Condividi:        

Cavalli di troja

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Cavalli di troja

Postdi salsero » 10/02/07 00:43

ciao a tutti!!
sono nuovo di questo forum,
ho bisogno di un grosso aiuto
non riesco a togliere questi cavalli di troja
Ciscoword
Fujitsunetwork
googleSpeed
Google-Word
LanhDsk

Ho questi antiviurus
Nod 32
Ad-aware
Avast
AVG 7.5 plus firewall

Tutti rilevano le minacce ma nessuno riesce a toglierli
nemmeno AVG non in versione free ma a pagamento.

C'è qualcuno di voi che mi poò dare una mano?
Grazie
Roberto
salsero
Utente Junior
 
Post: 13
Iscritto il: 10/02/07 00:14
Località: Milano

Sponsor
 

Postdi paperino70 » 10/02/07 01:04

Ciao, scarica HIJACKTHIS da qui
http://www.majorgeeks.com/download3155.html
(ci sono diversi link nella pagina per scaricarlo)
Estrai il contenuto del file .zip in una cartella permanente appositamente creata, per esempio C:\HJT, non cartelle temporanee come Desktop
oppure C:\Windows\temp. Nella cartella permanente il programma crea una cartella di backup delle voci eventualmente rimosse.
Chiudi tutte le applicazioni aperte
Avvia HiJackThis con doppio click sull'eseguibile (hijackthis.exe)
Clicca su DO A SYSTEM SCAN AND SAVE LOGFILE
Attendi che finisca la scansione e che si apra in automatico un foglio di blocco note scritto
Salva il file di testo contenente il log e allegalo in un post nel forum.
E'meglio dare + vita agli anni che + anni alla vita
paperino70
Utente Junior
 
Post: 52
Iscritto il: 21/11/06 22:20

Postdi paperino70 » 10/02/07 01:07

non ti ho detto che di antivirus ne basta 1 sul pc...
E'meglio dare + vita agli anni che + anni alla vita
paperino70
Utente Junior
 
Post: 52
Iscritto il: 21/11/06 22:20

Postdi salsero » 12/02/07 08:09

Ho provato a scaricare il programma ma
Hijackthis ma purtroppo automaticamente si chiude la finestra di internet explorer.
Si chiude tutto anche provo a fare la ricerca sui motori google ecc…
Come posso fare??
Grazie ancora
Roberto
salsero
Utente Junior
 
Post: 13
Iscritto il: 10/02/07 00:14
Località: Milano

Postdi Luke57 » 12/02/07 15:47

Ciao, scarica runanalyzer da qui (rilascia un rapporto stile hijackthis, anche se non propriamente uguale):
http://www.safer-networking.org/files/runalyz.exe
lasciagli caricare le informazioni, poi vai su "Rapporti" e clicca su "Crea Rapporto stile HJT",salvalo cliccando sull'icona apposita.
Poi lo incolli in un post.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi salsero » 12/02/07 22:35

OK fatto
ecco l rapporto
grazie ancora!!!
----

Logfile of RunAlyzer 0.3. Copyright © 2000-2005 Safer Networking Limited. Tutti i diritti sono riservati.
Scan saved at 12/02/2007 22.19.46
Platform: Windows XP (Build: 2600) Service Pack 2 (5.1.2600)

Running processes:
[System]
System
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\alg.exe
c:\windows\google-word.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\Explorer.EXE
C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\SPYWAREfighter\spftray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\SPYWAREfighter\spfprc.exe
C:\Programmi\File comuni\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Programmi\File comuni\Research In Motion\USB Drivers\BbDevMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Microsoft Office\Office\1040\msoffice.exe
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
wmiprvse.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Programmi\Safer Networking\RunAlyzer\RunAlyzer.exe

