ho eliminato service32

[balda62]

ciao a tutti , ho un problema con il mio pc , potete controllare il mio logfile e farmi sapere se ci sono ancora dei virus? seguendo le istruzioni che ho trovato nel forum credo di avre eliminato service32.exe e spoolsvc.exe grazie e ciao.



Logfile of HijackThis v1.99.1
Scan saved at 23.06.53, on 11/10/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Programmi\RealVNC\WinVNC\winvnc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe
C:\WINNT\system32\internat.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\Rar$EX00.796\Hi jackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Encarta Web Companion Oggetto helper - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WinVNC] "C:\Programmi\RealVNC\WinVNC\winvnc.exe" -servicehelper
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Programmi\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O15 - Trusted Zone: *.aflashcounter.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{85E82038-9E38-4E19-AA62-B15EBA128737}: NameServer = 85.37.17.5 85.38.28.77
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Programmi\RealVNC\WinVNC\winvnc.exe" -service (file missing)

[Simeon]

Solo un intruso nella trusted zone.

Fixa queste voci:
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O15 - Trusted Zone: *.aflashcounter.com

Assicurati che la seconda (O15) non ricompaia.

[Topdrake]

fixa:
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O15 - Trusted Zone: *.aflashcounter.com
trova l'eseguibile Showwnd ed elimialo.
Ciao.

[Simeon]

Originariamente inviato da Topdrake
fixa:
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
trova l'eseguibile Showwnd ed elimialo.

Come mai consigli di eliminare ShowWnd ?
Al massimo io sarei per escluderlo dalla startup list.

[balda62]

vi ringrazio per ora e poi vi faccio sapere.

[Topdrake]

L'ho fatto fixare perchè poteva trattarsi di questo:
http://www.liutilities.com/products/...brary/showwnd/
http://www.greatis.com/appdata/d/s/showwnd.exe.htm
http://www.processlibrary.com/directory/files/showwnd/
che ne dici?
l'unico file ammesso dovrebbe appartenere a multimedia Keyboard driver.
Se hai questo programma non fixare.

[Simeon]

che ne dici?

Giusto,
io l'avevo ricondotto a multimedia Keyboard driver e dunque tralasciato.

[balda62]

avete qualche suggerimento non riesco a cancellare il file showwnd.exe

[Simeon]

Utilizza Killbox impostando l'opzione "Delete on Reboot".

[balda62]

vi ringrazio ci sono riuscito.