Olimpo Informatico

[AdrInteR]

[Sante62]

Ma è sicuro che è affidabile quel tool che ti rileva Vundo?
Potrebbe trattarsi di un falso allarme.
Ora che hai tolto quei programmi prova a rifare la scansione del PC con quel programma che ti ha rilevato Vundo.
Se te lo rileva ancora prova a fare la scansione con
Vundofix
- Esegui VundoFix.exe
- Clicca Scan for Vundo.
- al termine della scansione, clicca Remove Vundo.
- ti chiede se vuoi eliminare i files infetti, clicca YES
- il tuo video diventerà nero durante la rimozione di Vundo.
- al termine ti chiederà di riavviare il pc, clicca OK.
- Copia qui il contenuto del log C:\vundofix.txt e un nuovo log di hijackthis.

Nota: VundoFix potrebbe non riuscire ad eliminare qualche file. In questo caso, VundoFix si avvierà automaticamente al riavvio del pc, ripeti le operazioni indicate sopra partendo da "Clicca Scan for Vundo" quando VundoFix apparirà al riavvio.
Se l'esito è negativo direi che puoi stare tranquillo, sempre se non riscontri altri problemi con il PC.

[AdrInteR]

ho provato cn il tool vundofix ma l'avevo già provato...e anche questa volta nn mi ha trovato nulla
il programma che mi rileva il trojan è Spyhunter...l'ho scaricato cosi x caso x vedere se trovava qualcosa...anke se altri programmi nn me lo trovavano...xk alla fine ho sempre quel problema di giga che diminuiscono...
cmq tra i vari tool che ho provato pochi scansionano nel registro...come mai??
e nn cè un modo manuale x togliere qst file?? o cmq x risistemarlo??
mi stà davvero facendo impazzire

[Sante62]

Allora, a questo punto ti consiglierei di fare scomparire Spyhunter, anche perchè non l'ho mai sentito nominare, e potrebbe essere proprio lui che ti crea problemi.Sostituiscilo eventualmente con uno migliore ad es. a-squared free però non ho il link per scaricarlo sottomano. Basta fare una ricerca sul web.

[AdrInteR]

ho provato il programma...ecco il risultato


a-squared Free - Version 3.0
Last update: 11/10/2007 14.13.42

Impostazioni scansione:

Oggetti: Memoria, Tracce, Cookies, C:\WINDOWS\, C:\Programmi
Archivio scansioni: On
Scientifico: On
ADS Scan: On

Scansione avviata: 11/10/2007 14.13.53

Value: HKEY_CLASSES_ROOT\CLSID\{8C11E411-860C-4BAE-A0F4-CBE8DAE6B84C}\InprocServer32 --> ThreadingModel rilevati: Trace.Registry.Blubster
Value: HKEY_CLASSES_ROOT\CLSID\{9583E033-1CCC-446E-A858-317A0620EE66}\InprocServer32 --> ThreadingModel rilevati: Trace.Registry.Blubster
Value: HKEY_CLASSES_ROOT\CLSID\{9E6A5B24-1FBC-42D9-870D-07D5C5738075}\InprocServer32 --> ThreadingModel rilevati: Trace.Registry.Blubster
Value: HKEY_CLASSES_ROOT\CLSID\{EA6DA0D5-1021-4F55-ACBA-D1D8BA7EAB2C}\InprocServer32 --> ThreadingModel rilevati: Trace.Registry.Blubster
Value: HKEY_CLASSES_ROOT\CLSID\{EE12598F-BD9F-4BAD-BB13-D49829A024FE}\InprocServer32 --> ThreadingModel rilevati: Trace.Registry.Blubster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C11E411-860C-4BAE-A0F4-CBE8DAE6B84C}\InprocServer32 --> ThreadingModel rilevati: Trace.Registry.Blubster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9583E033-1CCC-446E-A858-317A0620EE66}\InprocServer32 --> ThreadingModel rilevati: Trace.Registry.Blubster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E6A5B24-1FBC-42D9-870D-07D5C5738075}\InprocServer32 --> ThreadingModel rilevati: Trace.Registry.Blubster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EA6DA0D5-1021-4F55-ACBA-D1D8BA7EAB2C}\InprocServer32 --> ThreadingModel rilevati: Trace.Registry.Blubster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE12598F-BD9F-4BAD-BB13-D49829A024FE}\InprocServer32 --> ThreadingModel rilevati: Trace.Registry.Blubster
C:\Documents and Settings\Admin\Dati applicazioni\Mozilla\Firefox\Profiles\uxp9xb9a.default\cookies.txt:19 rilevati: Trace.TrackingCookie
C:\Documents and Settings\Admin\Dati applicazioni\Mozilla\Firefox\Profiles\uxp9xb9a.default\cookies.txt:22 rilevati: Trace.TrackingCookie
C:\Documents and Settings\Admin\Dati applicazioni\Mozilla\Firefox\Profiles\uxp9xb9a.default\cookies.txt:35 rilevati: Trace.TrackingCookie
C:\Documents and Settings\Admin\Dati applicazioni\Mozilla\Firefox\Profiles\uxp9xb9a.default\cookies.txt:84 rilevati: Trace.TrackingCookie
C:\Documents and Settings\Admin\Dati applicazioni\Mozilla\Firefox\Profiles\uxp9xb9a.default\cookies.txt:85 rilevati: Trace.TrackingCookie
C:\Programmi\EA GAMES\The Sims 2 Nightlife\TSBin\Sims2EP2.exe rilevati: Heuristic.Dialer.RAS