F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,"c:\windows\landsk.exe","c:\windows\ciscoword.exe","c:\windows\fujitsunetwork.exe","c:\windows\googlespeed.exe","c:\windows\google-word.exe",
O20 - Winlogon Notify: WgaLogon = WgaLogon.dll
O4 - Startup: Diskeeper 10 Professional Edition Registration.lnk =
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Barra degli strumenti Microsoft Office.lnk = C:\WINDOWS\Installer\{00010410-78E1-11D2-B60F-006097C998E7}\misc.exe
O4 - Global Startup: Porta Symantec Fax Starter Edition.lnk = C:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O4 - HKCU\..\Run: [msnmsgr]
O4 - HKCU\..\Run: [MSMSGS] C:\Programmi\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [RIMDeviceManager] C:\Programmi\File comuni\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Programmi\File comuni\Real\Update_OB\realsched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: []
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
O4 - HKLM\..\Run: [Omnipage] C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\Programmi\QuickTime\qttask.exe
O4 - HKLM\..\Run: [spywarefighterguard] C:\Programmi\SPYWAREfighter\spftray.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmi\iTunes\iTunesHelper.exe
O23 - Service: avast! Asynchronous Virus Monitor (Aavmker4) - /owner unsupported/ -
O23 - Service: Servizio installazione driver audio Intel(r) 82801 (WDM) (ac97intc) - /owner unsupported/ - C:\WINDOWS\system32\drivers\ac97intc.sys
O23 - Service: Driver ACPI Microsoft (ACPI) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ACPI.sys
O23 - Service: Eliminatore di eco acustico del kernel Microsoft (aec) - /owner unsupported/ - C:\WINDOWS\system32\drivers\aec.sys
O23 - Service: AFD (AFD) - /owner unsupported/ - C:\WINDOWS\System32\drivers\afd.sys
O23 - Service: Filtro bus Intel AGP (agp440) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\agp440.sys
O23 - Service: Avvisi (Alerter) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Servizio Gateway di livello applicazione (ALG) - /owner unsupported/ - C:\WINDOWS\System32\alg.exe
O23 - Service: Gestione applicazione (AppMgmt) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: ASP.NET State Service (aspnet_state) - /owner unsupported/ - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
O23 - Service: avast! Standard Shield Support (aswMon2) - /owner unsupported/ -
O23 - Service: aswRdr (aswRdr) - /owner unsupported/ -
O23 - Service: avast! Network Shield Support (aswTdi) - /owner unsupported/ -
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - /owner unsupported/ - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Driver per supporti asincroni RAS (AsyncMac) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\asyncmac.sys
O23 - Service: Controller disco rigido IDE/ESDI standard (atapi) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\atapi.sys
O23 - Service: Protocollo client ARP ATM (Atmarpc) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\atmarpc.sys
O23 - Service: Audio Windows (AudioSrv) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Driver stub audio (audstub) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\audstub.sys
O23 - Service: avast! Antivirus (avast! Antivirus) - /owner unsupported/ - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! Mail Scanner) - /owner unsupported/ - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! Web Scanner) - /owner unsupported/ - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - /owner unsupported/ - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Kernel (Avg7Core) - /owner unsupported/ - C:\WINDOWS\System32\Drivers\avg7core.sys
O23 - Service: AVG7 Wrap Driver (Avg7RsW) - /owner unsupported/ - C:\WINDOWS\System32\Drivers\avg7rsw.sys
O23 - Service: AVG7 Resident Driver XP (Avg7RsXP) - /owner unsupported/ - C:\WINDOWS\System32\Drivers\avg7rsxp.sys
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - /owner unsupported/ - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Clean Driver (AvgClean) - /owner unsupported/ - C:\WINDOWS\System32\Drivers\avgclean.sys
O23 - Service: AVG E-mail Scanner (AVGEMS) - /owner unsupported/ - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - /owner unsupported/ - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: AVG Network Redirector (AvgTdi) - /owner unsupported/ - C:\WINDOWS\System32\Drivers\avgtdi.sys
O23 - Service: Servizio trasferimento intelligente in background (BITS) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Browser di computer (Browser) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Driver del CD-ROM (Cdrom) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\cdrom.sys
O23 - Service: Servizio di indicizzazione (CiSvc) - /owner unsupported/ - C:\WINDOWS\system32\cisvc.exe
O23 - Service: ClipBook (ClipSrv) - /owner unsupported/ - C:\WINDOWS\system32\clipsrv.exe
O23 - Service: Applicazione di sistema COM+ (COMSysApp) - /owner unsupported/ - C:\WINDOWS\system32\dllhost.exe
O23 - Service: Servizi di crittografia (CryptSvc) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Utilità di avvio processo server DCOM (DcomLaunch) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Client DHCP (Dhcp) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Driver del disco (Disk) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\disk.sys
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - /owner unsupported/ - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Driver Gestione dischi logici (dmio) - /owner unsupported/ - C:\WINDOWS\System32\drivers\dmio.sys
O23 - Service: Gestione dischi logici (dmserver) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Sintetizzatore DLS Microsoft Kernel (DMusic) - /owner unsupported/ - C:\WINDOWS\system32\drivers\DMusic.sys
O23 - Service: Client DNS (Dnscache) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Decodificatore audio DRM del kernel Microsoft (drmkaud) - /owner unsupported/ - C:\WINDOWS\system32\drivers\drmkaud.sys
O23 - Service: ElbyCDFL (ElbyCDFL) - /owner unsupported/ - C:\WINDOWS\System32\Drivers\ElbyCDFL.sys
O23 - Service: ElbyCDIO Driver (ElbyCDIO) - /owner unsupported/ - C:\WINDOWS\System32\Drivers\ElbyCDIO.sys
O23 - Service: Servizio di segnalazione errori (ERSvc) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Registro eventi (Eventlog) - /owner unsupported/ - C:\WINDOWS\system32\services.exe
O23 - Service: Sistema di eventi COM+ (EventSystem) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Compatibilità di Cambio rapido utente (FastUserSwitchingCompatibility) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Driver controller disco floppy (Fdc) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\fdc.sys
O23 - Service: Driver disco floppy (Flpydisk) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\flpydisk.sys
O23 - Service: FltMgr (FltMgr) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\fltMgr.sys
O23 - Service: Driver archiviazione volumi (Ftdisk) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ftdisk.sys
O23 - Service: Enumeratore porta giochi (gameenum) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\gameenum.sys
O23 - Service: GEARAspiWDM (GEARAspiWDM) - /owner unsupported/ - C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
O23 - Service: Utilità di classificazione pacchetti generica (Gpc) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\msgpc.sys
O23 - Service: Guida in linea e supporto tecnico (helpsvc) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Accesso periferica Human Interface (HidServ) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Driver di classe HID Microsoft (HidUsb) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\hidusb.sys
O23 - Service: IEEE-1284.4 Driver HPZid412 (HPZid412) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\HPZid412.sys
O23 - Service: Print Class Driver for IEEE-1284.4 HPZipr12 (HPZipr12) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
O23 - Service: USB to IEEE-1284.4 Translation Driver HPZius12 (HPZius12) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\HPZius12.sys
O23 - Service: HTTP (HTTP) - /owner unsupported/ - C:\WINDOWS\System32\Drivers\HTTP.sys
O23 - Service: SSL HTTP (HTTPFilter) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Driver di porta mouse PS/2 e tastiera i8042 (i8042prt) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\i8042prt.sys
O23 - Service: InstallDriver Table Manager (IDriverT) - /owner unsupported/ - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Driver filtro masterizzazione CD (Imapi) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\imapi.sys
O23 - Service: Servizio COM di masterizzazione CD IMAPI (ImapiService) - /owner unsupported/ - C:\WINDOWS\system32\imapi.exe
O23 - Service: InCD File System (InCDFs) - /owner unsupported/ - system32\drivers\InCDFs.sys
O23 - Service: InCDPass (InCDPass) - /owner unsupported/ - system32\drivers\InCDPass.sys
O23 - Service: InCD Reader (InCDRm) - /owner unsupported/ - system32\drivers\InCDRm.sys
O23 - Service: Driver Windows Firewall IPv6 (Ip6Fw) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
O23 - Service: Driver filtro traffico IP (IpFilterDriver) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
O23 - Service: Driver tunnel IP in IP (IpInIp) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ipinip.sys
O23 - Service: Traduttore indirizzi di rete IP (IpNat) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ipnat.sys
