Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

LOG HIJACK - PC UFFICIO Opzioni
diddl_82
Inviato: Friday, June 30, 2006 9:49:04 AM
Rank: Member

Iscritto dal : 10/28/2005
Posts: 3
Non è il mio pc, ma quello della moglie del capo:
ho rilevato 1095 malware, dopo una prima pulizia ne son rimasti 2


log:

Logfile of HijackThis v1.99.1
Scan saved at 9.44.02, on 30/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\F-SECU~1\backweb\1245240\Program\SERVIC~1.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Programmi\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Programmi\F-Secure Internet Security\backweb\1245240\program\fsbwsys.exe
C:\Programmi\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Programmi\F-Secure Internet Security\Common\FSMA32.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programmi\F-Secure Internet Security\Common\FSMB32.EXE
C:\Programmi\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Programmi\F-Secure Internet Security\backweb\1245240\Program\fspex.exe
C:\Programmi\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\Programmi\F-Secure Internet Security\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\F-Secure Internet Security\Common\FCH32.EXE
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\sistray.exe
C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\SKEYSRVC.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Programmi\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Programmi\F-Secure Internet Security\Anti-Virus\fsrw.exe
C:\Programmi\F-Secure Internet Security\FSPC\fspc.exe
C:\Programmi\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Programmi\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
C:\Programmi\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Utente\Desktop\SCANSIONI & ANTIVIRUS\hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmi\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programmi\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Programmi\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: Service Manager.lnk = C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: F-Secure 2006 OEM.lnk = C:\Programmi\F-Secure Internet Security\backweb\1245240\Program\fspex.exe
O8 - Extra context menu item: &Blocca questo popup - C:\Programmi\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O9 - Extra button: Filtro pagine Web - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmi\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programmi\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Filtro pagine Web - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programmi\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: Protezione IE - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmi\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protezione IE... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmi\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O17 - HKLM\System\CCS\Services\Tcpip\..\{50081D65-E764-4FF4-B9F3-62AE7873B483}: NameServer = 213.215.147.165,207.44.158.85
O17 - HKLM\System\CS1\Services\Tcpip\..\{50081D65-E764-4FF4-B9F3-62AE7873B483}: NameServer = 213.215.147.165,207.44.158.85
O17 - HKLM\System\CS2\Services\Tcpip\..\{50081D65-E764-4FF4-B9F3-62AE7873B483}: NameServer = 213.215.147.165,207.44.158.85
O23 - Service: F-Secure 2006 OEM (BackWeb Plug-in - 1245240) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\1245240\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Programmi\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Programmi\F-Secure Internet Security\backweb\1245240\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programmi\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Programmi\F-Secure Internet Security\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programmi\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: SmartKey Multilan Service (SkeySrvc) - Unknown owner - C:\WINDOWS\system32\SKEYSRVC.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

Aspetto risposta da Alfonso o Steven. Grazie

Dimenticavo FSecurity mi dava l'errore ieri di un Dialer e un Worm, oltre ad un Trojans e se li eliminavo mi diceva che era stato eliminato, tempo 1 secondo mi dava ancora il virus e così a catena...

ho ADSL con router di 4 pc
Sponsor
Inviato: Friday, June 30, 2006 9:49:04 AM

 
steven75
Inviato: Friday, June 30, 2006 5:23:46 PM
Rank: Member

Iscritto dal : 5/8/2006
Posts: 0
Ciao ,
ma che programma ti ha dato quel risultato ?
il log a parte questo é pulito : C:\WINDOWS\system32\SKEYSRVC.exe

Fai cosi__ Vai su www.virustotal.com ,carica il file mediante il tasto "sfoglia" , clicca su "send" e attendi il responso..

Al limite fai uno scan online :
http://steven.altervista.org/files/scan.html
diddl_82
Inviato: Monday, July 03, 2006 11:26:50 AM
Rank: Member

Iscritto dal : 10/28/2005
Posts: 3
l'antivirus Fsecurity mi ha dato gli avvisi per questo ho fatto il log. faccio la scansione on line e ti dico
diddl_82
Inviato: Monday, July 03, 2006 11:42:12 AM
Rank: Member

Iscritto dal : 10/28/2005
Posts: 3
no virus found. Grazie
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.