Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Mi controllate il LOG di HijackThis, per favore. Un grazie anticipato.

Mi controllate il LOG di HijackThis, per favore. Un grazie anticipato. Opzioni
Topic Precedente · Topic Sucessivo
iannucci
Inviato: Thursday, April 03, 2008 4:34:21 PM
Rank: Newbie

Iscritto dal : 4/3/2008
Posts: 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.14.57, on 03/04/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\ibmpmsvc.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\McAfee\Host Intrusion Prevention\FireSvc.exe
C:\Programmi\File comuni\McAfee\Foundscan\FSLogDispatcher.exe
C:\Programmi\McAfee\Common Framework\FrameworkService.exe
C:\Programmi\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Programmi\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Programmi\McAfee\MPE Scanner\MPEScanner.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\tp4serv.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINNT\system32\dla\tfswctrl.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\WINNT\system32\ICO.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\WINNT\system32\RunDll32.exe
C:\WINNT\system32\Pelmiced.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\Qctray.exe
C:\WINNT\system32\PRPCUI.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINNT\system32\UMonit2k.exe
C:\Programmi\File comuni\Ulead Systems\AutoDetector\monitor.exe
C:\Programmi\ClocX\ClocX.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\WINNT\System32\QCONSVC.EXE
C:\Programmi\McAfee\Common Framework\UdaterUI.exe
C:\Programmi\SiteAdvisor\6170\SiteAdv.exe
C:\WINNT\system32\regsvc.exe
C:\Programmi\McAfee\Common Framework\McTray.exe
C:\WINNT\system32\MSTask.exe
C:\Programmi\File comuni\Lenovo\Scheduler\scheduler_proxy.exe
C:\Programmi\SiteAdvisor\6170\SAService.exe
C:\WINNT\System32\snmp.exe
c:\Programmi\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Programmi\File comuni\Lenovo\tvt_reg_monitor_svc.exe
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINNT\system32\internat.exe
C:\Programmi\ClamWin\bin\ClamTray.exe
C:\Programmi\File comuni\Lenovo\Scheduler\tvtsched.exe
C:\Programmi\McAfee\Host Intrusion Prevention\FireTray.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\File comuni\McAfee\Foundscan\FSLogToDiskSvc.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programmi\SiteAdvisor\6170\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programmi\McAfee\VirusScan Enterprise\scriptcl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programmi\SiteAdvisor\6170\SiteAdv.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [AtiPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [tourpath] regedit /s c:\winnt\tour.reg
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [dla] C:\WINNT\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\NTFSCLUP.EXE
O4 - HKLM\..\Run: [CSScheduleCheck] C:\CFGSAFE\SCHWIZEX.EXE -CHECK
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [QCTRAY] C:\PROGRA~1\ThinkPad\CONNEC~1\Qctray.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINNT\system32\UMonit2k.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programmi\File comuni\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [ClocX] C:\Programmi\ClocX\ClocX.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmi\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmi\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SiteAdvisor] C:\Programmi\SiteAdvisor\6170\SiteAdv.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programmi\File comuni\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [frymxins] "C:\Programmi\ATI Technologies\Fire GL 3D Studio Max\atiimxgl"
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Programmi\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: McAfee Host Intrusion Prevention Tray.lnk = C:\Programmi\McAfee\Host Intrusion Prevention\FireTray.exe
O15 - Trusted Zone: www.698698698.info
O15 - Trusted Zone: www.fessuraumida.com
O15 - Trusted Zone: www.qoogler.com
O15 - Trusted Zone: www.sgnappo.com
O15 - Trusted Zone: www.tuttoavolonta.com
O15 - Trusted Zone: www.whatsnew.name
O15 - Trusted Zone: www.www.sessosubito.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = casaccia.enea.it
O17 - HKLM\System\CCS\Services\Tcpip\..\{453F4099-9B4F-4314-B772-8E81DB6E8B09}: Domain = casaccia.enea.it
O17 - HKLM\System\CCS\Services\Tcpip\..\{453F4099-9B4F-4314-B772-8E81DB6E8B09}: NameServer = 192.107.71.175,192.107.71.13
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = casaccia.enea.it
O17 - HKLM\System\CS1\Services\Tcpip\..\{453F4099-9B4F-4314-B772-8E81DB6E8B09}: Domain = casaccia.enea.it
O17 - HKLM\System\CS1\Services\Tcpip\..\{453F4099-9B4F-4314-B772-8E81DB6E8B09}: NameServer = 192.107.71.175,192.107.71.13
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = casaccia.enea.it
O17 - HKLM\System\CS2\Services\Tcpip\..\{453F4099-9B4F-4314-B772-8E81DB6E8B09}: Domain = casaccia.enea.it
O17 - HKLM\System\CS2\Services\Tcpip\..\{453F4099-9B4F-4314-B772-8E81DB6E8B09}: NameServer = 192.107.71.175,192.107.71.13
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee Host Intrusion Prevention Service (enterceptAgent) - McAfee, Inc. - C:\Programmi\McAfee\Host Intrusion Prevention\FireSvc.exe
O23 - Service: FSLogDispatcher - McAfee, Inc. - C:\Programmi\File comuni\McAfee\Foundscan\FSLogDispatcher.exe
O23 - Service: FSLogToDiskSvc - McAfee, Inc. - C:\Programmi\File comuni\McAfee\Foundscan\FSLogToDiskSvc.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINNT\system32\ibmpmsvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Programmi\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Programmi\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Programmi\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Network Access Control Scanner (MPEScanner) - McAfee, Inc. - C:\Programmi\McAfee\MPE Scanner\MPEScanner.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Programmi\PC Tools Firewall Plus\FWService.exe
O23 - Service: QCONSVC - Unknown owner - C:\WINNT\System32\QCONSVC.EXE
O23 - Service: Servizio SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Programmi\SiteAdvisor\6170\SAService.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programmi\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programmi\File comuni\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programmi\File comuni\Lenovo\Scheduler\tvtsched.exe