O23 - Service: iPod Service (iPod Service) - /owner unsupported/ - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Driver IPSEC (IPSec) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ipsec.sys
O23 - Service: Servizio enumeratore infrarossi (IRENUM) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\irenum.sys
O23 - Service: Driver bus PnP ISA/EISA (isapnp) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\isapnp.sys
O23 - Service: Driver classe tastiera (Kbdclass) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\kbdclass.sys
O23 - Service: Mixer wave audio del kernel Microsoft (kmixer) - /owner unsupported/ - C:\WINDOWS\system32\drivers\kmixer.sys
O23 - Service: Server (lanmanserver) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Workstation (lanmanworkstation) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Helper NetBIOS di TCP/IP (LmHosts) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Messenger (Messenger) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Condivisione desktop remoto di NetMeeting (mnmsrvc) - /owner unsupported/ - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Driver classe mouse (Mouclass) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\mouclass.sys
O23 - Service: Driver di mouse HID (mouhid) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\mouhid.sys
O23 - Service: Redirector del client WebDav (MRxDAV) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\mrxdav.sys
O23 - Service: MRXSMB (MRxSmb) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
O23 - Service: Distributed Transaction Coordinator (MSDTC) - /owner unsupported/ - C:\WINDOWS\system32\msdtc.exe
O23 - Service: Windows Installer (MSIServer) - /owner unsupported/ - C:\WINDOWS\system32\msiexec.exe
O23 - Service: Proxy di servizio di flusso Microsoft (MSKSSRV) - /owner unsupported/ - C:\WINDOWS\system32\drivers\MSKSSRV.sys
O23 - Service: Proxy clock di flusso Microsoft (MSPCLOCK) - /owner unsupported/ - C:\WINDOWS\system32\drivers\MSPCLOCK.sys
O23 - Service: Proxy di gestione qualità di flusso Microsoft (MSPQM) - /owner unsupported/ - C:\WINDOWS\system32\drivers\MSPQM.sys
O23 - Service: Driver BIOS Microsoft System Management (mssmbios) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\mssmbios.sys
O23 - Service: Driver Microsoft MPU-401 MIDI UART (ms_mpu401) - /owner unsupported/ - C:\WINDOWS\system32\drivers\msmpu401.sys
O23 - Service: Mup (Mup) - /owner unsupported/ -
O23 - Service: Driver di sistema NDIS (NDIS) - /owner unsupported/ -
O23 - Service: Driver TAPI NDIS di accesso remoto (NdisTapi) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ndistapi.sys
O23 - Service: Protocollo I/O modalità utente su NDIS (Ndisuio) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ndisuio.sys
O23 - Service: Driver WAN NDIS di accesso remoto (NdisWan) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ndiswan.sys
O23 - Service: Interfaccia NetBIOS (NetBIOS) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\netbios.sys
O23 - Service: NetBios su Tcpip (NetBT) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\netbt.sys
O23 - Service: DDE di rete (NetDDE) - /owner unsupported/ - C:\WINDOWS\system32\netdde.exe
O23 - Service: DDE DSDM di rete (NetDDEdsdm) - /owner unsupported/ - C:\WINDOWS\system32\netdde.exe
O23 - Service: Accesso rete (Netlogon) - /owner unsupported/ - C:\WINDOWS\system32\lsass.exe
O23 - Service: Connessioni di rete (Netman) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: NLA (Network Location Awareness) (Nla) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Provider supporto protezione LM NT (NtLmSsp) - /owner unsupported/ - C:\WINDOWS\system32\lsass.exe
O23 - Service: Archivi rimovibili (NtmsSvc) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Driver filtro traffico IPX (NwlnkFlt) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
O23 - Service: Driver inoltratore traffico IPX (NwlnkFwd) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
O23 - Service: Office Source Engine (ose) - /owner unsupported/ - C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE
O23 - Service: Driver della porta parallela (Parport) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\parport.sys
O23 - Service: Driver bus PCI (PCI) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\pci.sys
O23 - Service: Plug and Play (PlugPlay) - /owner unsupported/ - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 (Pml Driver HPZ12) - /owner unsupported/ - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Servizi IPSEC (PolicyAgent) - /owner unsupported/ - C:\WINDOWS\system32\lsass.exe
O23 - Service: WAN Miniport (PPTP) (PptpMiniport) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\raspptp.sys
O23 - Service: Driver processore (Processor) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\processr.sys
