salve a tutti
il mio problema è questo:
ieri, durante la navigazione in internet, outpost mi chiede la connessione per un processo chiamato w32, ovviamente blocco il tutto e mi metto sulle tracce di questa schifezza.
il processo era effettivamente visibile nel task manager di windows, ma non ho preso nessuna contromisura immediata (neanche terminato il processo).
spybot comicia a trovarmi delle modifiche al registro del tipo:
19/08/2006 18.18.25 Negato value "{53707962-6F74-2D53-2644-206D7942484F}" (new data: "") eliminato in Browser Helper Object!
19/08/2006 18.18.34 Negato value "{53707962-6F74-2D53-2644-206D7942484F}" (new data: "") eliminato in Browser Helper Object!
19/08/2006 18.52.43 Negato value "{B56A7D7D-6927-48C8-A975-17DF180C71AC}" (new data: "") aggiunto in Browser Helper Object!
19/08/2006 18.53.26 Negato value "{B56A7D7D-6927-48C8-A975-17DF180C71AC}" (new data: "") aggiunto in Browser Helper Object!
19/08/2006 18.53.43 Negato value "{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}" (new data: "") aggiunto in Browser Helper Object!
provo a fare pulizia con spybot, adaware e avg ma non risolvo
allora cerco un po' in internet e trovo spyware doctor questo mi dice di aver risolto alcuni problemi ma spybot continua indicare cambiamenti nel registro allora
ho cercato un altro po' e sono approdato al vostro forum comiciando quindi a seguire le voste istruzioni.
ewido ha trovato, tra le altre cose meno importanti, questo:
D:\WINDOWS\system32\windrvNT.sys -> Rootkit.NtRootKit.131 : No action taken.
l'ho messo in quarantena e pensavo di aver risolto, invece spybot continua a trovarmi le solite modifiche al registro, gli atri software non rilevano nulla.
a questo punto non so più cosa pensare e chiedo il vostro aiuto.
questo e il log di HijackThis, immagino tutte le informazioni di cui avete bisogno siano qui, vi prego non so più che fare:
Logfile of HijackThis v1.99.1
Scan saved at 19.28.26, on 19/08/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\alg.exe
D:\PROGRA~1\Grisoft\AVG7~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7~1\avgupsvc.exe
D:\Programmi\ewido anti-spyware 4.0\guard.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\oodag.exe
D:\Programmi\outpost\Nuova cartella\Outpost Firewall\outpost.exe
D:\WINDOWS\Explorer.EXE
D:\Programmi\Spyware Doctor\sdhelp.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\wdfmgr.exe
D:\Programmi\Raxco\PerfectDisk\PDSched.exe
D:\WINDOWS\System32\CTHELPER.EXE
D:\WINDOWS\System32\gsicon.exe
D:\WINDOWS\System32\dslagent.exe
D:\Programmi\Java\jre1.5.0_08\bin\jusched.exe
D:\Programmi\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
D:\PROGRA~1\Grisoft\AVG7~1\avgcc.exe
D:\PROGRA~1\Grisoft\AVG7~1\avgemc.exe
D:\Programmi\ewido anti-spyware 4.0\ewido.exe
D:\Programmi\Spyware Doctor\swdoctor.exe
D:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
E:\Folder Lock\Folder Lock.exe
D:\Programmi\Spybot - Search & Destroy\SpybotSD.exe
D:\Programmi\hj\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programmi\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] D:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Programmi\Java\jre1.5.0_08\bin\jusched.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\programmi\quick time\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AWMON] "D:\Programmi\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] D:\PROGRA~1\Grisoft\AVG7~1\avgemc.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] D:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [OutpostFeedBack] D:\Programmi\outpost\Nuova cartella\Outpost Firewall\feedback.exe /dumps_startup
O4 - HKLM\..\Run: [Outpost Firewall] D:\Programmi\outpost\Nuova cartella\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [!ewido] "D:\Programmi\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "D:\Programmi\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Collegamento a Folder Lock.exe.lnk = E:\Folder Lock\Folder Lock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = D:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Cerca con Google - res://d:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://d:\programmi\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link a ritroso - res://d:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://d:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://d:\programmi\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.alice.it/downloa...derActiveX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B334F6BA-BBFB-45CF-9F6A-035B3308A4B7}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: D:\PROGRA~1\outpost\NUOVAC~1\OUTPOS~1\wl_hook.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: Creative NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOWS\System32\oodag.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - D:\Programmi\outpost\Nuova cartella\Outpost Firewall\outpost.exe
O23 - Service: PDEngine - Raxco Software, Inc. - D:\Programmi\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - D:\Programmi\Raxco\PerfectDisk\PDSched.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Programmi\Spyware Doctor\sdhelp.exe
GRAZIE!
Rispondi quotando