Scansionati

Files: 42381
Tracce: 341146
Cookies: 87
Processi: 34

Rilevato

Files: 1
Tracce: 10
Cookies: 5
Processi: 0
Chiavi registro: 0

Fine scansione: 11/10/2007 14.36.23
Tempo scansione: 0.22.30

C:\Documents and Settings\Admin\Dati applicazioni\Mozilla\Firefox\Profiles\uxp9xb9a.default\cookies.txt:19 In quarantena Trace.TrackingCookie
C:\Documents and Settings\Admin\Dati applicazioni\Mozilla\Firefox\Profiles\uxp9xb9a.default\cookies.txt:22 In quarantena Trace.TrackingCookie
C:\Documents and Settings\Admin\Dati applicazioni\Mozilla\Firefox\Profiles\uxp9xb9a.default\cookies.txt:35 In quarantena Trace.TrackingCookie
C:\Documents and Settings\Admin\Dati applicazioni\Mozilla\Firefox\Profiles\uxp9xb9a.default\cookies.txt:84 In quarantena Trace.TrackingCookie
C:\Documents and Settings\Admin\Dati applicazioni\Mozilla\Firefox\Profiles\uxp9xb9a.default\cookies.txt:85 In quarantena Trace.TrackingCookie
Value: HKEY_CLASSES_ROOT\CLSID\{8C11E411-860C-4BAE-A0F4-CBE8DAE6B84C}\InprocServer32 --> ThreadingModel In quarantena Trace.Registry.Blubster
Value: HKEY_CLASSES_ROOT\CLSID\{9583E033-1CCC-446E-A858-317A0620EE66}\InprocServer32 --> ThreadingModel In quarantena Trace.Registry.Blubster
Value: HKEY_CLASSES_ROOT\CLSID\{9E6A5B24-1FBC-42D9-870D-07D5C5738075}\InprocServer32 --> ThreadingModel In quarantena Trace.Registry.Blubster
Value: HKEY_CLASSES_ROOT\CLSID\{EA6DA0D5-1021-4F55-ACBA-D1D8BA7EAB2C}\InprocServer32 --> ThreadingModel In quarantena Trace.Registry.Blubster
Value: HKEY_CLASSES_ROOT\CLSID\{EE12598F-BD9F-4BAD-BB13-D49829A024FE}\InprocServer32 --> ThreadingModel In quarantena Trace.Registry.Blubster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C11E411-860C-4BAE-A0F4-CBE8DAE6B84C}\InprocServer32 --> ThreadingModel In quarantena Trace.Registry.Blubster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9583E033-1CCC-446E-A858-317A0620EE66}\InprocServer32 --> ThreadingModel In quarantena Trace.Registry.Blubster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E6A5B24-1FBC-42D9-870D-07D5C5738075}\InprocServer32 --> ThreadingModel In quarantena Trace.Registry.Blubster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EA6DA0D5-1021-4F55-ACBA-D1D8BA7EAB2C}\InprocServer32 --> ThreadingModel In quarantena Trace.Registry.Blubster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE12598F-BD9F-4BAD-BB13-D49829A024FE}\InprocServer32 --> ThreadingModel In quarantena Trace.Registry.Blubster

In quarantena

Files: 0
Tracce: 10
Cookies: 5


altra cosa...posso tenerlo o devo disinstallarlo?k ho già spybots&d, ewido ad-aware...
cmq mi affidato + che altro di spyhunter perchè tutti gli antivirus mi trovano il pc pulito eppure continua sempre a scendermi la memoria...spero che cn qst programma ho risolto qualcosa...

