesta solamente con la connessione attiva, naturalmente!).

Ecco il mio log di HijackThis. Grazie a chi mi può aiutare!!


Logfile of HijackThis v1.99.1
Scan saved at 2.09.46, on 16/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
C:\Programmi\UTILITIES FETI\LCxCLIP\LCxCLIP\LCxCLIP.exe
C:\Programmi\Softwin\BitDefender8\bdmcon.exe
C:\Programmi\Softwin\BitDefender8\bdnagent.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\vsnpstd2.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\Opera\Opera.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\UTILITIES FETI\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 155.185.96.86:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\PROGRA~1\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [msnappau] "C:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe"
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [MSN Update] dllcon.exe
O4 - HKCU\..\Run: [mfku] C:\PROGRA~1\FILECO~1\mfku\mfkum.exe
O4 - HKCU\..\Run: [MSN Update] dllcon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) -
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1EDF25DE-DFB2-40CA-AA83-30AE7DA8C203} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/A ... ngctrl.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/242fede73d3 ... 601_it.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3629597357
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\dnj2011oe.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Windows Update Service (muamgrd) - Unknown owner - C:\WINDOWS\System32\muamgrd.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe (file missing)
O23 - Service: windows system source (windowsvc) - Unknown owner - C:\WINDOWS\System32\windowssvc.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

[Luke9792005]

Ciao.

Prima cosa: sembra che tu non abbia alcun firewall. Se così fosse, ti consiglio di installarne uno il prima possibile.

Venendo al tuo log:

C:\Programmi\UTILITIES FETI\LCxCLIP\LCxCLIP\LCxCLIP.exe Sai di cosa si tratta?

O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe Da fixare.

O4 - HKLM\..\RunServices: [MSN Update] dllcon.exe Questo sembra essere riferito ad un trojan/backdoor: http://www.bleepingcomputer.com/startup ... -8553.html

O4 - HKCU\..\Run: [mfku] C:\PROGRA~1\FILECO~1\mfku\mfkum.exe Da fixare.

O4 - HKCU\..\Run: [MSN Update] dllcon.exe vedi sopra.

O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone Sai di cosa si tratta?

O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone Idem come sopra.

O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone Idem come sopra.

O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone Idem come sopra.

O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone Idem come sopra.

O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\dnj2011oe.dll Da fixare.

O23 - Service: Windows Update Service (muamgrd) - Unknown owner - C:\WINDOWS\System32\muamgrd.exe (file missing) Da fixare.

O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe (file missing) Da fixare.

O23 - Service: windows system source (windowsvc) - Unknown owner - C:\WINDOWS\System32\windowssvc.exe (file missing) Da fixare.

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) Da fixare.

Per ulteriori informazioni sull'uso di HijackThis, prima di cominciare, leggi attentamente questa utile guida:
http://www.pc-facile.com/guide/guida_hijackthis/

Ciao

[unbrividoxlui]

Ho installato Zone Alarm; in effetti avevo tolto il firewall di Norton e non avevo provveduto a sostituirlo

Ho fatto scansione con Panda Software Active Scan e mi ha rilevato anche un virus, che ha provveduto ad eliminare (Netmon.exe).

Tuttavia qualche finestra del browser indesiderata (molte meno di prima) compare ugualmente ogni tanto... Che faccio?


Logfile of HijackThis v1.99.1
Scan saved at 4.43.40, on 16/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
C:\Programmi\UTILITIES FETI\LCxCLIP\LCxCLIP\LCxCLIP.exe
C:\Programmi\Softwin\BitDefender8\bdmcon.exe
C:\programmi\softwin\bitdefender8\bdnagent.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\vsnpstd2.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programm\ZoneAlarm\zlclient.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Opera\Opera.exe
C:\Programmi\UTILITIES FETI\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 155.185.96.86:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\PROGRA~1\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [msnappau] "C:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe"
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programm\ZoneAlarm\zlclient.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) -
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1EDF25DE-DFB2-40CA-AA83-30AE7DA8C203} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/A ... ngctrl.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/242fede73d3 ... 601_it.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3629597357
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\k4620ejoehoc0.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: windows system source (windowsvc) - Unknown owner - C:\WINDOWS\System32\windowssvc.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

