Condividi:        

aiuto!! troian horse anti avast!

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

aiuto!! troian horse anti avast!

Postdi muffo » 04/11/06 13:32

Ciao ragazzi, nel pc ho avast! come antivirus, mi rileva dei troian horse ma non riesce a eliminarli, vi mando il mio logfile:
grazie...

Logfile of HijackThis v1.99.1
Scan saved at 13.31.41, on 04/11/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINNT\service32.exe
C:\Programmi\Trust\WB-3500T USB2 Webcam\SnapTrap.exe
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINNT\TEMP\odfl1.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
C:\WINNT\System32\drivers\CDAC11BA.EXE
C:\WINNT\System32\mioengine.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\WINNT\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\nicola\Desktop\Software\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.chatta.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {A30D56AA-C844-5FFB-0887-16271BFB4F16} - C:\WINNT\wphhl1.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [STICAP] C:\Programmi\Trust\WB-3500T USB2 Webcam\SnapTrap.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [IMprocess] C:\Programmi\Instant Messenger Names\IM-svr.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [odfl1.exe] C:\WINNT\TEMP\odfl1.exe
O4 - HKLM\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [DW4] "C:\Programmi\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - Startup: My 190.it.lnk = C:\Documents and Settings\nicola\Dati applicazioni\mioObjects\[objects]\69GWEU9386MTAR08.mio
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .pdf: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9925362144
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {AB294EC6-7ADA-11D4-9D5F-00B0D04BBD07} (msichat50 Client Control) - http://chat.capital.it:4080/chat/data/h ... sichat.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {FD18DD5E-B398-452A-B22A-B54636BA9F0D} (Aurigma Image Uploader 2.5) - http://www.digitalpix.it/controls/ImageUploader2.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{5EC7012D-95A3-4B41-96C8-BF06A0D51C30}: NameServer = 213.205.36.70 213.205.32.70
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4F7069E-E56B-4500-8481-6D1C5E3881E5}: NameServer = 193.70.192.25,193.70.152.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{5EC7012D-95A3-4B41-96C8-BF06A0D51C30}: NameServer = 213.205.36.70 213.205.32.70
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\System32\drivers\CDAC11BA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
muffo
Utente Junior
 
Post: 58
Iscritto il: 18/04/06 17:54

Sponsor
 

Postdi Smjert » 04/11/06 15:04

Hai 2 trojan, uno il Trojan Clicker e l'altro il Trojan LinkOptimizer.

Rimuoviamo prima il L.O.:

Avvia HijackThis, premi Do a system scan only, spunta queste voci e poi premi FixChecked:

R3 - Default URLSearchHook is missing
O2 - BHO: Class - {A30D56AA-C844-5FFB-0887-16271BFB4F16} - C:\WINNT\wphhl1.dll (file missing)
O4 - HKLM\..\Run: [odfl1.exe] C:\WINNT\TEMP\odfl1.exe
O4 - Startup: My 190.it.lnk = C:\Documents and Settings\nicola\Dati applicazioni\mioObjects\[objects]\69GWEU9386MTAR08.mio


Scarica questi due tool http://www.pc-facile.com/forum/viewtopic.php?t=49816.

Avvia prima il tool Prevx e premi Scan, alla fine della scansione ti farà riavviare il pc, tu accetta.

Riavvia in Modalità Provvisoria (F8 al boot, copiati da qualche le operazioni da fare perchè non potrai accedere ad Internet)

Avvia il tool Symantec, premi Start e aspetta che abbia finito.

Sempre in Modalità Provvisoria:

Apri una cartella qualunque, vai su
Strumenti->Opzioni Cartella->scheda Visualizzazione,
spunta la voce "Visualizza cartelle e file nascosti", togli la spunta a
"Nascondi file protetti di sistema" (digli di sì).


Usa la ricerca di Windows e trova questi file: service32.exe, winsyst32.exe, syst32.dll, iexplore32.dll, spoolsv32.dll, cc1.txt, tuk.php, Sys.htm
(ricordati di attivare la ricerca nelle cartelle e nei file nascosti andando
in "Altre opzioni avanzate" e spuntando la voce
"Cerca nei file e nelle cartelle nascosti").


