Home News Guide Hardware Download Forum Glossario

Condividi:        

Aiuto!

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Regole del forum
Rispondi al post

Aiuto!

Postdi vegekou » 20/03/07 16:17

Salve a tutti, credo di avere diversi spyware nel pc, qualcuno puoi aiutarmi?
Faccio regolarmente varie scansioni giornaliere ma certi file non se ne vanno.
Grazie per la vostra attenzione

Logfile of HijackThis v1.99.1
Scan saved at 16.15.49, on 20/03/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
g:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
G:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\System32\VTTimer.exe
G:\Programmi\Browser Mouse\moffice.exe
C:\windows\system32\uvcx.exe
g:\Programmi\Browser Mouse\MOUSE32A.EXE
C:\Programmi\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\spoolsv.exe
g:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\windows\system32\winlogon.exe
C:\Programmi\AOL\Active Virus Shield\avp.exe
G:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
g:\Programmi\Remote Task Manager\RTMService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
G:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
G:\EMULE\emulev0.46c-MorphXTv7.3-bin\emule\emule.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
G:\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.xfastsearch.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: Give4Free Plugin Installer - {208E7E77-507A-4649-B0C9-D39E9049C7A2} - C:\Programmi\Give4Free Plugin\ibho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] g:\Programmi\Browser Mouse\moffice.exe
O4 - HKLM\..\Run: [msmmi] C:\WINDOWS\System32\msmmi.exe
O4 - HKLM\..\Run: [uvnx] c:\windows\system32\uvcx.exe
O4 - HKLM\..\Run: [aol] "C:\Programmi\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [SmcService] G:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Clean Traces - G:\Programmi\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - G:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - G:\Programmi\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - G:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - G:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - G:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {0E64B286-F91C-442D-8B6D-0D78433AA93D} - http://visualizzamms.net.vodafone.it/mm ... tiveXs.cab
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} - http://secure2.comned.com/signuptemplat ... kurity.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} - http://www.cult3d.com/download/cult.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/245ebd09140 ... 601_it.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4040486906
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} - http://secure2.comned.com/signuptemplat ... -devel.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZI ... b53083.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - http://messenger.zone.msn.com/binary/Ba ... b31267.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697517} - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_aac.cab
O16 - DPF: {D607FAED-AAFD-4EE4-BE84-0F2035D36D8E} - http://mytel.ecs.net/TestSF.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://betway.microgaming.com/betway/FlashAX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52194CDC-35A0-449D-A3EF-E9042DA9DC35}: NameServer = 213.205.32.70 213.205.36.70
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - (no file)
O20 - AppInit_DLLs:
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - g:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Programmi\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - G:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: FreePOPs - Unknown owner - G:\Programmi\FreePOPs\freepopsservice.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - g:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Task Manager service (RTM) - Unknown owner - g:\Programmi\Remote Task Manager\RTMService.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - G:\Programmi\Sygate\SPF\smc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
vegekou
Newbie
 
Post: 9
Iscritto il: 20/03/07 11:12
Top
Sponsor
 

Risposta

Postdi Opensource » 21/03/07 14:41

scarica avg anti spyware:

http://www.ewido.net/de/download/

installalo e aggiornalo e fagli fare una scansione, una volta finito cancella tutto quello che ha rilevato e posta nuovamento un log di hijackthis
Avatar utente
Opensource
Utente Senior
 
Post: 684
Iscritto il: 02/11/06 20:45
Top

Postdi vegekou » 21/03/07 16:59

Uso già quel programma, comunque ho rifatto di nuovo la scansione e questo è il log di HijackThis