[unbrividoxlui]

Scusatemi...riposto il log di Hijack dopo aver fatto due modifiche. Il programma LCxCLIP.exe lo conosco ed è innocuo! Per quanto riguarda invece i Protocol Defaults numero 015 non so cosa dire!!

grazie come sempre!!

brivido



___________________________________________


Logfile of HijackThis v1.99.1
Scan saved at 4.49.40, on 16/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
C:\Programmi\UTILITIES FETI\LCxCLIP\LCxCLIP\LCxCLIP.exe
C:\Programmi\Softwin\BitDefender8\bdmcon.exe
C:\programmi\softwin\bitdefender8\bdnagent.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programm\ZoneAlarm\zlclient.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Opera\Opera.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\Programmi\UTILITIES FETI\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 155.185.96.86:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\PROGRA~1\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [msnappau] "C:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe"
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programm\ZoneAlarm\zlclient.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) -
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1EDF25DE-DFB2-40CA-AA83-30AE7DA8C203} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/A ... ngctrl.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/242fede73d3 ... 601_it.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3629597357
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\k4620ejoehoc0.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: windows system source (windowsvc) - Unknown owner - C:\WINDOWS\System32\windowssvc.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

[Luke57]

Ciao, penso che tu abbia un’infezione da Look2me , intanto scarica Deldomains
che ti rimetterà a posto la "Trusted Zone" (015) , una volta compattato il file, clicchi con il destro e scegli installa
scarica kill box da qui http://www.bleepingcomputer.com/files/killbox.php
Scarica il file .zip, estrailo sul desktop e lancia Killbox.exe.
Copia/incolla questo percorso da eliminare nell'apposito campo:
C:\WINDOWS\system32\k4620ejoehoc0.dll
e premi il pulsante "Delete file" (un cerchietto rosso con una "X" bianca).
Alla richiesta di riavviare il computer, riavvia.
Fai girare nuovamente hijackthis, cerca e spunta le seguenti voci:
O20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\k4620ejoehoc0.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe (file missing)
O23 - Service: windows system source (windowsvc) - Unknown owner - C:\WINDOWS\System32\windowssvc.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing
Posta nuovo log ( sicuramente la dll alla voce 020 si ripresenterà con un nuovo nome)

[unbrividoxlui]

Ciao Luke57!
Ho scaricato DelDomains ma non mi ha sistemato, purtroppo, la Trusted Zone (015)... Prima di installare DelDomains e KillBox avevo eseguito un paio di scansioni con Panda Active Scan online, quindi il log di hijack era stato ulteriormente modificato rispetto al tuo post.

Ora la situazione è questa (i popup e le finestre son sempre meno ); nonostante fixi le voci con "file missing", alla scansione successiva di hijack ci sono ancora! così come la voce 020 si ripresenta sempre con un nome nuovo

Logfile of HijackThis v1.99.1
Scan saved at 14.27.05, on 16/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
C:\Programmi\UTILITIES FETI\LCxCLIP\LCxCLIP\LCxCLIP.exe
C:\Programmi\Softwin\BitDefender8\bdmcon.exe
C:\Programmi\Softwin\BitDefender8\bdnagent.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programmi\Zone Alarm\ZoneAlarm\zlclient.exe
C:\Programmi\Opera\Opera.exe
C:\Programmi\UTILITIES FETI\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 155.185.96.86:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\PROGRA~1\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [msnappau] "C:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe"
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programm\ZoneAlarm\zlclient.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\o8roli9318.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: windows system source (windowsvc) - Unknown owner - C:\WINDOWS\System32\windowssvc.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

[Luke57]