Se li trovi li cancelli

Controlla bene di non avere un file con nome numerico (tipo 221321787.exe) nella cartella C:\Windows, se c'è lo cancelli.

Riavvia in Modalità Normale.

Posta il log del tool Prevx (C:\gromozon_removal), del tool Symantec (FixLinkOpt.log) e un nuovo log di HijackThis.
Smjert
Utente Junior
 
Post: 75
Iscritto il: 22/10/06 14:29

Postdi muffo » 04/11/06 16:14

quando vado su questi link del forum:
http://www.prevx.com/gromozon.asp
http://smallbiz.symantec.com/security_r ... 16-4153-99
mi da "impossibile visualizzare la pagina"
muffo
Utente Junior
 
Post: 58
Iscritto il: 18/04/06 17:54

Postdi Smjert » 04/11/06 16:27

mmm hai la versione "cattiva" del Link Optimizer che blocca i siti.

Scaricali da qua:

Prevx
http://www.mytempdir.com/988986

Symantec
http://www.mytempdir.com/1003691

Una volta scaricati conviene che li rinomini a caso ad esempio asldkjsk.exe .

Poi procedi come ti avevo già scritto.
Smjert
Utente Junior
 
Post: 75
Iscritto il: 22/10/06 14:29

Postdi muffo » 05/11/06 22:01

Come file numerici ho cancellato questi, ditemi se li devo eliminare completamente dal cestino.

questi i nuovi log:

Removal tool loaded into memory
Removing ADS stream: C:\WINNT\System32:hlaa.dll:$DATA
------------------------------------
Executing rootkit removal engine....
------------------------------------
Disabling rootkit file: \\?\C:\WINNT\con.zst
\\?\C:\WINNT\con.zst
Resetting file permissions...
Clearing attributes...
Accesso negato - C:\_cleaned.tmp
Removing file...
Rootkit removed! Cleaning up...

Removing temp files...
Scanning: C:\WINNT
Scanning: C:\Programmi\File comuni
Gromozon-Related Malicious Code Detected!
FileName: C:\WINNT\1B.tmp
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINNT\71.tmp
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINNT\76.tmp
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINNT\8B.tmp
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINNT\9.tmp
Removed!


Trojan.Gromozon Removed!







Symantec Trojan.Linkoptimizer Removal Tool 1.0.8

Trojan.Linkoptimizer has not been found on your computer.






Logfile of HijackThis v1.99.1
Scan saved at 21.58.39, on 05/11/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\drivers\CDAC11BA.EXE
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\Trust\WB-3500T USB2 Webcam\SnapTrap.exe
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
C:\Programmi\Logitech\Desktop

Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINNT\System32\mioengine.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.

exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Documents and Settings\nicola\Desktop\Software\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.chatta.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {A30D56AA-C844-5FFB-0887-16271BFB4F16} -

C:\WINNT\wphhl1.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

c:\programmi\google\googletoolbar3.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} -

C:\Programmi\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -

C:\Programmi\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: SweetIM For Internet Explorer -

{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} -

C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [STICAP] C:\Programmi\Trust\WB-3500T USB2

Webcam\SnapTrap.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Programmi\Conexant\AccessRunner

ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [IMprocess] C:\Programmi\Instant Messenger Names\IM-svr.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Programmi\MSN Messenger\MsnMsgr.Exe"

/background
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop

Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [DW4] "C:\Programmi\The Weather Channel FW\Desktop

Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [swg]

C:\Programmi\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.

exe
O4 - HKCU\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - Startup: My 190.it.lnk = C:\Documents and Settings\nicola\Dati

applicazioni\mioObjects\[objects]\69GWEU9386MTAR08.mio
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File

comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk =

C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk =

C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .pdf: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -

http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory

Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -

http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

http://by108fd.bay108.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsupda ... nt/wuweb_s

ite.cab?1139925362144
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient

Class) -

http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {AB294EC6-7ADA-11D4-9D5F-00B0D04BBD07} (msichat50 Client Control)

- http://chat.capital.it:4080/chat/data/h ... sichat.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

(MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {FD18DD5E-B398-452A-B22A-B54636BA9F0D} (Aurigma Image Uploader

