Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

Aiuto! Computer lento e qualche spyware

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

Aiuto! Computer lento e qualche spyware

Postdi dipettatony » 22/07/06 08:19

Non riesco a debellare questi problemi. AIUTATEMI! ecco il log:


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\carpserv.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\WINDOWS\Temp\cvuj1.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\System32\hpoipm07.exe
C:\Programmi\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Programmi\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {27CCA8B1-1716-313B-0173-9B017C3F6184} - C:\WINDOWS\kxbfj1.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Programmi\ScanSoft\PDF Professional 3.0\\RegistryController.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [cvuj1.exe] C:\WINDOWS\Temp\cvuj1.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: HPAiODevice(hp officejet v series) - 1.lnk = C:\Programmi\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Programmi\ScanSoft\PDF Professional 3.0\IEShellExt.dll /100
O8 - Extra context menu item: Similar Pages - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Programmi\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 1487335417
O16 - DPF: {EB298A87-BD35-4424-9BA2-B198D2B63BBD} (WebPhoneEVT Control) - http://www.abbeyphone.com/activex/WebPh ... _heavy.cab
O16 - DPF: {ED5D2306-0FF4-11D2-B37C-0000C000D50D} (HighWay Imaging Control) - http://www.3di.it/code/iw/iwfull.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B0E5787-F498-49F6-A444-4B07CD83725E}: NameServer = 151.99.0.100,151.99.125.1
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SrvGex - Unknown owner - \\?\C:\Programmi\File comuni\System\nul.exe (file missing)
dipettatony
Utente Junior
 
Post: 80
Iscritto il: 14/12/05 11:52
Località: Vasto

Sponsor
 

Postdi Luke57 » 22/07/06 10:57

Ciao, procedi così:
Scarica la versione trial of Ewido Security Suite da qui -->
http://www.ewido.net/en/download/
Installala ed aggiorna le definizioni

Apri hijackthis, con tutte le applicazioni chiuse, premi ““open the misc tools section”, poi “open process manger”, individua ed evidenzia i processi:
C:\WINDOWS\Temp\cvuj1.exe
Premi kill process.

Torni alla pagina principale con back, premi “scan”, cerchi e spunti le seguenti voci (se cisono tutte):
O4 - HKLM\..\Run: [cvuj1.exe] C:\WINDOWS\Temp\cvuj1.exe) –
O23 - Service: SrvGex - Unknown owner - \\?\C:\Programmi\File comuni\System\nul.exe (file missing)
Premi fix checked

Poi ancora:
Start>esegui>Services.msc >OK
trova il servizio chiamato:
Service: SrvGex
Quando lo trovi cliccaci due volte sopra . Nella finestra che si apre, clicca su "arresta" , poi clicca su proprietà nel tab generale e cambia il tipo di avvio in "disabilitato". Clicca su applica e su ok, e chiudi ogni finestra aperta di windows

Riavvia in modalità provvisoria
(Avviare il computer.Subito dopo il calcolo della RAM e prima che inizi a caricarsi Windows, iniziare a premere ripetutamente il tasto F8 sulla tastiera. Continuare a farlo fino a visualizzare il menu Opzioni avanzate di Windows. Usando i tasti freccia sulla tastiera, scorrere le opzioni e selezionare il menu Modalità Provvisoria, quindi premere Invio)

Rendi visibili file e cartelle nascosti:
da gestione del computer>strumenti>Opzioni Cartella
Seleziona Visualizza
Spunta "mostra file e cartelle nascoste"
Togli la spunta da "nascondi

Cerca ed elimina i seguenti file( se ci sono tutti):
C:\WINDOWS\Temp\cvuj1.exe
C:\Programmi\File comuni\System\nul.exe
Elimina poi tutti i file temporanei di windows temp e tmp (da start>cerca>tutti i file e cartelle, copi e incolli: *.temp;*.tmp, ed elimini tutti quelli trovati)

sulle opzioni Internet cancella la cache di IE ( sull’opzione elimina file temporanei spunta anche “elimina il contenuto non in linea”, i cookies, cronologia)

svuota il cestino.