Ciao, hai sicuramente un'infezione da look2me. Scarica la versione trial di SPYSWEEPER
(versione di prova a 30 giorni che comunque rimuove gli spyware)
http://www.webroot.com/shoppingcart/try ... 02&lang=it
scarica iANCHE CCleaner ultima versione da qui http://news.swzone.it/swznews-16590.php, lo lasci impostato com’è di default, devi solo in opzioni>avanzate, lasciare la spunta a backup a “chiedi backup delle voci di registro” e toglierla a “cancella file windows solo se più vecchi di 48 ore) per eliminare i file temporanei di windows, quelli di IE, cookies, cestino.
Riposta poi un log di hijackthis.

[unbrividoxlui]

STO INTRAVEDENDO LA FINE DI QUESTO TUNNEL

Ecco il mio log attuale, dopo che SpySweeper (la trial version è di 14 giorni, non di 30 come dicevi ke cattivi, cosa gli costa 30 giorni anziché 14??!) ha trovato un trojan, due adware e un'altra cosa...

________________________


Logfile of HijackThis v1.99.1
Scan saved at 17.16.37, on 16/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
C:\Programmi\UTILITIES FETI\LCxCLIP\LCxCLIP\LCxCLIP.exe
C:\Programmi\Softwin\BitDefender8\bdnagent.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programmi\Zone Alarm\ZoneAlarm\zlclient.exe
C:\Programmi\Opera\Opera.exe
C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
c:\programmi\softwin\bitdefender8\bdmcon.exe
C:\Programmi\UTILITIES FETI\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 155.185.96.86:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\PROGRA~1\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
O4 - HKLM\..\Run: [BDNewsAgent] "c:\programmi\softwin\bitdefender8\bdnagent.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [msnappau] "C:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe"
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programm\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\o8roli9318.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: windows system source (windowsvc) - Unknown owner - C:\WINDOWS\System32\windowssvc.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

[Luke57]

Ciao, non abbiamo per niente terminato
Scarica Ewido Security Suite http://www.ewido.net/en/download/
e installalo.
Lancia ewido, doppio click sull'icona con una grande E sul desktop.
Il programma chiederà di fare l'update, click su OK
Apparirà la schermata principale del programma dove è necessario
aggiornare ewido alle ultime definizioni delle firme dei virus.
Sulla parte sinistra della schermata principale click su update
Click su Start
L' update partirà ed una barra mostrerà la progressione dell'aggiornamento.
Una volta che l'aggiornamento sarà completato :
riavvia in Modalità provvisoria
Avvia Ewido.
Click su scanner
Assicurati che le seguenti caselle siano spuntate:
Binder
Crypter
Archives
Click su Start Scan
Attendi la conclusione della scansione
Mentre la scansione è attiva può presentarsi la richiesta di fare il clean del primo file infetto che trova. Scegli "clean"
e spunta la casella "Perform action on all infections" nell'angolo a sinistra della finestra in modo da far effettuare da Ewido
automaticamente l'operazione ad ogni file infetto, Click su ok.
Una volta terminata la scansione click sul pulsante in basso sulla finestra "Save report"
Salva il report sul desktop ed allegalo in un post.

[unbrividoxlui]

avevi ragione tu (ovviamente ).
Ecco il report:

---------------------------------------------------------
ewido anti-malware - Rapporto Scansione
---------------------------------------------------------

+ Creato il: 17.42.01, 17/01/2006
+ Report-Checksum: 25156765

+ Risultati scansione:

[692] C:\WINDOWS\system32\htmd32u.dll -> Spyware.Look2Me : Pulito con Backup
[776] C:\WINDOWS\system32\htmd32u.dll -> Spyware.Look2Me : Errore durante la pulizia
C:\WINDOWS\system32\htmd32u.dll -> Spyware.Look2Me : Pulito con Backup
C:\WINDOWS\system32\guard.tmp -> Spyware.Look2Me : Pulito con Backup
C:\WINDOWS\system32\tEpiui.dll -> Spyware.Look2Me : Pulito con Backup
C:\Documents and Settings\Fra\Impostazioni locali\Temp\Cookies\fra@atdmt[2].txt -> Spyware.Cookie.Atdmt : Pulito con Backup
C:\System Volume Information\_restore{036BD964-B3D8-4D04-B1EB-A41733656B4F}\RP12\A0002377.dll -> Spyware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{036BD964-B3D8-4D04-B1EB-A41733656B4F}\RP12\A0002378.dll -> Spyware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{036BD964-B3D8-4D04-B1EB-A41733656B4F}\RP12\A0002379.dll -> Spyware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{036BD964-B3D8-4D04-B1EB-A41733656B4F}\RP12\A0002384.dll -> Spyware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{036BD964-B3D8-4D04-B1EB-A41733656B4F}\RP12\A0002391.dll -> Spyware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{036BD964-B3D8-4D04-B1EB-A41733656B4F}\RP12\A0002450.dll -> Spyware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{036BD964-B3D8-4D04-B1EB-A41733656B4F}\RP12\A0002471.dll -> Spyware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{036BD964-B3D8-4D04-B1EB-A41733656B4F}\RP12\A0002479.dll -> Spyware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{036BD964-B3D8-4D04-B1EB-A41733656B4F}\RP13\A0002583.dll -> Spyware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{036BD964-B3D8-4D04-B1EB-A41733656B4F}\RP13\A0002590.dll -> Spyware.Look2Me : Pulito con Backup
C:\System Volume Information\_restore{036BD964-B3D8-4D04-B1EB-A41733656B4F}\RP13\A0002607.dll -> Spyware.Look2Me : Pulito con Backup


::Fine Rapporto


___________________________

Il problema è ke i file dll nella cartella System 32 li continua a rilevare nella scansione memoria ti allego il report (della scansione fatta DOPO questa qui sopra)

__________________________

---------------------------------------------------------
ewido anti-malware - Rapporto Scansione
---------------------------------------------------------

+ Creato il: 17.44.29, 17/01/2006
+ Report-Checksum: 7C471538

+ Risultati scansione:

[692] C:\WINDOWS\system32\htmd32u.dll -> Spyware.Look2Me : Errore durante la pulizia
[776] C:\WINDOWS\system32\htmd32u.dll -> Spyware.Look2Me : Errore durante la pulizia


::Fine Rapporto

[Luke57]

Ciao, le scansioni le hai fatte in modalità provvisoria?
Scarica CCleaner ultima versione da qui http://news.swzone.it/swznews-16590.php, è ottimo per la cancellazione di file temporanei di windows e IE.
Riavvia in modalittà provvisoria, rendi visibile i file e cartelle nascosti da esplorarisorse>strumenti>opzioni cartella>visualizzazione". Seleziona "visualizza file e cartelle nascosti", "visualizza il contenuto delle cartelle di sistema" e deseleziona "nascondi file protetti e di sistema", cerca ed elimina C:\WINDOWS\system32\htmd32u.dll
Controlla anche che e altre dll individuate da ewido non ci siano, se ci sono eliminale.
Utilizza poi CCleaner ( lo lasci impostato com’è di default, devi solo in opzioni>avanzate, lasciare la spunta a backup a “chiedi backup delle voci di registro” e toglierla a “cancella file windows solo se più vecchi di 48 ore) per eliminare i file temporanei di windows, quelli di IE, cookies, svuotare il cestino. Posta poi un nuovo lgo di hijackthis.

[unbrividoxlui]

sì, le scansioni le ho fatte in modalità provvisoria.

