Luke57 ha scritto:Ciao, infatti me ne sono accorto dopo che avevi già tentato di utilizzare i tools.
Scarica:
http://www.nod32.it/cgi-bin/mapdl.pl?tool=Agent.VPcon questo elimina i due file verdi e anche quel Lexmark-Tool.exe.
Poi elimina la cartella con nome random in C:\documents and settings
Dopo aver fatto ciò,
start>esegui>
control userpasswords2 (lo digiti nello spazio)>OK
nella finestra Account elimini l'utenza random che ci dovrebbe essere con lo stesso nome della cartella in C:\documents and settings(la evidenzi e la rimuovi).
Controlla queste due chiavi di registro:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon, click su quest'ultima e guardi che cosa hai sulla destra accanto alle voce
UserinitPoi controlla quest'altra voce:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, click su quest'ultima cartella e guarda che cosa c'è dentro.
Hai provato a eliminare tutti i file temp prima di utiizzare i due tools?
A utilizzare virit?
http://www.tgsoft.it/italy/index_ita.htmlpare che abbbiano trovato il modo di eliminare l'ultima variante del malware.
Luke, non so come dirti grazie, aprezzo davvero l'aiuto.
Ho fatto un pò delle cose che mi hai suggerito.
Ho eliminato manualmente la cartella con nome random in Documents and Settings appena accortomi che qualcosa non andava, all'inizio.
La stessa cosa ho fatto con l'utenza random con lo stesso nome.
Da allora non sono più ricomparse.
Avevo già provato con Virit: mi ha cancellato il BHO ma non ha trovato nient'altro, e l'ho fatto andare diverse volte, in mod provv e non.
Poi ho fatto ancora partire i due tool dopo aver usato Ccleaner, ma non c'è stato niente da fare. Ho poi provato con il tool della Sophos. Ecco i risultati:
- sym (mod provv)
service: QnJKP (logon as: .\MxBQVa, passed filters)
Trojan.Linkoptimizer has not been found on your computer.
- soph (mod provv)
Trovati:
c:\Programmi\WindowsNT\mGFkHr.exe:$EFS
c:\Programmi\WindowsNT\kjFiRn.exe:$EFS
Imposto la cancellazione, mi dice di riavviare, riavvio.
- prev
Removal tool loaded into memory
Gromozon rootkit component not detected - searching for other components
Scanning: C:\WINDOWS
Scanning: C:\Programmi\File comuni
Trojan.Gromozon does not exist - your system is clean.
Visto che non riesco a far partire in alcun modo HJT, ho provato con Runalyzer in mod provv. Il log è molto lungo e spero di non infrangere qualche regola riportandolo. Eccolo:
-----------------------------------------------------------------------------
Logfile of RunAlyzer 0.3. Copyright © 2000-2005 Safer Networking Limited. All rights reserved.
