Salve ragazzi, oggi mi sono accorto che ho delle connessioni per TCP per 007guard.com e non riesco a toglierle
ho effettuato scansioni con Kaspersky IS 2010, Spybot S&D e altri .. ma niente ..

Allego sia il log di netstat che quello di HT


Connessioni attive

Proto Indirizzo locale Indirizzo esterno Stato
TCP ufficio:1042 www.007guard.com:1044 ESTABLISHED
TCP ufficio:1044 www.007guard.com:1042 ESTABLISHED
TCP ufficio:1110 www.007guard.com:1567 ESTABLISHED
TCP ufficio:1110 www.007guard.com:1607 ESTABLISHED
TCP ufficio:1110 www.007guard.com:1624 TIME_WAIT
TCP ufficio:1110 www.007guard.com:1625 TIME_WAIT
TCP ufficio:1110 www.007guard.com:1719 TIME_WAIT
TCP ufficio:1110 www.007guard.com:1775 TIME_WAIT
TCP ufficio:1110 www.007guard.com:1779 ESTABLISHED
TCP ufficio:1110 www.007guard.com:1793 ESTABLISHED
TCP ufficio:1110 www.007guard.com:1826 ESTABLISHED
TCP ufficio:1110 www.007guard.com:1832 TIME_WAIT
TCP ufficio:1110 www.007guard.com:1842 TIME_WAIT
TCP ufficio:1110 www.007guard.com:1844 TIME_WAIT
TCP ufficio:1110 www.007guard.com:1845 TIME_WAIT
TCP ufficio:1110 www.007guard.com:1848 TIME_WAIT
TCP ufficio:1110 www.007guard.com:1867 ESTABLISHED
TCP ufficio:1110 www.007guard.com:1869 ESTABLISHED
TCP ufficio:1110 www.007guard.com:1909 TIME_WAIT
TCP ufficio:1110 www.007guard.com:1910 TIME_WAIT
TCP ufficio:1567 www.007guard.com:1110 ESTABLISHED
TCP ufficio:1607 www.007guard.com:1110 ESTABLISHED
TCP ufficio:1779 www.007guard.com:1110 ESTABLISHED
TCP ufficio:1793 www.007guard.com:1110 ESTABLISHED
TCP ufficio:1826 www.007guard.com:1110 ESTABLISHED
TCP ufficio:1834 www.007guard.com:1110 TIME_WAIT
TCP ufficio:1836 www.007guard.com:1110 TIME_WAIT
TCP ufficio:1838 www.007guard.com:1110 TIME_WAIT
TCP ufficio:1840 www.007guard.com:1110 TIME_WAIT
TCP ufficio:1851 www.007guard.com:1110 TIME_WAIT
TCP ufficio:1853 www.007guard.com:1110 TIME_WAIT
TCP ufficio:1855 www.007guard.com:1110 TIME_WAIT
TCP ufficio:1856 www.007guard.com:1110 TIME_WAIT
TCP ufficio:1857 www.007guard.com:1110 TIME_WAIT
TCP ufficio:1858 www.007guard.com:1110 TIME_WAIT
TCP ufficio:1859 www.007guard.com:1110 TIME_WAIT
TCP ufficio:1860 www.007guard.com:1110 TIME_WAIT
TCP ufficio:1867 www.007guard.com:1110 ESTABLISHED
TCP ufficio:1869 www.007guard.com:1110 ESTABLISHED
TCP ufficio:1871 www.007guard.com:1110 TIME_WAIT
TCP ufficio:1873 www.007guard.com:1110 TIME_WAIT
TCP ufficio:1875 www.007guard.com:1110 TIME_WAIT
TCP ufficio:1877 www.007guard.com:1110 TIME_WAIT
TCP ufficio:1879 www.007guard.com:1110 TIME_WAIT
TCP ufficio:1881 www.007guard.com:1110 TIME_WAIT
TCP ufficio:1883 www.007guard.com:1110 TIME_WAIT
TCP ufficio:1885 www.007guard.com:1110 TIME_WAIT
TCP ufficio:1887 www.007guard.com:1110 TIME_WAIT
TCP ufficio:1889 www.007guard.com:1110 TIME_WAIT
TCP ufficio:1891 www.007guard.com:1110 TIME_WAIT
TCP ufficio:1893 www.007guard.com:1110 TIME_WAIT
TCP ufficio:1895 www.007guard.com:1110 TIME_WAIT
TCP ufficio:1897 www.007guard.com:1110 TIME_WAIT
TCP ufficio:1899 www.007guard.com:1110 TIME_WAIT
