Benvenuto Ospite

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo log - please!!!!

Controllo log - please!!!!

Opzioni

Topic Precedente · Topic Sucessivo

Romina25

Inviato: Monday, March 21, 2005 11:18:53 AM

Rank: Member

Iscritto dal : 3/21/2005
Posts: 0

Sto seguendo la procedura da voi segnalata in un altro quesito..ma nn vorrei elimnare qlcas di importante!

Grazie

Logfile of HijackThis v1.99.1
Scan saved at 11.02.34, on 21/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\HHVcdV6Sys\VC6SecS.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Apoint2K\Apoint.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Java\jre1.5.0\bin\jusched.exe
C:\iesetup.exe
C:\lc.mus.exe
C:\Documents and Settings\Romina\figgaz.exe
C:\gamma.exe
C:\Program Files\Preview AdService\PrevAdServ.exe
C:\WINDOWS\system32\Norton2005Update.exe
C:\Programmi\HHVcdV6Sys\VC6Play.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\msupdater.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Program Files\Preview AdService\PrevAdKeep.exe
C:\Programmi\Apoint2K\Apntex.exe
C:\Programmi\Virtual CD v6\System\VC6Tray.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\WinMX\WinMX.exe
C:\PROGRA~1\YAHOO!\MESSEN~1\ymsgr_tray.exe
C:\Programmi\Firefox\firefox.exe
C:\Programmi\Outlook Express\msimn.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\TRADOS\T65_FL\TT\TW4Win.exe
C:\PC-BIB\pcbib_bi.exe
C:\Documents and Settings\Romina\Impostazioni locali\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [9EOhH7xVK] C:\WINDOWS\csvjltbp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [MS Updating Utility] msupdater.exe
O4 - HKLM\..\Run: [REGRUN] C:\iesetup.exe
O4 - HKLM\..\Run: [REGRUN_4] C:\lc.mus.exe
O4 - HKLM\..\Run: [Windows Service Pack Auto Update] C:\Documents and Settings\Romina\figgaz.exe
O4 - HKLM\..\Run: [NAV Auto Updates] navupdaterx.exe
O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\Romina\IMPOST~1\Temp\SAHAGE~1.EXE run
O4 - HKLM\..\Run: [Update Schedule] C:\gamma.exe
O4 - HKLM\..\Run: [Virus Protect] vrsprtc.exe
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] "C:\Programmi\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe"
O4 - HKLM\..\Run: [Preview AdService] C:\Program Files\Preview AdService\PrevAdServ.exe
O4 - HKLM\..\Run: [MS Unix Binary] Norton2005Update.exe
O4 - HKLM\..\Run: [VC6Player] C:\Programmi\HHVcdV6Sys\VC6Play.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\RunServices: [MS Updating Utility] msupdater.exe
O4 - HKLM\..\RunServices: [NAV Auto Updates] navupdaterx.exe
O4 - HKLM\..\RunServices: [Virus Protect] vrsprtc.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] Norton2005Update.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NAV Auto Updates] navupdaterx.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MSPluginSrvc] p3.exe
O4 - HKCU\..\Run: [MS Updating Utility] msupdater.exe
O4 - HKCU\..\Run: [Dynamic Dns Binary] dynitora.exe
O4 - HKCU\..\Run: [MS Unix Binary] Norton2005Update.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe" -quiet
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O4 - Global Startup: PC-Bibliothek-Direktsuche.lnk = C:\PC-BIB\PCLib.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5769C63-C1F3-4CBB-8923-8DE8189FB90D}: NameServer = 85.37.17.8 151.99.125.1
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Virtual CD v6 Management Service (VC6SecS) - H+H Software GmbH - C:\Programmi\HHVcdV6Sys\VC6SecS.exe

Torna in alto

Sponsor

Inviato: Monday, March 21, 2005 11:18:53 AM

Torna in alto

alfonso

Inviato: Monday, March 21, 2005 1:12:42 PM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132

Ciao ,
esegui queste operazioni

1) Disattiva il ripristino di configurazione, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=257&SH=N

2) riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono, (nel caso le righe da eliminare non compaiono in modalità provvisoria, eliminale dalla modalità normale e riavvia il computer).

==================================
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll
-
O4 - HKLM\..\Run: [9EOhH7xVK] C:\WINDOWS\csvjltbp.exe
-
O4 - HKLM\..\Run: [MS Updating Utility] msupdater.exe
O4 - HKLM\..\Run: [REGRUN] C:\iesetup.exe
O4 - HKLM\..\Run: [REGRUN_4] C:\lc.mus.exe
O4 - HKLM\..\Run: [Windows Service Pack Auto Update] C:\Documents and Settings\Romina\figgaz.exe
O4 - HKLM\..\Run: [NAV Auto Updates] navupdaterx.exe
O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\Romina\IMPOST~1\Temp\SAHAGE~1.EXE run
O4 - HKLM\..\Run: [Update Schedule] C:\gamma.exe
O4 - HKLM\..\Run: [Virus Protect] vrsprtc.exe
-
O4 - HKLM\..\Run: [Preview AdService] C:\Program Files\Preview AdService\PrevAdServ.exe
O4 - HKLM\..\Run: [MS Unix Binary] Norton2005Update.exe
-
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\RunServices: [MS Updating Utility] msupdater.exe
O4 - HKLM\..\RunServices: [NAV Auto Updates] navupdaterx.exe
O4 - HKLM\..\RunServices: [Virus Protect] vrsprtc.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] Norton2005Update.exe
-
O4 - HKCU\..\Run: [NAV Auto Updates] navupdaterx.exe
-
O4 - HKCU\..\Run: [MSPluginSrvc] p3.exe
O4 - HKCU\..\Run: [MS Updating Utility] msupdater.exe
O4 - HKCU\..\Run: [Dynamic Dns Binary] dynitora.exe
O4 - HKCU\..\Run: [MS Unix Binary] Norton2005Update.exe
-
O4 - Global Startup: PC-Bibliothek-Direktsuche.lnk = C:\PC-BIB\PCLib.exe
-
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
==================================

Con la funzione TROVA di Windows, cerca ed elimina questi file,

==================================
wsem303.dll
csvjltbp.exe
msupdater.exe
iesetup.exe
lc.mus.exe
figgaz.exe
navupdaterx.exe
gamma.exe
vrsprtc.exe
PrevAdServ.exe
Norton2005Update.exe
optimize.exe
msupdater.exe
navupdaterx.exe
p3.exe
dynitora.exe
PCLib.exe
==================================

SVUOTA la cartella C:\DOCUME~1\Romina\IMPOST~1\Temp

al termine utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

sempre in modalità provvisoria fai una scansione Antivirus

quindi riavvia il computer e controlla se il problema e risolto, se e tutto OK riattiva il ripristino configurazione disattivato all'inizio di questa procedura.

Collaboratore Aiutamici

Torna in alto

Utenti presenti in questo topic

Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo log - please!!!!

Salta al Forum

Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Invia topic via Email

RSS Feed

Watch this topic

Stampa topic

Normale

Threaded