--
End of file - 9280 bytes
Brick wall
Torna in alto
 
Sponsor
Inviato: Thursday, April 03, 2008 4:34:21 PM

 
Torna in alto
 
ermione
Inviato: Thursday, April 03, 2008 4:43:01 PM

Rank: Member

Iscritto dal : 1/25/2006
Posts: 359
hai un bel po di schifezze da togliere aspetta che ti risponda chi è più attrezzato per farteli togliere
Torna in alto
 
r16
Inviato: Thursday, April 03, 2008 6:16:32 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao iannucci .

Assicurati di avere accesso a file e cartelle nascosti
(Pannello di controllo-> Opzioni Cartella-> Visualizzazione)
1) Metti la spunta su: Visualizza file e cartelle nascoste
2) Togli la spunta: nascondi file protetti di sistema

Disattiva il ripristino configurazione di sistema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Se non sai "fixare"le voci,segui questa guida dettagliata: http://www.aiutaamici.com/software?ID=11175

Avvia in modalità provvisoria http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80122

Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked:


O15- Trusted Zone: www.698698698.info
O15 - Trusted Zone: www.fessuraumida.com
O15 - Trusted Zone: www.qoogler.com
O15 - Trusted Zone: www.sgnappo.com
O15 - Trusted Zone: www.tuttoavolonta.com
O15 - Trusted Zone: www.whatsnew.name
O15 - Trusted Zone: www.www.sessosubito.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = casaccia.enea.it
O17 - HKLM\System\CCS\Services\Tcpip\..\{453F4099-9B4F-4314-B772-8E81DB6E8B09}: Domain = casaccia.enea.it
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = casaccia.enea.it
O17 - HKLM\System\CS1\Services\Tcpip\..\{453F4099-9B4F-4314-B772-8E81DB6E8B09}: Domain = casaccia.enea.it
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = casaccia.enea.it
O17 - HKLM\System\CS2\Services\Tcpip\..\{453F4099-9B4F-4314-B772-8E81DB6E8B09}: Domain = casaccia.enea.it


Scarica VIRIT :
http://www.tgsoft.it/italy/download.htm lo aggiorni (cliccando sulla parabola in alto) e lo fai girare in Modalità Provvisoria (è molto importante).

Scarica Spy-Bot da qui http://www.aiutaamici.com/software?ID=10831 e fai una scansione sempre in Modalità Provvisoria.

Dai una pulita (registro compreso)con questo http://www.aiutaamici.com/software?ID=11223

Riavvia il computer.

Fai una scansione on-line con questo; http://www.pandasoftware.com/activescan/it/activescan_principal.htm

Ricordati di rinascondere le cartelle di sistema;
Riattiva il ripristino configurazione di sistema e, se tutto è a posto, creane uno nuovo.
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Mi controllate il LOG di HijackThis, per favore. Un grazie anticipato.


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.