Scan saved at 27/10/2006 14.03.40
Platform: Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
Running processes:
[System]
System
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Safer Networking\RunAlyzer\RunAlyzer.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,"c:\windows\lexmark-tool.exe",
O20 - Winlogon Notify: WgaLogon = WgaLogon.dll
O4 - Startup: Stop Dialers.lnk = C:\Programmi\StopDialers\StopDialer.exe
O4 - Global Startup: HELPExpress.lnk = C:\Programmi\HELPExpress\bin\matcli.exe
O4 - Global Startup: NaturalColorLoad.lnk = C:\Programmi\SEC\Natural Color\NaturalColorLoad.exe
O4 - HKCU\..\Run: [MSMSGS] C:\Programmi\Messenger\msmsgs.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] C:\Programmi\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [AdslTaskBar] C:\WINDOWS\system32\stmctrl.dll
O4 - HKLM\..\Run: [BHR4.1] C:\Programmi\Zamaan's Software\Browser Hijack Retaliator 4.1\BHR4.1.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PivotSoftware] C:\Programmi\WinPortrait\wpctrl.exe
O4 - HKLM\..\Run: [PrevxOne] C:\Programmi\Prevx1\PXConsole.exe
O23 - Service: avast! Asynchronous Virus Monitor (Aavmker4) - /owner unsupported/ -
O23 - Service: Driver ACPI Microsoft (ACPI) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\ACPI.sys
O23 - Service: Eliminatore di eco acustico del kernel Microsoft (aec) - /owner unsupported/ - C:\WINDOWS\system32\drivers\aec.sys
O23 - Service: Ambiente supporto di rete AFD (AFD) - /owner unsupported/ - C:\WINDOWS\System32\drivers\afd.sys
O23 - Service: Filtro bus Intel AGP (agp440) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\agp440.sys
O23 - Service: Service for Realtek AC97 Audio (WDM) (ALCXWDM) - /owner unsupported/ - C:\WINDOWS\system32\drivers\ALCXWDM.SYS
O23 - Service: Avvisi (Alerter) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Servizio Gateway di livello applicazione (ALG) - /owner unsupported/ - C:\WINDOWS\System32\alg.exe
O23 - Service: Gestione applicazione (AppMgmt) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Protocollo client ARP 1394 (Arp1394) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\arp1394.sys
O23 - Service: avast! Standard Shield Support (aswMon2) - /owner unsupported/ -
O23 - Service: aswRdr (aswRdr) - /owner unsupported/ -
O23 - Service: avast! Network Shield Support (aswTdi) - /owner unsupported/ -
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - /owner unsupported/ - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Driver per supporti asincroni RAS (AsyncMac) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\asyncmac.sys
O23 - Service: Controller disco rigido IDE/ESDI standard (atapi) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\atapi.sys
O23 - Service: ATI WDM Rage Theater Video (Microsoft Corporation) (atinrvxx) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\atinrvxx.sys
O23 - Service: ATI WDM TV Tuner (Microsoft Corporation) (ATITUNEP) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\atintuxx.sys
O23 - Service: ATI WDM Rage Theater Audio (Microsoft Corporation) (ativraxx) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\atinraxx.sys
O23 - Service: ATI WDM TV Audio (Microsoft Corporation) Crossbar (Microsoft Corporation) (ATIXSAudio) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\atinxsxx.sys
O23 - Service: Protocollo client ARP ATM (Atmarpc) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\atmarpc.sys
O23 - Service: Audio Windows (AudioSrv) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Driver stub audio (audstub) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\audstub.sys
O23 - Service: avast! Antivirus (avast! Antivirus) - /owner unsupported/ - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! Mail Scanner) - /owner unsupported/ - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! Web Scanner) - /owner unsupported/ - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Driver (AVG Anti-Spyware Driver) - /owner unsupported/ - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.sys
O23 - Service: AVG Anti-Spyware Guard (AVG Anti-Spyware Guard) - /owner unsupported/ - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG Anti-Spyware Clean Driver (AvgAsCln) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys
O23 - Service: Servizio trasferimento intelligente in background (BITS) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Browser di computer (Browser) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Decoder sottotitoli codificati (CCDECODE) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