2.5) - http://www.digitalpix.it/controls/ImageUploader2.CAB
O17 -

HKLM\System\CCS\Services\Tcpip\..\{F4F7069E-E56B-4500-8481-6D1C5E3881E5}:

NameServer = 193.70.192.25,193.70.152.25
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -

C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil

Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil

Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil

Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision -

C:\WINNT\System32\drivers\CDAC11BA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON

CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton

AntiVirus\SAVScan.exe
muffo
Utente Junior
 
Post: 58
Iscritto il: 18/04/06 17:54

Postdi muffo » 05/11/06 22:03

scusate.... i file numerici...

bwUnin-7.2.0.157-8876480SL.exe
bwUnin-6.1.4.36-8876480L.exe
43168174226.exe
muffo
Utente Junior
 
Post: 58
Iscritto il: 18/04/06 17:54

Postdi Smjert » 05/11/06 22:32

Sì, svuota pure il cestino.
Ti dispiacerebbe rifare la scansione o comunque provare a copiare di nuovo il log? le righe sono tutte spezzate ed è un po' poco leggibile...
Smjert
Utente Junior
 
Post: 75
Iscritto il: 22/10/06 14:29

Postdi muffo » 06/11/06 00:12

ok, ho rifatto le scansioni, questi i log:

Removal tool loaded into memory
Gromozon rootkit component not detected - searching for other components
Scanning: C:\WINNT
Scanning: C:\Programmi\File comuni


Trojan.Gromozon does not exist - your system is clean.



Symantec Trojan.Linkoptimizer Removal Tool 1.0.8

Trojan.Linkoptimizer has not been found on your computer.




Logfile of HijackThis v1.99.1
Scan saved at 0.11.11, on 06/11/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\drivers\CDAC11BA.EXE
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\Trust\WB-3500T USB2 Webcam\SnapTrap.exe
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\WINNT\System32\mioengine.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\System32\wuauclt.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Documents and Settings\nicola\Desktop\Software\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.chatta.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {A30D56AA-C844-5FFB-0887-16271BFB4F16} - C:\WINNT\wphhl1.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [STICAP] C:\Programmi\Trust\WB-3500T USB2 Webcam\SnapTrap.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [IMprocess] C:\Programmi\Instant Messenger Names\IM-svr.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [DW4] "C:\Programmi\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - Startup: My 190.it.lnk = C:\Documents and Settings\nicola\Dati applicazioni\mioObjects\[objects]\69GWEU9386MTAR08.mio
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .pdf: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9925362144
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {AB294EC6-7ADA-11D4-9D5F-00B0D04BBD07} (msichat50 Client Control) - http://chat.capital.it:4080/chat/data/h ... sichat.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {FD18DD5E-B398-452A-B22A-B54636BA9F0D} (Aurigma Image Uploader 2.5) - http://www.digitalpix.it/controls/ImageUploader2.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4F7069E-E56B-4500-8481-6D1C5E3881E5}: NameServer = 193.70.192.25,193.70.152.25
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\System32\drivers\CDAC11BA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: SrvRnk - Unknown owner - C:\Programmi\File comuni\Services\ICO.exe (file missing)
muffo
Utente Junior
 
Post: 58
Iscritto il: 18/04/06 17:54

Postdi Smjert » 06/11/06 14:54

Scusa mi ero spiegato male, bastava il log di HijackThis.

Avvia HijackThis, premi Do a system scan only, spunta queste voci e poi premi FixChecked:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.chatta.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {A30D56AA-C844-5FFB-0887-16271BFB4F16} - C:\WINNT\wphhl1.dll (file missing)
O23 - Service: SrvRnk - Unknown owner - C:\Programmi\File comuni\Services\ICO.exe (file missing)


Vai sulla barra di avvio->Start->Esegui->digita sc stop SrvRnk e dai invio, dopo rifai la stessa cosa ma digita sc delete SrvRnk.

