<BLOCKQUOTE id=quote><font size=1 face="Sans Serif, Arial, Helvetica" id=quote>quote:<hr height=1 noshade id=quote>
Scarica questo programma e leggi le istruzioni per inserire il tuo log
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
<hr height=1 noshade id=quote></BLOCKQUOTE id=quote></font id=quote><font face="Sans Serif, Arial, Helvetica" size=2 id=quote>


eccoti i log di hyjack this, ho eseguito lo scan con il pc connesso ad internet, è un problema?


Logfile of HijackThis v1.99.1
Scan saved at 23.51.15, on 31/08/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmi\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
C:\Programmi\Panda Software\Panda Platinum 2006 Internet Security\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
c:\programmi\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\Programmi\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
C:\Programmi\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
C:\Programmi\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Ahead\InCD\InCD.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE
C:\Programmi\Java\jre1.5.0_07\bin\jusched.exe
C:\Programmi\HbTools\Bin\4.8.0.0\HbtOEAddOn.exe
C:\Programmi\HbTools\Bin\4.8.0.0\HbtWeatherOnTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\OpenOffice.org1.1.3\program\soffice.exe
C:\Programmi\Panda Software\Panda Platinum 2006 Internet Security\SRVLOAD.EXE
C:\Programmi\Panda Software\Panda Platinum 2006 Internet Security\WebProxy.exe
C:\Programmi\HP\Digital Imaging\bin\hpqgalry.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\HbTools\Bin\4.8.0.0\HbtSrv.exe
C:\Documents and Settings\Aldo\Impostazioni locali\Temp\Directory temporanea 1 per hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 200.73.174.154 STORAGE.HOSTANCE.NET
O1 - Hosts: 200.73.174.154 STORAGE-TASP.COM
O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107C91A475760EA83FA5EF80752B94E3D67B5F7C422F37C7 - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - c:\programmi\hbtools\hbtv\hbtvhelper.dll
O2 - BHO: HbTools - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Programmi\HbTools\Bin\4.8.0.0\HbtHostIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Programmi\HbTools\Bin\4.8.0.0\HbtHostIE.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmi\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programmi\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [HbTools] C:\Programmi\HbTools\Bin\4.8.0.0\HbtOEAddOn.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Programmi\HbTools\Bin\4.8.0.0\HbtWeatherOnTray.exe
O4 - HKLM\..\Run: [ksmebyzo] C:\WINDOWS\System32\uxzmerqr.exe
O4 - HKLM\..\Run: [EPSON Stylus C62 Series (Copia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P33 "EPSON Stylus C62 Series (Copia 1)" /O5 "LPT1:" /M "Stylus C62"
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"
O4 - Startup: OpenOffice.org 1.1.3.lnk = C:\Programmi\OpenOffice.org1.1.3\program\quickstart.exe
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: *.energy-factor.com
O15 - Trusted Zone: *.hardcorefantasyland.com
O15 - Trusted Zone: *.hardfootballbabes.com
O15 - Trusted Zone: www.linkautomatici.com
O15 - Trusted Zone: www.otherchance.com
O15 - Trusted Zone: www.playitalia.com
O15 - Trusted Zone: www.powersoft.name
O15 - Trusted Zone: www.sgrunt.biz
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (HbtInstObj) - http://installs.hotbar.com/installs/hbtools/programs/hbtools.cab
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: LogPfx - Unknown owner - \\?\C:\Programmi\File comuni\System\com9.exe (file missing)
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Programmi\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programmi\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Programmi\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\programmi\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Programmi\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe
O23 - Service: SysBes - Unknown owner - \\?\C:\Programmi\File comuni\System\com3.exe (file missing)
O23 - Service: SysHuv - Unknown owner - \\?\C:\Programmi\File comuni\System\prn.exe (file missing)
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Programmi\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe
O23 - Service: WinHdb - Unknown owner - \\?\C:\Programmi\File comuni\System\clock$.exe (file missing)
O23 - Service: WinPzf - Unknown owner - \\?\C:\Programmi\File comuni\System\com6.exe (file missing)

ora aspetto tue informazioni
ciao e grazie

Ciao ,
esegui queste operazioni

Disattiva il ripristino di configurazione, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=257&SH=N

Riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono.