O23 - Service: Driver del CD-ROM (Cdrom) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\cdrom.sys
O23 - Service: Servizio di indicizzazione (CiSvc) - /owner unsupported/ - C:\WINDOWS\system32\cisvc.exe
O23 - Service: ClipBook (ClipSrv) - /owner unsupported/ - C:\WINDOWS\system32\clipsrv.exe
O23 - Service: Applicazione di sistema COM+ (COMSysApp) - /owner unsupported/ - C:\WINDOWS\System32\dllhost.exe
O23 - Service: CPPI (CPPI) - /owner unsupported/ - C:\DOCUME~1\utente\IMPOST~1\Temp\CPPI.exe
O23 - Service: Servizi di crittografia (CryptSvc) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Utilità di avvio processo server DCOM (DcomLaunch) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Client DHCP (Dhcp) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Driver del disco (Disk) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\disk.sys
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - /owner unsupported/ - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Driver Gestione dischi logici (dmio) - /owner unsupported/ - C:\WINDOWS\System32\drivers\dmio.sys
O23 - Service: Gestione dischi logici (dmserver) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Sintetizzatore DLS Microsoft Kernel (DMusic) - /owner unsupported/ - C:\WINDOWS\system32\drivers\DMusic.sys
O23 - Service: Client DNS (Dnscache) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Decodificatore audio DRM del kernel Microsoft (drmkaud) - /owner unsupported/ - C:\WINDOWS\system32\drivers\drmkaud.sys
O23 - Service: Servizio di segnalazione errori (ERSvc) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Registro eventi (Eventlog) - /owner unsupported/ - C:\WINDOWS\system32\services.exe
O23 - Service: Sistema di eventi COM+ (EventSystem) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Compatibilità di Cambio rapido utente (FastUserSwitchingCompatibility) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Driver controller disco floppy (Fdc) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\fdc.sys
O23 - Service: Driver disco floppy (Flpydisk) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\flpydisk.sys
O23 - Service: FltMgr (FltMgr) - /owner unsupported/ - C:\WINDOWS\system32\drivers\fltmgr.sys
O23 - Service: Driver archiviazione volumi (Ftdisk) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\ftdisk.sys
O23 - Service: GEARAspiWDM (GEARAspiWDM) - /owner unsupported/ - C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
O23 - Service: Utilità di classificazione pacchetti generica (Gpc) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\msgpc.sys
O23 - Service: Guida in linea e supporto tecnico (helpsvc) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Accesso periferica Human Interface (HidServ) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Driver di classe HID Microsoft (HidUsb) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\hidusb.sys
O23 - Service: HTTP (HTTP) - /owner unsupported/ - C:\WINDOWS\System32\Drivers\HTTP.sys
O23 - Service: SSL HTTP (HTTPFilter) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Driver di porta mouse PS/2 e tastiera i8042 (i8042prt) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\i8042prt.sys
O23 - Service: InstallDriver Table Manager (IDriverT) - /owner unsupported/ - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Driver filtro masterizzazione CD (Imapi) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\imapi.sys
O23 - Service: Servizio COM di masterizzazione CD IMAPI (ImapiService) - /owner unsupported/ - C:\WINDOWS\System32\imapi.exe
O23 - Service: Driver processore Intel (intelppm) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\intelppm.sys
O23 - Service: Driver Windows Firewall IPv6 (ip6fw) - /owner unsupported/ - C:\WINDOWS\system32\drivers\ip6fw.sys
O23 - Service: Driver filtro traffico IP (IpFilterDriver) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
O23 - Service: Driver tunnel IP in IP (IpInIp) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\ipinip.sys
O23 - Service: Traduttore indirizzi di rete IP (IpNat) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\ipnat.sys
O23 - Service: iPodService (iPodService) - /owner unsupported/ - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Driver IPSEC (IPSec) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\ipsec.sys