Controlla che non ci siano questi due file C:\Programmi\File comuni\Services\ICO.exe e C:\WINNT\wphhl1.dll, se ci sono cancellali dalla Modalità Provvisoria.
(Forse il file ICO.exe è uno di quei file con nome riservato che normalmente non riesci a cancellare se non dando questo comando da barra di avvio->Start->Esegui: del \\.\C:\Programmi\File comuni\Services\ICO.exe)

Fai un nuovo log di HijackThis, se le voci che ti ho fatto cancellare (soprattutto questa R3 - Default URLSearchHook is missing) non ci sono più vuol dire che sei a posto.
Smjert
Utente Junior
 
Post: 75
Iscritto il: 22/10/06 14:29

Postdi muffo » 06/11/06 18:03

questi file non li ho trovati C:\Programmi\File comuni\Services\ICO.exe e C:\WINNT\wphhl1.dll

il nuovo log:

Logfile of HijackThis v1.99.1
Scan saved at 18.01.37, on 06/11/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\drivers\CDAC11BA.EXE
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\Trust\WB-3500T USB2 Webcam\SnapTrap.exe
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\WINNT\System32\mioengine.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINNT\System32\svchost.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\Windows Media Player\wmplayer.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\nicola\Desktop\Software\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [STICAP] C:\Programmi\Trust\WB-3500T USB2 Webcam\SnapTrap.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Programmi\Conexant\AccessRunner ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [IMprocess] C:\Programmi\Instant Messenger Names\IM-svr.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [DW4] "C:\Programmi\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - Startup: My 190.it.lnk = C:\Documents and Settings\nicola\Dati applicazioni\mioObjects\[objects]\69GWEU9386MTAR08.mio
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .pdf: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9925362144
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {AB294EC6-7ADA-11D4-9D5F-00B0D04BBD07} (msichat50 Client Control) - http://chat.capital.it:4080/chat/data/h ... sichat.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {FD18DD5E-B398-452A-B22A-B54636BA9F0D} (Aurigma Image Uploader 2.5) - http://www.digitalpix.it/controls/ImageUploader2.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{5EC7012D-95A3-4B41-96C8-BF06A0D51C30}: NameServer = 213.205.36.70 213.205.32.70
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4F7069E-E56B-4500-8481-6D1C5E3881E5}: NameServer = 193.70.192.25,193.70.152.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{5EC7012D-95A3-4B41-96C8-BF06A0D51C30}: NameServer = 213.205.36.70 213.205.32.70
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\System32\drivers\CDAC11BA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
muffo
Utente Junior
 
Post: 58
Iscritto il: 18/04/06 17:54

Postdi Smjert » 06/11/06 18:30

Ma hai fixato le voci che ti ho detto con HijackThis??

Tu cmq prova a fare questo:

barra di avvio->Start->Esegui: del \\.\C:\Programmi\File comuni\Services\ICO.exe
Smjert
Utente Junior
 
Post: 75
Iscritto il: 22/10/06 14:29

Postdi muffo » 07/11/06 11:01

fatto, ma mi dice "impossibile trovare il file del"
muffo
Utente Junior
 
Post: 58
Iscritto il: 18/04/06 17:54

trojan horse

Postdi lilian81 » 07/11/06 15:45

qualcuno mi può dare una mano?
lilian81
Utente Junior
 
Post: 47
Iscritto il: 06/11/06 08:52

Postdi Smjert » 07/11/06 22:53

@muffo: scusa, fai così, barra di avvio->Start->Esegui: cmd poi nella finestra che si apre digiti del \\.\C:\Programmi\File comuni\Services\ICO.exe e dai invio.
Smjert
Utente Junior
 
Post: 75
Iscritto il: 22/10/06 14:29

Postdi muffo » 08/11/06 10:57

ho provato anche così ma mi dice "impossibile trovare il percorso specificato"
muffo
Utente Junior
 
Post: 58
Iscritto il: 18/04/06 17:54


Torna a Sicurezza e Privacy


Topic correlati a "aiuto!! troian horse anti avast!":

aiuto windows 10
Autore: mod360
Forum: Software Windows
Risposte: 1
aiuto installazione
Autore: mod360
Forum: Software Windows
Risposte: 3
aiuto x mobili
Autore: MarioLombardi
Forum: Forum off-topic
Risposte: 8

Chi c’è in linea

Visitano il forum: Nessuno e 45 ospiti