Avvia Ewido e Click su scanner
Click su "Complete System Scan" e attendi che lo scan cominci
Alla prima infezione trovata ci sarà la richiesta di pulire la prima infezione, rispondi "Perform action on all infections" e prosegui.
Una volta completato lo scan, ci sarà un pulsante in basso sullo schermo chiamato "Save report", premilo...
Salva il file report .txt sul desktop ed allegalo in un post nel forum

Posta nuovo log per controllo
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Eccomi, scusa per il ritardo

Postdi dipettatony » 29/07/06 11:14

Ho eseguito la procedura descritta, questo è il report da Ewido:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 12.04.19 29/07/2006

+ Scan result:



C:\Documents and Settings\Standard\Cookies\standard@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@2o7[3].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@pinnaclesystems.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@advertising[3].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@servedby.advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@servedby.advertising[3].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@ads20.bpath[2].txt -> TrackingCookie.Bpath : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@cz3.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@cz4.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@cz4.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@cz6.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@cz6.clickzs[3].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@cz7.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@as-eu.falkag[3].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@as1.falkag[4].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@sel.as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@sel.as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@media.fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@ehg-lexmark.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@ehg-nokiafin.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@hg1.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@hitbox[3].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@w131.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@ads20.hyperbanner[1].txt -> TrackingCookie.Hyperbanner : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@ilead.itrack[2].txt -> TrackingCookie.Itrack : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@vad.mainentrypoint[2].txt -> TrackingCookie.Mainentrypoint : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@paycounter[1].txt -> TrackingCookie.Paycounter : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@paycounter[2].txt -> TrackingCookie.Paycounter : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@revenue[3].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@bs.serving-sys[3].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@serving-sys[3].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@cs.sexcounter[3].txt -> TrackingCookie.Sexcounter : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@sexlist[1].txt -> TrackingCookie.Sexlist : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@sexlist[3].txt -> TrackingCookie.Sexlist : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@counter10.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@counter5.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@counter5.sextracker[3].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@counter7.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@counter7.sextracker[3].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@sextracker[3].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@spylog[2].txt -> TrackingCookie.Spylog : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@spylog[3].txt -> TrackingCookie.Spylog : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@weborama[2].txt -> TrackingCookie.Weborama : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@xxxcounter[2].txt -> TrackingCookie.Xxxcounter : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@xxxcounter[3].txt -> TrackingCookie.Xxxcounter : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@xxxtoolbar[1].txt -> TrackingCookie.Xxxtoolbar : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@xxxtoolbar[2].txt -> TrackingCookie.Xxxtoolbar : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@c1.zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Standard\Cookies\standard@zedo[3].txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{90795868-AC74-43E9-BB87-7D7B107512E2}\RP119\A0094247.exe -> Trojan.LowZones.dp : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\funk.exe -> Trojan.LowZones.dp : Cleaned with backup (quarantined).


::Report end

E questo il log:

Logfile of HijackThis v1.99.1
Scan saved at 12.14.31, on 29/07/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\carpserv.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\System32\snmp.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\System32\hpoipm07.exe
C:\Programmi\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Programmi\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {27CCA8B1-1716-313B-0173-9B017C3F6184} - C:\WINDOWS\kxbfj1.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Programmi\ScanSoft\PDF Professional 3.0\\RegistryController.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [!ewido] "C:\Programmi\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: HPAiODevice(hp officejet v series) - 1.lnk = C:\Programmi\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Programmi\ScanSoft\PDF Professional 3.0\IEShellExt.dll /100
O8 - Extra context menu item: Similar Pages - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Programmi\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 1487335417
O16 - DPF: {EB298A87-BD35-4424-9BA2-B198D2B63BBD} (WebPhoneEVT Control) - http://www.abbeyphone.com/activex/WebPh ... _heavy.cab
O16 - DPF: {ED5D2306-0FF4-11D2-B37C-0000C000D50D} (HighWay Imaging Control) - http://www.3di.it/code/iw/iwfull.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B0E5787-F498-49F6-A444-4B07CD83725E}: NameServer = 151.99.0.100,151.99.125.1
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe


Grazie
dipettatony
Utente Junior
 
Post: 80
Iscritto il: 14/12/05 11:52
Località: Vasto

Un ultima cosa

Postdi dipettatony » 29/07/06 11:15

Ho notato che il computer è ancora lentino...
dipettatony
Utente Junior
 
Post: 80
Iscritto il: 14/12/05 11:52
Località: Vasto

Postdi Luke57 » 30/07/06 09:18

Ciao, mi è venuto un dubbio, prova a dare questo comando:
start>esegui>control userpaswords2 (lo copi nello spazio)>OK
Verifica quante utenze hai nel computer e se c'è una sospetta.
Controlla se in C:\Documents and settings trovi una cartella con lo stesso nome dell’utenza sospetta.
A quel punto, se la risposta è affermativa, ci sono due guide in rete relative all’eliminazione di questo rootkit che è una vera iattura:
http://www.suspectfile.com/forum/viewtopic.php?t=156
molto ben scritta che personalmente conosco meglio
http://www.viritpro.info/articoli/rootkit_d-e.htm
che presuppone l’uso dell’antivirus Virit (anch’essa dimostratasi efficace).
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi BilloKenobi » 30/07/06 09:26

ha il LinkOptimizer ecco una guida
Begun the Clone War has

Sì sì, mi hanno fatto redattore --- SuspectFile
BilloKenobi
Utente Senior
 
Post: 348
Iscritto il: 08/07/06 11:05

Sono tornato, ma ancora problemi

Postdi dipettatony » 21/09/06 14:48

Scusate sono stato fuori due mesi quasi...ho ancora rallentamenti, specie su Internet, specie su google, e alle installazioni ho scoperto CONNECTSERVICE, cos'è?...
Questo il log attuale:

Logfile of HijackThis v1.99.1
Scan saved at 15.45.56, on 21/09/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
C:\Programmi\Sony Corporation\Image Transfer\SonyTray.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\System32\hpoipm07.exe
C:\Programmi\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Programmi\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Adobe\Acrobat 4.0\Reader\AcroRd32.exe
C:\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {27CCA8B1-1716-313B-0173-9B017C3F6184} - C:\WINDOWS\kxbfj1.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: HPAiODevice(hp officejet v series) - 1.lnk = C:\Programmi\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Image Transfer.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Programmi\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 1487335417
O16 - DPF: {EB298A87-BD35-4424-9BA2-B198D2B63BBD} (WebPhoneEVT Control) - http://www.abbeyphone.com/activex/WebPh ... _heavy.cab
O16 - DPF: {ED5D2306-0FF4-11D2-B37C-0000C000D50D} (HighWay Imaging Control) - http://www.3di.it/code/iw/iwfull.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B0E5787-F498-49F6-A444-4B07CD83725E}: NameServer = 151.99.0.100,151.99.125.1
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: UWHOFNXRBDQBC - Sysinternals - http://www.sysinternals.com - C:\DOCUME~1\Standard\IMPOST~1\Temp\UWHOFNXRBDQBC.exe
dipettatony
Utente Junior
 
Post: 80
Iscritto il: 14/12/05 11:52
Località: Vasto

Postdi BilloKenobi » 21/09/06 15:57

durante la tua assenza è uscito un tool apposito... sei stato fortunato

http://www.prevx.com/gromozon.asp

il tool rilascia un logfile in c:\gromozon_removal.log. per piacere dopo la scansione posta il log
Begun the Clone War has

Sì sì, mi hanno fatto redattore --- SuspectFile
BilloKenobi
Utente Senior
 
Post: 348
Iscritto il: 08/07/06 11:05


Torna a Sicurezza e Privacy


Topic correlati a "Aiuto! Computer lento e qualche spyware":

Aiuto urgente!!!
Autore: templare77
Forum: Software Windows
Risposte: 1

Chi c’è in linea

Visitano il forum: Nessuno e 14 ospiti