HijackThis

salve raga gentilmente mi date 1occhiata al log e soprattutto i name server e normale averne 10? grazie

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12.17.19, on 12/02/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19170)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Users\raffy\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\program files\avira\antivir desktop\avcenter.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&s=2&o=vp32&d=0211&m=aspire_5315
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&s=2&o=vp32&d=0211&m=aspire_5315
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\raffy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D5DE223-1920-4426-88C1-7F36A6497A81}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{3a539854-6a70-11db-887c-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{42495062-418B-4E73-A0B9-42AC1DF3B1C7}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D8AD6D6-5228-4B54-9409-F79F15B7D0DF}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{811A25B6-D49F-46D9-86FC-7CBFD36BEB41}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{9246F8C2-F719-4862-A46A-290FC329D964}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD708510-44AC-4827-9015-B872BBA7E3AC}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC6A6827-4C62-4C3E-BB0E-6CA1EDA5E385}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{E642586A-7013-4537-B65D-FC0586CE24C5}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA041D59-873A-4C2A-93A1-A7695AF99569}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{F18A505A-43DB-4117-9B89-CF2B6811D440}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{2D5DE223-1920-4426-88C1-7F36A6497A81}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{2D5DE223-1920-4426-88C1-7F36A6497A81}: NameServer = 176.31.229.24,176.31.229.25
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\raffy\AppData\Local\ServUpdater\ServiceUpd.exe

--
End of file - 8261 bytes

hai un trojan,
fai come ho detto nel quarto messaggio di questa discussione
con la differenza che tu devi fixare almeno questa
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
poi se non conosci l'idirizzo ip 176.31.229.24
fixa pure quelle 13

poi, per ottimizzare il pc, io consiglio sempre di disinstallare le toolbar che non si usano,
per esempio la ask toolbar la usi, ti serve, la vuoi? Se si lasciala,
se non te ne importa ed è il risultato di un installazione di un programma che aveva allegato la ask toolbar,
toglila perchè consuma inutilmente risorse del tuo pc,
questo vale anche per le altre come la google toolbar.

Quando hai finito aggiorna l'antivirus, e settagli la scansione programmata di tutto il pc almeno due volte settimana, se non lo hai già fatto.

Ciao

redribbon, 16/02/2012 21.06:

---

hai un trojan,
fai come ho detto nel quarto messaggio di questa discussione
con la differenza che tu devi fixare almeno questa
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
poi se non conosci l'idirizzo ip 176.31.229.24
fixa pure quelle 13

poi, per ottimizzare il pc, io consiglio sempre di disinstallare le toolbar che non si usano,
per esempio la ask toolbar la usi, ti serve, la vuoi? Se si lasciala,
se non te ne importa ed è il risultato di un installazione di un programma che aveva allegato la ask toolbar,
toglila perchè consuma inutilmente risorse del tuo pc,
questo vale anche per le altre come la google toolbar.

Quando hai finito aggiorna l'antivirus, e settagli la scansione programmata di tutto il pc almeno due volte settimana, se non lo hai già fatto.

Ciao

---

[/POSTQU
grazie redribbon lo faro' appena aggiusto lo gek dell'alimentazione

VEDI NAPOLI E POI MUORI (toto')