O23 - Service: Protocollo IrDA (irda) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\irda.sys
O23 - Service: Servizio enumeratore infrarossi (IRENUM) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\irenum.sys
O23 - Service: Monitor infrarossi (Irmon) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Driver bus PnP ISA/EISA (isapnp) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\isapnp.sys
O23 - Service: Driver classe tastiera (Kbdclass) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\kbdclass.sys
O23 - Service: Mixer wave audio del kernel Microsoft (kmixer) - /owner unsupported/ - C:\WINDOWS\system32\drivers\kmixer.sys
O23 - Service: Server (lanmanserver) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Workstation (lanmanworkstation) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Helper NetBIOS di TCP/IP (LmHosts) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Machine Debug Manager (MDM) - /owner unsupported/ - C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
O23 - Service: MEMSWEEP2 (MEMSWEEP2) - /owner unsupported/ - C:\WINDOWS\system32\SophosMEMSWEEP.SYS
O23 - Service: Messenger (Messenger) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Condivisione desktop remoto di NetMeeting (mnmsrvc) - /owner unsupported/ - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Driver classe mouse (Mouclass) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\mouclass.sys
O23 - Service: Driver di mouse HID (mouhid) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\mouhid.sys
O23 - Service: Gestore installazione (Mounting) (MountMgr) - /owner unsupported/ -
O23 - Service: Redirector del client WebDav (MRxDAV) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\mrxdav.sys
O23 - Service: MRXSMB (MRxSmb) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
O23 - Service: Distributed Transaction Coordinator (MSDTC) - /owner unsupported/ - C:\WINDOWS\System32\msdtc.exe
O23 - Service: Microsoft IR Communications Driver (MSIRCOMM) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
O23 - Service: Windows Installer (MSIServer) - /owner unsupported/ - C:\WINDOWS\system32\msiexec.exe
O23 - Service: Proxy di servizio di flusso Microsoft (MSKSSRV) - /owner unsupported/ - C:\WINDOWS\system32\drivers\MSKSSRV.sys
O23 - Service: Proxy clock di flusso Microsoft (MSPCLOCK) - /owner unsupported/ - C:\WINDOWS\system32\drivers\MSPCLOCK.sys
O23 - Service: Proxy di gestione qualità di flusso Microsoft (MSPQM) - /owner unsupported/ - C:\WINDOWS\system32\drivers\MSPQM.sys
O23 - Service: Driver BIOS Microsoft System Management (mssmbios) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\mssmbios.sys
O23 - Service: Convertitore a T/Sito a sito per flusso Microsoft (MSTEE) - /owner unsupported/ - C:\WINDOWS\system32\drivers\MSTEE.sys
O23 - Service: Mup (Mup) - /owner unsupported/ -
O23 - Service: ATI WDM Specialized MVD Codec (Microsoft Corporation) (MVDCODEC) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\atinmdxx.sys
O23 - Service: NABTS/FEC VBI Codec (NABTSFEC) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
O23 - Service: Driver di sistema NDIS (NDIS) - /owner unsupported/ -
O23 - Service: Connesione TV/Video Microsoft (NdisIP) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\NdisIP.sys
O23 - Service: Driver TAPI NDIS di accesso remoto (NdisTapi) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\ndistapi.sys
O23 - Service: Protocollo I/O modalità utente su NDIS (Ndisuio) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\ndisuio.sys
O23 - Service: Driver WAN NDIS di accesso remoto (NdisWan) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\ndiswan.sys
O23 - Service: Interfaccia NetBIOS (NetBIOS) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\netbios.sys
O23 - Service: NetBios su Tcpip (NetBT) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\netbt.sys
O23 - Service: DDE di rete (NetDDE) - /owner unsupported/ - C:\WINDOWS\system32\netdde.exe
O23 - Service: DDE DSDM di rete (NetDDEdsdm) - /owner unsupported/ - C:\WINDOWS\system32\netdde.exe
O23 - Service: Accesso rete (Netlogon) - /owner unsupported/ - C:\WINDOWS\System32\lsass.exe
O23 - Service: Connessioni di rete (Netman) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: 1394 Net Driver (NIC1394) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\nic1394.sys