==================================
O1 - Hosts: 200.73.174.154 STORAGE.HOSTANCE.NET
O1 - Hosts: 200.73.174.154 STORAGE-TASP.COM
O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107C91A475760EA83FA5EF80752B94E3D67B5F7C422F37C7 - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - c:\programmi\hbtools\hbtv\hbtvhelper.dll
O2 - BHO: HbTools - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Programmi\HbTools\Bin\4.8.0.0\HbtHostIE.dll
-
O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Programmi\HbTools\Bin\4.8.0.0\HbtHostIE.dll
-
O4 - HKLM\..\Run: [HbTools] C:\Programmi\HbTools\Bin\4.8.0.0\HbtOEAddOn.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Programmi\HbTools\Bin\4.8.0.0\HbtWeatherOnTray.exe
O4 - HKLM\..\Run: [ksmebyzo] C:\WINDOWS\System32\uxzmerqr.exe
-
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: *.energy-factor.com
O15 - Trusted Zone: *.hardcorefantasyland.com
O15 - Trusted Zone: *.hardfootballbabes.com
O15 - Trusted Zone: www.linkautomatici.com
O15 - Trusted Zone: www.otherchance.com
O15 - Trusted Zone: www.playitalia.com
O15 - Trusted Zone: www.powersoft.name
O15 - Trusted Zone: www.sgrunt.biz
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (HbtInstObj) - http://installs.hotbar.com/installs/hbtools/programs/hbtools.cab
-
O23 - Service: LogPfx - Unknown owner - \\?\C:\Programmi\File comuni\System\com9.exe (file missing)
-
O23 - Service: SysBes - Unknown owner - \\?\C:\Programmi\File comuni\System\com3.exe (file missing)
O23 - Service: SysHuv - Unknown owner - \\?\C:\Programmi\File comuni\System\prn.exe (file missing)
-
O23 - Service: WinHdb - Unknown owner - \\?\C:\Programmi\File comuni\System\clock$.exe (file missing)
O23 - Service: WinPzf - Unknown owner - \\?\C:\Programmi\File comuni\System\com6.exe (file missing)
==================================


ELIMINA LA CARTELLA IN ROSSO
==================================
C:\Programmi\<font color=red><b>HbTools</font id=red></b>
==================================


Cerca ed elimina questi file
==================================
uxzmerqr.exe
com9.exe
prn.exe
clock$.exe
==================================


Vai a PANNELLO DI CONTROLLO e clicca su OPZIONI INTERNET
nella finestra che si apre clicca i tre pulsanti
ELIMINA COOKIES - ELIMINA FILE - CANCELLA CRONOOLOGIA
poi clicca il pulsante PAGINA PREDEFINITA e su OK

al termine utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

sempre in modalità provvisoria fai una scansione Antivirus

quindi riavvia il computer e controlla se il problema e risolto, se e tutto OK riattiva il ripristino configurazione disattivato all'inizio di questa procedura e crea un nuovo punto di ripristino, leggi qui alla voce 8
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=170&SH=N

Fai una scansione antivirus on line da questo indirizzo
http://www.pandasoftware.com/activescan/it/activescan_principal.htm

Utilizza questo programma
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=1041

Aggiorna il sistema dal Windows Update

---

alfonso_aiutamici@hotmail.it

Usa la funzione "Cerca" di Windows (estendendo la ricerca anche alle cartelle e ai files "nascosti"), per localizzarli esattamente.

Uno (il seguente) lo troverai qui:
C:\WINDOWS\System32\uxzmerqr.exe

Gli altri, invece, vengon dati per "dispersi" (per cui, non ti so dar percorsi esatti), ma posson sempre essersi andati ad infognar da qualche parte...

<img src="http://digilander.libero.it/O_N_E/Emo/Quizzy/4.gif" border=0> ... rifare! (ahitè!)

Ciao, scsate potete spiegarmi come si usa l'anti rootkit che devo usare.
grazie ciao

Ho la schermata aperta di prevx e la frase che ha scritto per ultimo sotto le altre è :
Scanning windows directory, this may take a few minutes
è tutto giusto aspetto che finisca

Mi dispiace ma allora dovrai mettere in atto la procedura descritta nella guida -> http://steven.altervista.org/files/rootkit.html

ciao,
no ... per la presenza di queste voci :
O23 - Service: SysBes - Unknown owner - \\?\C:\Programmi\File comuni\System\com3.exe (file missing)
O23 - Service: SysHuv - Unknown owner - \\?\C:\Programmi\File comuni\System\prn.exe (file missing)
O23 - Service: WinHdb - Unknown owner - \\?\C:\Programmi\File comuni\System\clock$.exe (file missing)
O23 - Service: WinPzf - Unknown owner - \\?\C:\Programmi\File comuni\System\com6.exe (file missing)

La riga da te citata , appartiene alla famiglia dell'adware Hotbar



Edited by - steven75 on 09/03/2006 23:41:10

Ciao io ho provatoa a guardare la guida ma vista la mia quasi totale ignoranza in materia non ci capisco molto, potresti spiegarmi qualcosina.
Io ho gia scaricato gmer e l'ultimo java.
Grazie ciao