Logfile of HijackThis v1.99.1
Scan saved at 16.58.26, on 21/03/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
g:\Programmi\Ahead\InCD\InCDsrv.exe
G:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\VTTimer.exe
C:\WINDOWS\system32\spoolsv.exe
c:\windows\system32\svchost.exe
G:\Programmi\Browser Mouse\moffice.exe
C:\windows\system32\uvcx.exe
g:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
g:\Programmi\Browser Mouse\MOUSE32A.EXE
C:\Programmi\AOL\Active Virus Shield\avp.exe
C:\Programmi\AOL\Active Virus Shield\avp.exe
G:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
g:\Programmi\Remote Task Manager\RTMService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
G:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
G:\EMULE\emulev0.46c-MorphXTv7.3-bin\emule\emule.exe
G:\Programmi\FireTrust\MailWasher Pro\MailWasher.exe
G:\hijackthis_199\HijackThis.exe
C:\Programmi\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.xfastsearch.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: Give4Free Plugin Installer - {208E7E77-507A-4649-B0C9-D39E9049C7A2} - C:\Programmi\Give4Free Plugin\ibho.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] g:\Programmi\Browser Mouse\moffice.exe
O4 - HKLM\..\Run: [msmmi] C:\WINDOWS\System32\msmmi.exe
O4 - HKLM\..\Run: [uvnx] c:\windows\system32\uvcx.exe
O4 - HKLM\..\Run: [aol] "C:\Programmi\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [SmcService] G:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Clean Traces - G:\Programmi\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - G:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - G:\Programmi\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - G:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - G:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - G:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {0E64B286-F91C-442D-8B6D-0D78433AA93D} - http://visualizzamms.net.vodafone.it/mm ... tiveXs.cab
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} - http://secure2.comned.com/signuptemplat ... kurity.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} - http://www.cult3d.com/download/cult.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/245ebd09140 ... 601_it.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4040486906
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} - http://secure2.comned.com/signuptemplat ... -devel.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZI ... b53083.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - http://messenger.zone.msn.com/binary/Ba ... b31267.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697517} - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_aac.cab
O16 - DPF: {D607FAED-AAFD-4EE4-BE84-0F2035D36D8E} - http://mytel.ecs.net/TestSF.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://betway.microgaming.com/betway/FlashAX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52194CDC-35A0-449D-A3EF-E9042DA9DC35}: NameServer = 213.205.32.70 213.205.36.70
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - (no file)
O20 - AppInit_DLLs:
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - g:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Programmi\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - G:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: FreePOPs - Unknown owner - G:\Programmi\FreePOPs\freepopsservice.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - g:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Task Manager service (RTM) - Unknown owner - g:\Programmi\Remote Task Manager\RTMService.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - G:\Programmi\Sygate\SPF\smc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
vegekou
Newbie
 
Post: 9
Iscritto il: 20/03/07 11:12
Top

Risposta

Postdi Opensource » 21/03/07 19:47

fixa queste

C:\windows\system32\uvcx.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)


O2 - BHO: Give4Free Plugin Installer - {208E7E77-507A-4649-B0C9-D39E9049C7A2} - C:\Programmi\Give4Free Plugin\ibho.dll (file missing)


O4 - HKLM\..\Run: [uvnx] c:\windows\system32\uvcx.exe


O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe


O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} - http://secure2.comned.com/signuptemplat ... kurity.cab


O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} - http://secure2.comned.com/signuptemplat ... -devel.cab


O20 - AppInit_DLLs:


scarica prevx1 da qui:
http://www.prevx.com/security.asp

installalo e aggirnalo e fagli fare una scansione completa.
una volta finito rimuovi ciò che ha trovato

posta nuovamente un log di hijackthis
Avatar utente
Opensource
Utente Senior
 
Post: 684
Iscritto il: 02/11/06 20:45
Top

Postdi vegekou » 21/03/07 22:40

Fatto tutto, ecco il log


Logfile of HijackThis v1.99.1
Scan saved at 22.38.49, on 21/03/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
g:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
G:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\System32\VTTimer.exe
G:\Programmi\Browser Mouse\moffice.exe
C:\Programmi\AOL\Active Virus Shield\avp.exe
g:\Programmi\Browser Mouse\MOUSE32A.EXE
G:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\spoolsv.exe
c:\windows\system32\services.exe
g:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\AOL\Active Virus Shield\avp.exe
G:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
g:\Programmi\Remote Task Manager\RTMService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Programmi\Prevx1\PXConsole.exe
C:\Programmi\Prevx1\PXAgent.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
G:\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.xfastsearch.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] g:\Programmi\Browser Mouse\moffice.exe
O4 - HKLM\..\Run: [msmmi] C:\WINDOWS\System32\msmmi.exe
O4 - HKLM\..\Run: [aol] "C:\Programmi\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [SmcService] G:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [PrevxOne] "C:\Programmi\Prevx1\PXConsole.exe"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Clean Traces - G:\Programmi\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - G:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - G:\Programmi\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - G:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - G:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - G:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {0E64B286-F91C-442D-8B6D-0D78433AA93D} - http://visualizzamms.net.vodafone.it/mm ... tiveXs.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} - http://www.cult3d.com/download/cult.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/245ebd09140 ... 601_it.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4040486906
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZI ... b53083.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - http://messenger.zone.msn.com/binary/Ba ... b31267.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697517} - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_aac.cab
O16 - DPF: {D607FAED-AAFD-4EE4-BE84-0F2035D36D8E} - http://mytel.ecs.net/TestSF.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://betway.microgaming.com/betway/FlashAX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52194CDC-35A0-449D-A3EF-E9042DA9DC35}: NameServer = 213.205.32.70 213.205.36.70
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - (no file)
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - g:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Programmi\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - G:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: FreePOPs - Unknown owner - G:\Programmi\FreePOPs\freepopsservice.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - g:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Programmi\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Remote Task Manager service (RTM) - Unknown owner - g:\Programmi\Remote Task Manager\RTMService.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - G:\Programmi\Sygate\SPF\smc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
vegekou
Newbie
 
Post: 9
Iscritto il: 20/03/07 11:12
Top

Risposta

Postdi Opensource » 22/03/07 09:08

conosci questo sito?

http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
Avatar utente
Opensource
Utente Senior
 
Post: 684
Iscritto il: 02/11/06 20:45
Top

Postdi Luke57 » 22/03/07 10:09

Ciao, apri hijackthis, premi “do a system scan only”, cerca e spunta le seguenti voci:
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [msmmi] C:\WINDOWS\System32\msmmi.exe
Premi fix checked.


Poi scarica killbox:
http://www.killbox.net/downloads/KillBox.exe
con killbox elimina (se presente) il seguente file:
C:\WINDOWS\System32\msmmi.exe


Poiscarica ATF Cleaner (per eliminare file temporanei)da qui:
http://www.atribune.org/ccount/click.php?id=1
Avvia ATF cleaner, clicca sul menu "main" e poi seleziona la casella
"Select All". Adesso clicca sul pulsante "Empty selected" e aspetta il
messaggio "Done Cleaning!".
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10
Top

Postdi vegekou » 22/03/07 15:35

Ho fatto ciò che mi hai suggerito, grazie mille!
vegekou
Newbie
 
Post: 9
Iscritto il: 20/03/07 11:12
Top
Rispondi al post

Torna a Sicurezza e Privacy


Topic correlati a "Aiuto!":

Autohotkey o simili...aiuto!
Autore: Paolo67 		Forum: Programmazione
Risposte: 4
aiuto windows 10
Autore: mod360 		Forum: Software Windows
Risposte: 1
aiuto installazione
Autore: mod360 		Forum: Software Windows
Risposte: 3
Aiuto per una formula
Autore: papiriof 		Forum: Applicazioni Office Windows
Risposte: 8
aiuto x mobili
Autore: MarioLombardi 		Forum: Forum off-topic
Risposte: 8

Chi c’è in linea

Visitano il forum: Nessuno e 83 ospiti