O23 - Service: NLA (Network Location Awareness) (Nla) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Provider supporto protezione LM NT (NtLmSsp) - /owner unsupported/ - C:\WINDOWS\System32\lsass.exe
O23 - Service: Archivi rimovibili (NtmsSvc) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Driver filtro traffico IPX (NwlnkFlt) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys
O23 - Service: Driver inoltratore traffico IPX (NwlnkFwd) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys
O23 - Service: Controller host NEC FireWarden IEEE 1394 compatibile OHCI (Open Host Controller Interface) (ohci1394) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\ohci1394.sys
O23 - Service: Office Source Engine (ose) - /owner unsupported/ - C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE
O23 - Service: Driver della porta parallela (Parport) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\parport.sys
O23 - Service: Gestore partizioni (PartMgr) - /owner unsupported/ -
O23 - Service: Driver bus PCI (PCI) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\pci.sys
O23 - Service: Padus ASPI Shell (pfc) - /owner unsupported/ - C:\WINDOWS\system32\drivers\pfc.sys
O23 - Service: Pivot Mouse/Pointers Filter Driver (pivotmou) - /owner unsupported/ - C:\WINDOWS\system32\drivers\pivotmou.sys
O23 - Service: Plug and Play (PlugPlay) - /owner unsupported/ - C:\WINDOWS\system32\services.exe
O23 - Service: Microsoft IntelliPoint Filter Driver (Point32) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\point32.sys
O23 - Service: Servizi IPSEC (PolicyAgent) - /owner unsupported/ - C:\WINDOWS\System32\lsass.exe
O23 - Service: WAN Miniport (PPTP) (PptpMiniport) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\raspptp.sys
O23 - Service: Prevx Agent (PREVXAgent) - /owner unsupported/ - C:\Programmi\Prevx1\PXAgent.exe
O23 - Service: PREVX Kernel Mode Agent (PrevxDriver) - /owner unsupported/ - C:\WINDOWS\system32\drivers\pxfsf.sys
O23 - Service: PREVX Emulator Driver (PrevxEmulator) - /owner unsupported/ - C:\WINDOWS\system32\drivers\pxemu.sys
O23 - Service: PREVX Tdi filter (PrevxTdi) - /owner unsupported/ - C:\WINDOWS\system32\drivers\pxtdi.sys
O23 - Service: Driver processore (Processor) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\processr.sys
O23 - Service: Archiviazione protetta (ProtectedStorage) - /owner unsupported/ - C:\WINDOWS\system32\lsass.exe
O23 - Service: Utilità di pianificazione pacchetti QoS (PSched) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\psched.sys
O23 - Service: Driver Direct Parallel Link (Ptilink) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\ptilink.sys
O23 - Service: PxHelp20 (PxHelp20) - /owner unsupported/ - C:\WINDOWS\System32\Drivers\PxHelp20.sys
O23 - Service: PREVX Rootkitscan driver (PXRDDriver) - /owner unsupported/ - C:\WINDOWS\system32\drivers\pxrd.sys
O23 - Service: QnJKP (QnJKP) - /owner unsupported/ - C:\Programmi\Windows NT\mGFkHr.exe
O23 - Service: Driver connessione automatica Accesso remoto (RasAcd) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\rasacd.sys
O23 - Service: Auto Connection Manager di Accesso remoto (RasAuto) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: WAN Miniport (IrDA) (Rasirda) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\rasirda.sys
O23 - Service: WAN Miniport (L2TP) (Rasl2tp) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
O23 - Service: Connection Manager di Accesso remoto (RasMan) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Driver PPPOE di accesso remoto (RasPppoe) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\raspppoe.sys
O23 - Service: Direct Parallel (Raspti) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\raspti.sys
O23 - Service: Rdbss (Rdbss) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\rdbss.sys
O23 - Service: Driver redirector periferica Terminal Server (rdpdr) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\rdpdr.sys
O23 - Service: Gestione sessione di assistenza mediante desktop remoto (RDSessMgr) - /owner unsupported/ - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Driver filtro riproduzione CD-ROM audio digitale (redbook) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\redbook.sys
O23 - Service: Routing e Accesso remoto (RemoteAccess) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Registro di sistema remoto (RemoteRegistry) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: RPC Locator (RpcLocator) - /owner unsupported/ - C:\WINDOWS\System32\locator.exe