TCP ufficio:1901 www.007guard.com:1110 TIME_WAIT
TCP ufficio:1903 www.007guard.com:1110 TIME_WAIT
TCP ufficio:1905 www.007guard.com:1110 TIME_WAIT
TCP ufficio:1907 www.007guard.com:1110 TIME_WAIT
TCP ufficio:1913 www.007guard.com:1110 TIME_WAIT
TCP ufficio:1040 by2msg4010718.phx.gbl:1863 ESTABLISHED
TCP ufficio:1330 net-93-147-89-201.t2.dsl.vodafone.it:3536 ESTABLISHED
TCP ufficio:1568 gv-in-f113.1e100.net:80 ESTABLISHED
TCP ufficio:1608 gv-in-f113.1e100.net:80 ESTABLISHED
TCP ufficio:1660 host6-134-dynamic.2-87-r.retail.telecomitalia.it:49406 ESTABLISHED
TCP ufficio:1780 gv-in-f102.1e100.net:80 ESTABLISHED
TCP ufficio:1794 80.157.169.194:80 ESTABLISHED
TCP ufficio:1827 gv-in-f113.1e100.net:80 ESTABLISHED
TCP ufficio:1831 google.navigation.opendns.com:80 TIME_WAIT
TCP ufficio:1835 google.navigation.opendns.com:80 TIME_WAIT
TCP ufficio:1839 intl1.geo.vip.sp2.yahoo.com:80 TIME_WAIT
TCP ufficio:1862 intl1.geo.vip.sp2.yahoo.com:80 TIME_WAIT
TCP ufficio:1865 intl1.geo.vip.sp2.yahoo.com:80 TIME_WAIT
TCP ufficio:1868 static-ip-62-41.eurorings.net:80 ESTABLISHED
TCP ufficio:1870 static-ip-62-41.eurorings.net:80 ESTABLISHED
TCP ufficio:1896 intl1.geo.vip.sp2.yahoo.com:80 TIME_WAIT
TCP ufficio:1900 intl1.geo.vip.sp2.yahoo.com:80 TIME_WAIT

---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.58.11, on 21/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Windows Live\Mail\wlmail.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ares.mp3.es/start.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Programmi\Windows Live\Messenger\wlchtc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O3 - Toolbar: (no name) - {15C2DE55-9796-4657-AAA5-EB605D6C5F9A} - (no file)
O4 - HKLM\..\Run: [avp] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe /auto
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: Aggiungi ad Anti-Banner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: &Tastiera Virtuale - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {45FD16E0-0BC3-4774-AD53-228976E8C19F} - (no file)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programmi\PartyGaming\PartyCasino\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programmi\PartyGaming\PartyCasino\RunApp.exe (file missing)
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Programmi\PokerStars.IT\PokerStarsUpdate.exe
O9 - Extra button: C&ontrollo URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.it/Genoogle/Components/ActiveX/SearchEngineQuery.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188240706347
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188284523109
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F3D9028B-8D55-4922-803F-3CC44EBE36DB}: NameServer = 208.67.222.222,208.67.220.220
O20 - Winlogon Notify: xxyxxxYO - xxyxxxYO.dll (file missing)
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

--
End of file - 7379 bytes

ww.007guard.com

Puoi provare con SpyEraser in versione "prova", perchè non c'è Free.

Oppure Exterminate IT! ma è pagamento.