O23 - Service: Archiviazione protetta (ProtectedStorage) - /owner unsupported/ - C:\WINDOWS\system32\lsass.exe
O23 - Service: Utilità di pianificazione pacchetti QoS (PSched) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\psched.sys
O23 - Service: Driver Direct Parallel Link (Ptilink) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\ptilink.sys
O23 - Service: PxHelp20 (PxHelp20) - /owner unsupported/ - C:\WINDOWS\System32\Drivers\PxHelp20.sys
O23 - Service: Driver connessione automatica Accesso remoto (RasAcd) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\rasacd.sys
O23 - Service: Auto Connection Manager di Accesso remoto (RasAuto) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: WAN Miniport (L2TP) (Rasl2tp) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
O23 - Service: Connection Manager di Accesso remoto (RasMan) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Driver PPPOE di accesso remoto (RasPppoe) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\raspppoe.sys
O23 - Service: Direct Parallel (Raspti) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\raspti.sys
O23 - Service: Rdbss (Rdbss) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\rdbss.sys
O23 - Service: Driver redirector periferica Terminal Server (rdpdr) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\rdpdr.sys
O23 - Service: Gestione sessione di assistenza mediante desktop remoto (RDSessMgr) - /owner unsupported/ - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Driver filtro riproduzione CD-ROM audio digitale (redbook) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\redbook.sys
O23 - Service: Routing e Accesso remoto (RemoteAccess) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Registro di sistema remoto (RemoteRegistry) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: RIM Virtual Serial Port (RimSerPort) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\RimSerial.sys
O23 - Service: Dispositivo BlackBerry (RimUsb) - /owner unsupported/ - C:\WINDOWS\System32\Drivers\RimUsb.sys
O23 - Service: Microsoft Legacy Modem Driver (ROOTMODEM) - /owner unsupported/ - C:\WINDOWS\System32\Drivers\RootMdm.sys
O23 - Service: RPC Locator (RpcLocator) - /owner unsupported/ - C:\WINDOWS\system32\locator.exe
O23 - Service: RPC (Remote Procedure Call) (RpcSs) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: QoS RSVP (RSVP) - /owner unsupported/ - C:\WINDOWS\system32\rsvp.exe
O23 - Service: Driver NT scheda Fast Ethernet PCI Realtek basata su RTL8139 (rtl8139) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
O23 - Service: Gestione account di protezione (SAM) (SamSs) - /owner unsupported/ - C:\WINDOWS\system32\lsass.exe
O23 - Service: smart card (SCardSvr) - /owner unsupported/ - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Utilità di pianificazione (Schedule) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Secdrv (Secdrv) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\secdrv.sys
O23 - Service: Accesso secondario (seclogon) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Notifica eventi di sistema (SENS) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Driver filtro Serenum (serenum) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\serenum.sys
O23 - Service: Driver della porta seriale (Serial) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\serial.sys
O23 - Service: Unità disco floppy ad alta capacità (Sfloppy) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\sfloppy.sys
O23 - Service: Windows Firewall / Condivisione connessione Internet (ICS) (SharedAccess) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Rilevamento hardware shell (ShellHWDetection) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Frazionatore audio del kernel Microsoft (splitter) - /owner unsupported/ - C:\WINDOWS\system32\drivers\splitter.sys
O23 - Service: Spooler di stampa (Spooler) - /owner unsupported/ - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: SpyFighter Guard Device (SpyFighter) - /owner unsupported/ - C:\Programmi\SPYWAREfighter\spyfighter.sys
O23 - Service: SPYWAREfighterRP (SPYWAREfighterRP) - /owner unsupported/ - C:\Programmi\SPYWAREfighter\spfprc.exe
O23 - Service: Driver filtro Ripristino configurazione di sistema (sr) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\sr.sys
O23 - Service: Servizio Ripristino configurazione di sistema (srservice) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Srv (Srv) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\srv.sys
O23 - Service: Servizio di rilevamento SSDP (SSDPSRV) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Acquisizione di immagini di Windows (WIA) (stisvc) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Driver bus software (swenum) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\swenum.sys
