Benvenuto Ospite

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo log

Controllo log

Opzioni

Topic Precedente · Topic Sucessivo

loppa

Inviato: Monday, January 21, 2008 1:32:21 PM

Rank: AiutAmico

Iscritto dal : 8/11/2005
Posts: 108

Salve amici, avrei bisogno di una controllata al log. All'avvio mi partono una serie di programmi che io non voglio tipo: Clone, Quick Time,Schedule Recording ed altri. Vado su msconfig, tolgo la spunta ai programmi e, normalmente al riavvio mi si ripresentano ancora. Un aiuto Grazie Aldo
.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.23.55, on 21/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
F:\Programmi\Folder Shield\FSService.exe
F:\Programmi\Folder Shield\fsp.exe
F:\Programmi\Power Translator 10\LogoMedia TranslateDotNet Server.exe
F:\WINDOWS\system32\lvhidsvc.exe
F:\Programmi\CyberLink\Shared Files\RichVideo.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\rundll32.exe
F:\PROGRA~1\Grisoft\AVG7\avgcc.exe
F:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
F:\WINDOWS\system32\VTTimer.exe
F:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
F:\Programmi\Java\jre1.5.0_03\bin\jusched.exe
F:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
F:\Programmi\LifeView TVR\RecSche.exe
F:\Programmi\QuickTime\qttask.exe
F:\Programmi\Musicmatch\Musicmatch Jukebox\mmtask.exe
F:\Programmi\Elaborate Bytes\CloneCD\CloneCDTray.exe
F:\Programmi\MSN Messenger\MsnMsgr.Exe
F:\Programmi\Messenger\msmsgs.exe
F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE
F:\WINDOWS\system32\ctfmon.exe
F:\Programmi\Digisoft AntiDialer\AntiDialer.exe
F:\WINDOWS\system32\wuauclt.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Documents and Settings\Aldo\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - F:\Programmi\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - (no file)
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - F:\Programmi\Xi\NetXfer\NXToolBar.dll
O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - F:\Programmi\Power Translator 10\Applications\LEC IE Translation Extension.dll
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "F:\Programmi\StarModem\StarModem USB Network\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network"
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB002" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [ZoneAlarm Client] "F:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "F:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Programmi\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "F:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RecSche] "F:\Programmi\LifeView TVR\RecSche.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] "F:\Programmi\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [meet great active lies] F:\Documents and Settings\All Users\Dati applicazioni\soft chic meet great\Book Mp3.exe
O4 - HKLM\..\Run: [CloneCDTray] "F:\Programmi\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "F:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKCU\..\Run: [WhenUSave] "F:\Programmi\Save\Save.exe"
O4 - HKCU\..\Run: [msnmsgr] "F:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "F:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus Photo R240 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /M "Stylus Photo R240" /EF "HKCU"
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Axis fast] F:\DOCUME~1\LUCA\DATIAP~1\HEARTP~1\Hoperoad.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] F:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digisoft AntiDialer.lnk = F:\Programmi\Digisoft AntiDialer\AntiDialer.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Salva oggetto con NetXfer - F:\Programmi\Xi\NetXfer\NXAddLink.html
O8 - Extra context menu item: Salva tutti gli oggetti con NetXfer - F:\Programmi\Xi\NetXfer\NXAddList.html
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - F:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - F:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103402189425
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ercappe1614.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - file://H:\SOFTWARE\MagicMovie\setup.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Autodesk Licensing Service - Autodesk - F:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: FSService - Unknown owner - F:\Programmi\Folder Shield\FSService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - F:\Programmi\Power Translator 10\LogoMedia TranslateDotNet Server.exe
O23 - Service: Remote HID Service (LvHidSvc) - Animation Technologies Inc. - F:\WINDOWS\system32\lvhidsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - F:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - F:\Programmi\WinPcap\rpcapd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8906 bytes

Torna in alto

Sponsor

Inviato: Monday, January 21, 2008 1:32:21 PM

Torna in alto

pidue

Inviato: Monday, January 21, 2008 4:45:22 PM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332

Ciao,
Chiudi HijackThis in una cartella a lui dedicata (possibilmente non sul desktop), altrimenti perdi i backup;

Disattiva il Ripristino configurazione di Sistema come qui descritto

avvia in modalità provvisoria come qui descritto

rendi visibili le cartelle nascoste ------ > procedura:
da Risorse del computer:
Strumenti >> Opzioni cartella >> visualizzazione;
metti la spunta su:
Visualizza file e cartelle nascoste;
togli la spunta da:
Nascondi file protetti del sistema(consigliato)

Avvia hijackthis, con tutte le applicazioni chiuse, premi su Do a system scan only , spunta ed elimina (fix checked) le seguenti righe:

O3 - Toolbar: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - (no file)
O4 - HKLM\..\Run: [meet great active lies] F:\Documents and Settings\All Users\Dati applicazioni\soft chic meet great\Book Mp3.exe
O4 - HKCU\..\Run: [WhenUSave] "F:\Programmi\Save\Save.exe
O4 - HKCU\..\Run: [Axis fast] F:\DOCUME~1\LUCA\DATIAP~1\HEARTP~1\Hoperoad.exe
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ercappe1614.spaces.live.com/PhotoUpload/MsnPUpld.cab

Trova e cancella la cartella in rosso
_______________________________
F:\Programmi\Save
_______________________________

cancella i file in rosso:
________________________________________________________________________________________
F:\Documents and settings\LUCA\Dati applicazioni\HEARTP~1\Hoperoad.exe
F:\Documents and Settings\All Users\Dati applicazioni\soft chic meet great\Book Mp3.exe
________________________________________________________________________________________

cancella i file temporanei del tuo profilo in questo modo:
Start >> Esegui. Scrivi (o copia e incolla) la stringa %temp%, clicca su Ok, così facendo accedi alla cartella temp;

Vai su Strumenti >> Opzioni Internet, elimina la cronologia, i files temporanei internet, i cookies;

svuota il cestino;

riavvia il computer normalmente.
Fai un controllo antivirus a questo indirizzo
Alla fine:

rinascondi le cartelle di sistema;
riattiva il ripristino configurazione di sistema e, se tutto è a posto, creane uno nuovo.

Torna in alto

Utenti presenti in questo topic

Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo log

Salta al Forum

Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Invia topic via Email

RSS Feed

Watch this topic

Stampa topic

Normale

Threaded