O23 - Service: RPC (Remote Procedure Call) (RpcSs) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: QoS RSVP (RSVP) - /owner unsupported/ - C:\WINDOWS\System32\rsvp.exe
O23 - Service: Driver NT scheda Fast Ethernet PCI Realtek basata su RTL8139 (rtl8139) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\RTL8139.SYS
O23 - Service: Gestione account di protezione (SAM) (SamSs) - /owner unsupported/ - C:\WINDOWS\system32\lsass.exe
O23 - Service: smart card (SCardSvr) - /owner unsupported/ - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Utilità di pianificazione (Schedule) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Secdrv (Secdrv) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\secdrv.sys
O23 - Service: Accesso secondario (seclogon) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Notifica eventi di sistema (SENS) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Driver filtro Serenum (serenum) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\serenum.sys
O23 - Service: Driver della porta seriale (Serial) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\serial.sys
O23 - Service: SFPWQ (SFPWQ) - /owner unsupported/ - C:\DOCUME~1\utente\IMPOST~1\Temp\SFPWQ.exe
O23 - Service: Windows Firewall / Condivisione connessione Internet (ICS) (SharedAccess) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Rilevamento hardware shell (ShellHWDetection) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: BDA Slip De-Framer (SLIP) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\SLIP.sys
O23 - Service: Frazionatore audio del kernel Microsoft (splitter) - /owner unsupported/ - C:\WINDOWS\system32\drivers\splitter.sys
O23 - Service: Spooler di stampa (Spooler) - /owner unsupported/ - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: Driver filtro Ripristino configurazione di sistema (sr) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\sr.sys
O23 - Service: Servizio Ripristino configurazione di sistema (srservice) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Srv (Srv) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\srv.sys
O23 - Service: Servizio di rilevamento SSDP (SSDPSRV) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Adattatore SigmaTel USB-IrDA (STIrUsb) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\irstusb.sys
O23 - Service: Acquisizione di immagini di Windows (WIA) (stisvc) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: ATM/ADSL miniport (Stmatm) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\stmatm.sys
O23 - Service: BDA IPSink (streamip) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\StreamIP.sys
O23 - Service: Driver bus software (swenum) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\swenum.sys
O23 - Service: Sintetizzatore Wavetable GS kernel Microsoft (swmidi) - /owner unsupported/ - C:\WINDOWS\system32\drivers\swmidi.sys
O23 - Service: MS Software Shadow Copy Provider (SwPrv) - /owner unsupported/ - C:\WINDOWS\System32\dllhost.exe
O23 - Service: Periferica audio di sistema Microsoft Kernel (sysaudio) - /owner unsupported/ - C:\WINDOWS\system32\drivers\sysaudio.sys
O23 - Service: Avvisi e registri di prestazioni (SysmonLog) - /owner unsupported/ - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telefonia (TapiSrv) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: ADSL Modem USB Service 1.09a (TaurusUsb) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\torususb.sys
O23 - Service: Driver protocollo TCP/IP (Tcpip) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\tcpip.sys
O23 - Service: Driver della periferica terminale (TermDD) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\termdd.sys
O23 - Service: Servizi terminal (TermService) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Temi (Themes) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Telnet (TlntSvr) - /owner unsupported/ - C:\WINDOWS\System32\tlntsvr.exe
O23 - Service: Manutenzione collegamenti distribuiti client (TrkWks) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: ATI WDM Teletext Decoder (Microsoft Corporation) (TTDec) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ATINTTXX.sys
O23 - Service: Windows User Mode Driver Framework (UMWdf) - /owner unsupported/ - C:\WINDOWS\system32\wdfmgr.exe
O23 - Service: Driver aggiornamento microcodice (Update) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\update.sys