O23 - Service: Sintetizzatore Wavetable GS kernel Microsoft (swmidi) - /owner unsupported/ - C:\WINDOWS\system32\drivers\swmidi.sys
O23 - Service: MS Software Shadow Copy Provider (SwPrv) - /owner unsupported/ - C:\WINDOWS\system32\dllhost.exe
O23 - Service: Periferica audio di sistema Microsoft Kernel (sysaudio) - /owner unsupported/ - C:\WINDOWS\system32\drivers\sysaudio.sys
O23 - Service: Avvisi e registri di prestazioni (SysmonLog) - /owner unsupported/ - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telefonia (TapiSrv) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Driver protocollo TCP/IP (Tcpip) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\tcpip.sys
O23 - Service: Driver della periferica terminale (TermDD) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\termdd.sys
O23 - Service: Servizi terminal (TermService) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Temi (Themes) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Telnet (TlntSvr) - /owner unsupported/ - C:\WINDOWS\system32\tlntsvr.exe
O23 - Service: Manutenzione collegamenti distribuiti client (TrkWks) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Driver aggiornamento microcodice (Update) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\update.sys
O23 - Service: Host di periferiche Plug and Play universali (upnphost) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Gruppo di continuità (UPS) - /owner unsupported/ - C:\WINDOWS\System32\ups.exe
O23 - Service: Driver principale generico USB Microsoft (usbccgp) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\usbccgp.sys
O23 - Service: Driver Miniport controller enhanced host USB 2.0 Microsoft (usbehci) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\usbehci.sys
O23 - Service: Driver hub USB standard Microsoft (usbhub) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\usbhub.sys
O23 - Service: Classe stampanti USB Microsoft (usbprint) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\usbprint.sys
O23 - Service: Driver scanner USB (usbscan) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\usbscan.sys
O23 - Service: Driver archiviazione di massa USB (USBSTOR) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
O23 - Service: Driver Miniport Controller Universal Host USB Microsoft (usbuhci) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\usbuhci.sys
O23 - Service: Copia replicata del volume (VSS) - /owner unsupported/ - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Ora di Windows (W32Time) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Driver ARP IP di accesso remoto (Wanarp) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\wanarp.sys
O23 - Service: Driver di compatibilità audio Microsoft WINMM WDM (wdmaud) - /owner unsupported/ - C:\WINDOWS\system32\drivers\wdmaud.sys
O23 - Service: WebClient (WebClient) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Strumentazione gestione Windows (winmgmt) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Servizio Numero di serie per dispositivi multimediali portatili (WmdmPmSN) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Estensioni driver di Strumentazione gestione Windows (Wmi) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Scheda WMI Performance (WmiApSrv) - /owner unsupported/ - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Servizio di condivisione in rete Windows Media Player (WMPNetworkSvc) - /owner unsupported/ - C:\Programmi\Windows Media Player\WMPNetwk.exe
O23 - Service: Ambiente di supporto del provider del Servizio Non-IFS di Windows Socket 2.0 (WS2IFSL) - /owner unsupported/ - C:\WINDOWS\System32\drivers\ws2ifsl.sys
O23 - Service: Centro sicurezza PC (wscsvc) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Aggiornamenti automatici (wuauserv) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework Platform Driver (WudfPf) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\WudfPf.sys
O23 - Service: Windows Driver Foundation - User-mode Driver Framework Reflector (WudfRd) - /owner unsupported/ - C:\WINDOWS\system32\DRIVERS\wudfrd.sys
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - /owner unsupported/ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Zero Configuration reti senza fili (WZCSVC) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O23 - Service: Servizio Provisioning di rete (xmlprov) - /owner unsupported/ - C:\WINDOWS\System32\svchost.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {3CD89C31-0DED-BEBC-AF46-4973A91A03A3} - C:\WINDOWS\mxwna1.dll
O2 - BHO: Class - {8E5EFF67-5ABC-9018-7A3C-38A3F7B42D20} - C:\WINDOWS\mxwna1.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} () - http://fpdownload.macromedia.com/pub/sh ... wflash.cab
salsero
Utente Junior
 
