Salve a tutti,
Penso di avere il PC infetto...ho provato a pulirlo con i vari tool antivirus e antispryware ma continuo ad avere gli stessi problemi:
- ogni 5 min. circa mi compare una finestra con questo messaggio
"Warning! Potential Spyware Operation! Your computer is making unauthorized copies of your system and Internet files. Run full scan to prevent any unauthorized access to your files! Click YES to download spyware remover ..."
- ogni volta che avvio Firefox mi chiede di riconfermarlo come browser predefinito (e lo confermo)
- se provo ad accedere a 'impostazioni accesso programmi', mi appare una finestra che dice "I]Operazione annullata. Sul computer sono attivate delle restrizioni. Contattare l'amministratore del sistema[/I]"
Ho fatto una scansione con HijackThis. Potreste aiutarmi ad individuare gli elementi infetti e dirmi come fare per rimuoverli dal PC?
Grazie infinite!
_________________________________________
Logfile of HijackThis v1.99.1
Scan saved at 12.04.35, on 20/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Nero\Nero 7\InCD\InCDsrv.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
c:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\McAfee.com\VSO\mcvsshld.exe
c:\programmi\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\printer.exe
C:\Programmi\Nero\Nero 7\InCD\InCD.exe
C:\Programmi\McAfee.com\VSO\oasclnt.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\hijackthis_199\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant
=
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: Shell=Explorer.exe
C:\WINDOWS\system32\printer.exe
O2 - BHO: Spybot-S&D IE Protection -
{53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan -
{BA52B914-B692-46c4-B683-905236F6F655} -
c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -
C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} -
(no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VSOCheckTask]
"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online]
C:\Programmi\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe]
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Programmi\Elaborate
Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [OASClnt] C:\Programmi\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File
comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Msn Messenger] c:\windows\msnmsngr.exe
O4 - HKLM\..\Run: [Windows Firewall] c:\windows\windll.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe
/embedding
O4 - HKLM\..\Run: [MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MSKDetectorExe]
C:\Programmi\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [QuickTime Task]
"C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched]
"C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe "
O4 - HKLM\..\Run: [Picasa Media Detector]
C:\Programmi\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKLM\..\Run: [AAWTray] C:\Programmi\Lavasoft\Ad-Aware
2007\AAWTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search &
Destroy\TeaTimer.exe
O4 - Startup: system.exe
O4 - Global Startup: autorun.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions
present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
present
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System,
DisableRegedit=1
O8 - Extra context menu item: E&sporta in Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263}
- C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}
- C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration
- {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com
Operating System Class) -
http://download.mcafee.com/molbin/sh...,101/mcinsctl.
cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo
Uploader Control) -
http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr
Class) -
http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
Object) -
http://fpdownload.adobe.com/pub/shoc...sh/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\systems.txt
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB -
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File
comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL
Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner -
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file
missing)
O23 - Service: avast! Web Scanner - Unknown owner -
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file
missing)
O23 - Service: Google Updater Service (gusvc) - Google -
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG -
C:\Programmi\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc -
c:\programmi\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. -
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc -
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) -
McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee
Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket
Division Software - C:\Programmi\Alcohol Soft\Alcohol
120\StarWind\StarWindService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner -
C:\Programmi\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
Rispondi quotando