[Sante62]

OK, questo è quello che c'era nel tuo computer.
Niente di particolare. Lo puoi tenere a-squared che agisce in sinergia con gli altri. L'importante che con la protezione in tempo reale ne attivi solo uno. Il fatto della memoria che scende potrebbe dipendere da altri fattori.
Programmi caricati all'avvio, RAM disponibile, spazio libero su Hard Disk etc.
Posta un altro log di HJT così gli diamo una controllata eliminando alcuni programmi all'avvio che sono inutili, come è secondo me, Spyhunter.
Se vuoi posta un altro log di HJT così gli diamo un altra occhiata.

[AdrInteR]

Logfile of HijackThis v1.99.1
Scan saved at 22.04.50, on 11/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\a-squared Anti-Malware\a2service.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\Programmi\Logitech\MouseWare\system\em_exec.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Drafix\PRO Landscape\PRO Landscape Dashboard.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Admin\Desktop\hj\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] "C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" /logon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [PRO Landscape Dashboard] "C:\Programmi\Drafix\PRO Landscape\PRO Landscape Dashboard.exe" /hide
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?fe46049984dd462cb50e486439a1f55e
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?fe46049984dd462cb50e486439a1f55e
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kasperskyitalia.it/servizi/kavscanner/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://sinterina.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156926659296
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab50997.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5085/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A628C0D-8CB4-4328-A999-787FC8ECF46C}: NameServer = 85.37.17.4 85.38.28.70
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Malware\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Unknown owner - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



quindi dici che nn mi devo preoccupare + di tanto del fatto che la memoria continua a scendere?

[Sante62]

Forse abbiamo trovato il difetto...
Avvia HJT e metti la spunta a sinistra di questa riga:

[AdrInteR]

[Sante62]

OK, mi pare che lo abbiamo spremuto abbastanza il PC...
Se non dovesse funzionare ora....

[AdrInteR]

[Sante62]

Mah....Apri il trask manager (CTRL+ALT+CANC) e nell'elenco dei processi vedi quale ti sembra anomalo e indicane il nome quì, così vediamo se lo possiamo eliminare.

[AdrInteR]

[Sante62]

Si, è possibile, anzi, sicuramente...
Puoi postare il log di a-squared per vedere la locazione di questi virus.
Se non l'hai ancora fatto disattiva il ripristino di sistema

[AdrInteR]

a-squared Free - Version 3.0
Last update: 12/10/2007 14.43.38

Impostazioni scansione:

Oggetti: Memoria, Tracce, Cookies, C:\WINDOWS\, C:\Programmi
Archivio scansioni: On
Scientifico: On
ADS Scan: On

Scansione avviata: 13/10/2007 14.27.20

C:\Programmi\EA GAMES\The Sims 2 Nightlife\TSBin\Sims2EP2.exe rilevati: Heuristic.Dialer.RAS

Scansionati

Files: 42400
Tracce: 338752
Cookies: 106
Processi: 36

Rilevato

Files: 1
Tracce: 0
Cookies: 0
Processi: 0
Chiavi registro: 0

Fine scansione: 13/10/2007 14.50.38
Tempo scansione: 0.23.18

quando ho disattivato il ripristino di sistema mi è salito un giga in + in C...è normale??


ecco altra cosa...ho scaricato scanSpyware...e mi ha trovato un bel po di cose...solo che mi pare strano...beh il risultato è questo



Application Information

=======================
Application Version: ScanSpyware v3.8 build 3.8.0.4
Original Database: pests07-25-07.db
Updated Database: ssdb101107.db
Current Date: Saturday, October 13, 2007 07:38:26 PM
__________________________________________________

Directories recognized:
=======================
__________________________________________________

Files recognized:

=================
[Keylog-AG]
C:\WINDOWS\system32\perfh010.dat
__________________________________________________
Registry keys recognized:
=========================
[Chivio.A]
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\ARCHIVIOSEX.NET
[Chivio.A]
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\OTHERCHANCE.COM
[Chivio.C]
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\SGRUNT.BIZ
[MainPean]
HKEY_CURRENT_USER\SOFTWARE\FreeWare
[Trojan.Media-Codec]
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\RANGES\RANGE1
[Trojan.Media-Codec]
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\RANGES\RANGE2
[Trojan.Media-Codec]
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\RANGES\RANGE3
[Trojan.Media-Codec]
HKEYCURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\RANGES\RANGE4
[Trojan.Media-Codec]
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\RANGES\RANGE5
[Trojan.Media-Codec]
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\RANGES\RANGE6
[Trojan.Media-Codec]
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\RANGES\RANGE7
[Trojan.Media-Codec]
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\RANGES\RANGE8
[Trojan.Media-Codec]
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\RANGES\RANGE9
[Trojan.Media-Codec]
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\RANGES\RANGE10
[Trojan.Media-Codec]
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\RANGES\RANGE11
[Trojan.Media-Codec]
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\RANGES\RANGE12
[Trojan.Media-Codec]
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\RANGES\RANGE13
[Trojan.Media-Codec]
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\RANGES\RANGE14
[Trojan.Media-Codec]
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\RANGES\RANGE15
[Trojan.Media-Codec]
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\RANGES\RANGE16
[Trojan.Media-Codec]
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\FUNCODEC.COM
[Trojan.Media-Codec]
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\GOCODEC.COM
[Trojan.Media-Codec]
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\GOMYRON.COM
[Trojan.Media-Codec]
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\INC-CODEC.COM
[Trojan.Media-Codec]
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\MALWAREALARM.COM
[Trojan.Media-Codec]
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\NMEXTENSIONS.COM
[Trojan.Media-Codec]
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\THE-CODEC.COM
[Trojan.Media-Codec]
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\WEB-CODEC.COM
[Trojan.Media-Codec]
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\GREATCODEC.COM
[Trojan.Media-Codec]
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\HOST-CODEC.COM
[Trojan.Media-Codec]
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\MICRO-CODEC.COM
[Trojan.Media-Codec]
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\HOTELCODEC.COM
[Trojan.Media-Codec]
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\YGSONDHEKS.INFO
________________________________________________
Registry values recognized:

[Sante62]

Ogni programma del genere ti trova cose differenti rispetto ad un altro.
Ti consiglio, comunque di disinstallare Ea Games da installazione applicazioni e vedi come va il PC. Ogni tentativo a questo punto, potrebbe essere quello giusto, anche se potrebbe non dipendere da malware.
Tieni d'occhio task manager area processi, e se ne vedi qualcuno che occupa più risorse potresti terminarlo. Casomai indicane quì il nome.
Purtroppo non so di preciso quale possa essere che ti causa questo problema.

[AdrInteR]

altra scansione...io nn ci capisco nulla...ditemi voi se cè qlcs che nn va

SmitFraudFix v2.240

Scan done at 21.20.45,93, 13/10/2007
Run from C:\Documents and Settings\Admin\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Versione 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1AEFE714-11DB-40D3-9959-27AAC3A4E86E}: DhcpNameServer=151.99.125.2 151.99.125.3
HKLM\SYSTEM\CS1\Services\Tcpip\..\{875DD1B6-FB00-4185-9772-14356DDD471A}: DhcpNameServer=151.99.0.100 151.99.125.2 151.99.125.3 192.168.1.10
HKLM\SYSTEM\CS2\Services\Tcpip\..\{1AEFE714-11DB-40D3-9959-27AAC3A4E86E}: DhcpNameServer=151.99.125.2 151.99.125.3
HKLM\SYSTEM\CS2\Services\Tcpip\..\{875DD1B6-FB00-4185-9772-14356DDD471A}: DhcpNameServer=151.99.0.100 151.99.125.2 151.99.125.3 192.168.1.10
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9A628C0D-8CB4-4328-A999-787FC8ECF46C}: NameServer=85.37.17.4 85.38.28.70
HKLM\SYSTEM\CS3\Services\Tcpip\..\{1AEFE714-11DB-40D3-9959-27AAC3A4E86E}: DhcpNameServer=151.99.125.2 151.99.125.3
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=151.99.125.2 151.99.125.3
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=151.99.125.2 151.99.125.3

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

[Sante62]

Veramente neanch'io so più che pesci pigliare. Non fare più scansioni per il momento...
Pare che quest'ultimo programma abbia trovato una sottoschiave di Winlogon infetta e dovrebbe averla rimossa. Ed è strano che gli altri non l'abbiano individuata. Complimenti anche a te per la perseveranza. Riscontri differenze col PC ora?.
Comunque diamo una controllata:
Apri il registro di sistema da start->esegui->digita regedit.
Naviga attraverso queste chiavi:

[AdrInteR]

[Sante62]

Ok, le chiavi sono a posto.
I servizi che indichi e cioè ashWebSv.exe e ahServ.exe ( o ashServ.exe?)
dovrebbero appartenere ad Avast. Ho prpvato a cercare in giro e ho trovato una possibile soluzione: