Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

controli il log file Opzioni
faccino
Inviato: Tuesday, March 08, 2005 3:37:13 PM
Rank: AiutAmico

Iscritto dal : 2/3/2005
Posts: 38
Logfile of HijackThis v1.99.0
Scan saved at 15.25.26, on 08/03/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\tp4serv.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\tphkmgr.exe
C:\WINNT\system32\PRPCUI.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINNT\system32\netstub.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\system32\msc32.exe
C:\WINNT\system32\apphost.exe
C:\WINNT\si.exe
C:\WINNT\system32\scvhvst.exe
C:\WINNT\SYSCFG16.EXE
C:\WINNT\system32\lsass32.exe
C:\WINNT\system32\MoneyMgr32.exe
C:\WINNT\system32\msc23.exe
C:\WINNT\system32\winampa.exe
C:\Documents and Settings\Administrator\Dati applicazioni\sgrunt\IE4321.exe
C:\WINNT\system32\firewalled.exe
C:\WINNT\system32\mssrvs.exe
C:\WINNT\system32\WireConnect.exe
C:\WINNT\system32\svhost.exe
C:\WINNT\system32\msgfix.exe
C:\WINNT\system32\Nxcxtpr.exe
C:\WINNT\system32\nese.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\netstub.exe
C:\WINNT\system32\apphost.exe
C:\Documents and Settings\Administrator\Dati applicazioni\rois.exe
C:\WINNT\system32\scvhvst.exe
C:\WINNT\system32\winampa.exe
C:\WINNT\system32\servenxpp.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\WINNT\system32\firewalled.exe
C:\WINNT\system32\svhost.exe
C:\WINNT\system32\WireConnect.exe
C:\WINNT\system32\msgfix.exe
C:\CFGSAFE\AUTOCHK.EXE
C:\WINNT\system32\syswork.exe
C:\WINNT\system32\netreg.exe
C:\Programmi\ThinkPad\Utilities\tponscr.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1040,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [tourpath] regedit /s c:\winnt\tour.reg
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TpHotkey] C:\PROGRA~1\ThinkPad\UTILIT~1\tphkmgr.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NetStubler] netstub.exe
O4 - HKLM\..\Run: [Bcvsrv32] msc32.exe
O4 - HKLM\..\Run: [Configuration] apphost.exe
O4 - HKLM\..\Run: [REGRUN] C:\WINNT\si.exe
O4 - HKLM\..\Run: [Microsoft Office Studio] scvhvst.exe
O4 - HKLM\..\Run: [Windows System Configuration] C:\WINNT\SYSCFG16.EXE
O4 - HKLM\..\Run: [Dll loader Windows] C:\WINNT\SYSCFG16.EXE
O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINNT\SYSCFG16.EXE
O4 - HKLM\..\Run: [lsass32] lsass32.exe
O4 - HKLM\..\Run: [MoneyMgr32.exe] MoneyMgr32.exe
O4 - HKLM\..\Run: [msc23] msc23.exe
O4 - HKLM\..\Run: [Configurationz Loaderz] winampa.exe
O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\Administrator\Dati applicazioni\sgrunt\IE4321.exe
O4 - HKLM\..\Run: [Computing Technologie Firewall] firewalled.exe
O4 - HKLM\..\Run: [mssrvs01] mssrvs.exe
O4 - HKLM\..\Run: [wuauclt] c:\winnt\system32\drivers\start.bat
O4 - HKLM\..\Run: [Wireless Conections] WireConnect.exe
O4 - HKLM\..\Run: [Microsoft Synchronization Manager] svhost.exe
O4 - HKLM\..\Run: [Configuration Loader] msgfix.exe
O4 - HKLM\..\Run: [winapildr] C:\windows\system\fuck.bat
O4 - HKLM\..\Run: [Microsoft Office] Nxcxtpr.exe
O4 - HKLM\..\Run: [NDIS Adapter] servenxpp.exe
O4 - HKLM\..\Run: [Help Temp Files] netreg.exe
O4 - HKLM\..\Run: [Working System Analyzer] syswork.exe
O4 - HKLM\..\Run: [Microsoft Neser Experience] nese.exe
O4 - HKLM\..\RunServices: [Bcvsrv32] msc32.exe
O4 - HKLM\..\RunServices: [NetStubler] netstub.exe
O4 - HKLM\..\RunServices: [Configuration] apphost.exe
O4 - HKLM\..\RunServices: [Microsoft Office Studio] scvhvst.exe
O4 - HKLM\..\RunServices: [lsass32] lsass32.exe
O4 - HKLM\..\RunServices: [MoneyMgr32.exe] MoneyMgr32.exe
O4 - HKLM\..\RunServices: [msc23] msc23.exe
O4 - HKLM\..\RunServices: [Configurationz Loaderz] winampa.exe
O4 - HKLM\..\RunServices: [Computing Technologie Firewall] firewalled.exe
O4 - HKLM\..\RunServices: [mssrvs01] mssrvs.exe
O4 - HKLM\..\RunServices: [Wireless Conections] WireConnect.exe
O4 - HKLM\..\RunServices: [Microsoft Synchronization Manager] svhost.exe
O4 - HKLM\..\RunServices: [Configuration Loader] msgfix.exe
O4 - HKLM\..\RunServices: [Microsoft Office] Nxcxtpr.exe
O4 - HKLM\..\RunServices: [NDIS Adapter] servenxpp.exe
O4 - HKLM\..\RunServices: [Help Temp Files] netreg.exe
O4 - HKLM\..\RunServices: [Working System Analyzer] syswork.exe
O4 - HKLM\..\RunServices: [Microsoft Neser Experience] nese.exe
O4 - HKLM\..\RunOnce: [NDIS Adapter] servenxpp.exe
O4 - HKLM\..\RunOnce: [Working System Analyzer] syswork.exe
O4 - HKLM\..\RunOnce: [Help Temp Files] netreg.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [NetStubler] netstub.exe
O4 - HKCU\..\Run: [Configuration] apphost.exe
O4 - HKCU\..\Run: [Sesa] C:\Documents and Settings\Administrator\Dati applicazioni\rois.exe
O4 - HKCU\..\Run: [Microsoft Office Studio] scvhvst.exe
O4 - HKCU\..\Run: [Help Temp Files] netreg.exe
O4 - HKCU\..\Run: [Configurationz Loaderz] winampa.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Computing Technologie Firewall] firewalled.exe
O4 - HKCU\..\Run: [Microsoft Synchronization Manager] svhost.exe
O4 - HKCU\..\Run: [Wireless Conections] WireConnect.exe
O4 - HKCU\..\Run: [Configuration Loader] msgfix.exe
O4 - HKCU\..\Run: [Internet Explorer] IE.EXE
O4 - HKCU\..\Run: [Microsoft Office] Nxcxtpr.exe
O4 - HKCU\..\Run: [NDIS Adapter] servenxpp.exe
O4 - HKCU\..\Run: [Working System Analyzer] syswork.exe
O4 - HKCU\..\RunOnce: [NDIS Adapter] servenxpp.exe
O4 - HKCU\..\RunOnce: [Help Temp Files] netreg.exe
O4 - HKCU\..\RunOnce: [Working System Analyzer] syswork.exe
O4 - Global Startup: AUTOCHK.LNK = C:\CFGSAFE\AUTOCHK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O10 - Hijacked Internet access by New.Net
O15 - Trusted Zone: www.master69.biz
O15 - Trusted Zone: www.sgrunt.biz
O15 - Trusted Zone: www.yeak.net
O16 - DPF: {31F11DFA-3A23-4BC0-89B4-2FB3FB43525B} (Pro_Web016.ProWeb016) - http://sessogratis.net/ProWeb016.CAB
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=4595
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {C7CF4846-0324-4B83-B810-C4BF61029E02} (Pro_Web04.ProWeb604) - http://67.15.5.151/ProWeb604.CAB
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1019465.exe
O16 - DPF: {FFCEABDA-C04E-7F4A-E9B6-DFA72B2F49FB} - http://195.225.169.17/access/dia/adult.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://www.sgrunt.biz/closer/close.exe
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programmi\HP\hpcoretech\comp\hpuiprot.dll
O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Servizio amministrativo di Gestione disco logico - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: fbxqz - Unknown - \\37.255.16.214\admin$\dnssvc32.exe (file missing)
O23 - Service: IBM PM Service - IBM Corp. - C:\WINNT\System32\ibmpmsvc.exe
O23 - Service: mmswzw - Unknown - \\37.9.234.82\ADMIN$\mssrvs32.exe (file missing)
O23 - Service: rjkpr - Unknown - \\37.9.234.82\ADMIN$\MoneyMgr32.exe (file missing)
O23 - Service: srdumfx - Unknown - \\37.9.234.82\ADMIN$\mssrvs32.exe (file missing)

Sponsor
Inviato: Tuesday, March 08, 2005 3:37:13 PM

 
alfonso
Inviato: Tuesday, March 08, 2005 3:57:06 PM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Ciao Faccino

il sistema e molto infetto, esegui queste operazioni

scarica i programmi AD-AWARE e SPYBOT da questo indirizzo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N
installali e aggiornali

poi riavvia il computer in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

e in modalità provvisoria fai ripetute scansioni con Adaware e Spybot e con un programma Antivirus

riavvia in modalità provvisoria e fai nuovamente le scansioni, fino a che questi programmi non eliminano tutti i problemi

quindi rimandami il log di Hijack da fare in modalità normale.

Collaboratore Aiutamici
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.