O23 - Service: Host di periferiche Plug and Play universali (upnphost) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Gruppo di continuità (UPS) - /owner unsupported/ - C:\WINDOWS\System32\ups.exe
O23 - Service: Driver Miniport controller enhanced host USB 2.0 Microsoft (usbehci) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\usbehci.sys
O23 - Service: Hub abilitato USB2 (usbhub) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\usbhub.sys
O23 - Service: Driver scanner USB (usbscan) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\usbscan.sys
O23 - Service: Driver archiviazione di massa USB (usbstor) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
O23 - Service: Driver Miniport Controller Universal Host USB Microsoft (usbuhci) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\usbuhci.sys
O23 - Service: Controller video VGA. (VgaSave) - /owner unsupported/ - C:\WINDOWS\System32\drivers\vga.sys
O23 - Service: Virit eXplorer Lite (viritsvclite) - /owner unsupported/ - C:\VEXPLITE\viritsvc.exe
O23 - Service: Copia replicata del volume (VSS) - /owner unsupported/ - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Ora di Windows (W32Time) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Driver ARP IP di accesso remoto (Wanarp) - /owner unsupported/ - C:\WINDOWS\System32\DRIVERS\wanarp.sys
O23 - Service: Driver host USB seriale Windows CE (wceusbsh) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
O23 - Service: Driver di compatibilità audio Microsoft WINMM WDM (wdmaud) - /owner unsupported/ - C:\WINDOWS\system32\drivers\wdmaud.sys
O23 - Service: WebClient (WebClient) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Windows Defender Service (WinDefend) - /owner unsupported/ - C:\Programmi\Windows Defender\MsMpEng.exe
O23 - Service: Strumentazione gestione Windows (winmgmt) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Servizio Numero di serie per dispositivi multimediali portatili (WmdmPmSN) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Estensioni driver di Strumentazione gestione Windows (Wmi) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Scheda WMI Performance (WmiApSrv) - /owner unsupported/ - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Centro sicurezza PC (wscsvc) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Codec World Standard Teletext (WSTCODEC) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
O23 - Service: Aggiornamenti automatici (wuauserv) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Zero Configuration reti senza fili (WZCSVC) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Servizio Provisioning di rete (xmlprov) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} () -
http://download.macromedia.com/pub/shoc ... tor/sw.cab
-----------------------------------------------------------------------------
Infine ho guardato nelle chiavi che mi hai detto di controllare.
1.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon, accanto alle voce
Userinit:
REG_SZ c:\windows\system32\userinit.exe,"c:\windows\lexmark-tool.exe.
Questo lexmarks-tool.exe me lo ritrovo nel task manager ad ogni riavvio ma se lo termino
non si riattiva. Ha data di creazione e di ultima modifica uguale ai due .exe verdi in
c:\Programmi\WindowsNT (QnJKP.exe, stesso nome del service; e .\MxBQVa.exe, stesso nome
dell'account indicato nelle proprietà del service).
Ho fatto una ricerca ma non ho trovato niente che riguardi Grom/LOpt.
Magare è un nuovo nome e potrebbe tornare utile a qualcuno.
2.
In
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
c'è
(Predefinito) REG_SZ (Valore non impostato)
Scusa se ti ho rotto ancora le scatole con un altro messaggio chilometrico.
Se mi dai una conferma che non c'è niente di allarmante da risolvere prima uso subito l'agent della Nod.
Ancora una cosa (lo so, sono una cambiale!): MyUninstaller mi indica il programma "Connection Guard" con l'icona di IE. Nella colonna Description c'è scritto Internet Explorer. La cartella indicata è quella di IE, il programma risulta di Microsoft COmpany e tutti le voci fanno pensare che si tratti dell'originale. Ma il nome "Connection Guard" mi era sembrato troppo simile a quelli usati da Gromo/LO...magari è una sciocchezza ma, inutile negarlo, me la faccio addosso al pensiero che il pc sia fregato.
E' davvero tutto.
Grazie ancora.
Registrazione
di Alexsandra » 25/10/06 19:56 