Post: 13
Iscritto il: 10/02/07 00:14
Località: Milano

Postdi Luke57 » 13/02/07 08:27

Ciao, stampa la pagina per seguire le indicazioni.
scarica Avgpfix da qui:
http://www.nod32.it/cgi-bin/mapdl.pl?tool=Agent.VP
e tienilo da parte.

Apri il taskmanager (Ctr+alt+canc), cerca questi processi e, se ci sono, evidenziali, uno alla volta:
ciscoword.exe
fujitsunetwork.exe
googlespeed.exe
google-word.exe"
premi kill process.

Poi, apri il registro di sistema
da START\ESEGUI digita regedit>OK

Aperto l’editor del registro, cliccando sul segno + accanto alle singole voci segui adesso questo percorso:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon, click su quest’ultima cartella
ll'interno della cartella, sulla parte destra dovresti trovare
UserInit= REG c:\windows\system32\userinit.exe,"c:\windows\landsk.exe","c:\windows\ciscoword.exe","c:\windows\fujitsunetwork.exe","c:\windows\googlespeed.exe","c:\windows\google-word.exe",
doppio click sulla voce,
nella finestra Modifica stringa che ti appare
nello spazio bianco troverai:
c:\windows\system32\userinit.exe,"c:\windows\landsk.exe","c:\windows\ciscoword.exe","c:\windows\fujitsunetwork.exe","c:\windows\googlespeed.exe","c:\windows\google-word.exe",
seleziona
c:\windows\landsk.exe","c:\windows\ciscoword.exe","c:\windows\fujitsunetwork.exe","c:\windows\googlespeed.exe","c:\windows\google-word.exe", (virgola finale compresa)
in modo da lasciare nello spazio solamente:
c:\windows\system32\userinit.exe, (virgola compresa)
premi canc>OK
(ATTENZIONE a non cancellare userinit.exe, il computer non si riavvierà).

Chiudi il registro.

Rendi visibili file e cartelle nascosti:
da risorse del computer>strumenti>Opzioni Cartella
Seleziona Visualizza
Spunta "mostra file e cartelle nascoste"
Togli la spunta da "nascondi file di sistema protetti"
Click OK

Con AVgpfix, elimina i seguenti file, uno alla volta:
c:\windows\landsk.exe
c:\windows\ciscoword.exe
c:\windows\fujitsunetwork.exe
c:\windows\googlespeed.exe
c:\windows\google-word.exe
(basta lanciarlo, premere Start, individuare il file nel percorso ad albero e premere OK)


Poi, scarica questi due tools:

http://www.prevx.com/gromozon.asp

Tool di rimozione della Symantec:
http://smallbiz.symantec.com/security_r ... 16-4153-99

Eseguili uno alla volta; disattiva il tuo antivirus durante la scansione.

Quello della prevx fa riavviare il computer e al riavvio viene completata la scansione, al termine della quale viene rilasciato un report che trovi in C:\Gromozon_Removal.log.

Poi esegui il tool della symantec (dalla modalità provvisoria; se
non sai come andarci, premi ripetutamente il tasto F8 all'accensione del computer prima che inizi a caricarsi windows; sulla schermata grigia che appare scegli modalità provvisoria spostandoti con le freccette e premendo invio).

Anche questo tool rilascia un rapporto della scansione nella cartella dove
hai messo il file (Fixlinkopt.log)

Posta i due report delle scansioni.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi salsero » 13/02/07 13:23

questa sera provo poi ti so dire
incrociamo le dita....
ciao grazie
salsero
Utente Junior
 
Post: 13
Iscritto il: 10/02/07 00:14
Località: Milano

Postdi salsero » 14/02/07 23:29

C’è voluto un po’ di tempo ma alla fine
ci sono riuscito, non so come ringraziarti
Il tuo aiuto è stato fondamentale.
GRAZIE!!!!
salsero
Utente Junior
 
Post: 13
Iscritto il: 10/02/07 00:14
Località: Milano


Torna a Sicurezza e Privacy


Topic correlati a "Cavalli di troja":

troja vs skype
Autore: peg
Forum: Sicurezza e Privacy
Risposte: 0
Cavalli di troia
Autore: Bennyz89
Forum: Sicurezza e Privacy
Risposte: 1

Chi c’è in linea

Visitano il forum: Nessuno e 28 ospiti