Ecco il nuovo log di HijackThis


Logfile of HijackThis v1.99.1
Scan saved at 20.28.47, on 17/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\UTILITIES FETI\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\PROGRA~1\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\npjpi150_06.dll
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\n8r20i9oe8.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: windows system source (windowsvc) - Unknown owner - C:\WINDOWS\System32\windowssvc.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

[Luke57]

Ciao, forse ci siamo, con hijackthis fissa:
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\n8r20i9oe8.dll (file missing)
e le voci 023 con i file missing, senza più riferimenti e quindi inutili.
Controlla soprattutto che non si ripresenti la o una dll sospetta alla voce 020. Fammi sapere, anzi facci sapere

[unbrividoxlui]

Buongiorno! Ho provato a fixare il numero 020 ed è sparito mentre purtroppo i (file missing) del 023 pur fixandoli, si ripresentano nella scansione successiva. E' un problema?

Cosa faccio con SpySweeper Trial Version (scade tra 12 giorni)...
Vi sottopongo un'altra domanda: esiste un freeware che permette di disinstallare COMPLETAMENTE, al mille per mille, un software quando non si decide che serve più? Che cancelli anche i file remotamente nascosti in qualche cartella di sistema? Oppure è sufficiente fare il defrag ogni tanto, x liberare lo spazio inutile e i frammenti di programmi inutilizzati? grazie mille come sempre, siete bravissimi!


Logfile of HijackThis v1.99.1
Scan saved at 10.08.53, on 18/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\Programmi\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
C:\Programmi\UTILITIES FETI\LCxCLIP\LCxCLIP\LCxCLIP.exe
C:\Programmi\Softwin\BitDefender8\bdnagent.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programmi\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programmi\Zone Alarm\ZoneAlarm\zlclient.exe
C:\Programmi\Softwin\BitDefender8\bdmcon.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Opera\Opera.exe
C:\Programmi\UTILITIES FETI\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 155.185.96.86:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\PROGRA~1\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Alarm\ZoneAlarm\zlclient.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: windows system source (windowsvc) - Unknown owner - C:\WINDOWS\System32\windowssvc.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

[Luke57]

Ciao di nuovo, devi eliminare le voci 015 (trusted zone): Fallo con hijackthis o utilizzando delsdomains ( clicchi col tasto destro sul file inf e scegli installa). Per quanto riguarda i file missing non rappresentano un problema, si tratta di servizi quindi bisogna fare in altro modo, prova a fare così:
clicca sull'opzione,nella finestra principale di hijack,"open the misc tool section",poi clicca su"delete an NT service",scrivi l'esatto percorso, ad esempio, per la prima voce,
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service
e clicca su ok. Fai così per gli altri missing. Spysweer lo puoi disinstallare, se lo vuoi tenere devi pagarlo.

[unbrividoxlui]

Ciao! ho provato a fixare le voci (con Services.msc) ma dopo aver disabilitato il servizio di BitDefender (il mio antivirus freeware), non mi partiva più! Quindi l'ho ripristinato!

Come faccio con la Trusted Zone?? Come si lavora con DelDomains? basta cliccare su INSTALL dal menu contestuale? fa tutto da solo?

Grazie

[unbrividoxlui]

HO parlato prima di agire: non l'ho ancora ripristinato BitDefender; la voce del servizio non mi compare più in Services.msc, nemmeno come Servizio disabilitato!! Come posso fare? Devo reinstallarlo? grazie

[Luke57]

Ciao, per deldomains basta cliccare con il tasto destro sul file inf e scegliere installa, per il servizio che non trovi più mi appare strano, hijackthis non elimina "fisicamente" il servizio. Puoi sempre reinstallarlo comunque.

[unbrividoxlui]

Infatti il servizio non l'ho disattivato con HijackThis, ma con Services.msc perché MiscTool di HijackThis mi diceva che il servizio era enable/running quindi non poteva essere "trattato" dal programma. Terminato con Services.msc, l'ho "trattato" con MiscTool ed è andato via.

Mi sa che lo reinstallo, BitDefender.

Ciao e...se non c'è più bisogno, grazie mille di tutto!! Siete stati dei grandi, mi avete insegnato molte cose che rimangono sempre utili!