Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » .log hijackthis

.log hijackthis Opzioni
Topic Precedente · Topic Sucessivo
MRPauLBaD
Inviato: Tuesday, March 08, 2005 10:18:47 PM
Rank: Member

Iscritto dal : 3/6/2005
Posts: 0
Ho parecchi problemi che non riesco a eliminare . Ecco il .log

Logfile of HijackThis v1.99.0
Scan saved at 22.12.48, on 08/03/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\Programmi\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\ssoftsrv.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\WINNT\system32\carpserv.exe
C:\Programmi\Lexmark 3100 Series\lxbrbmgr.exe
C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\Lexmark 3100 Series\lxbrbmon.exe
C:\Programmi\Lexmark 3100 Series\lxbrcmon.exe
C:\WINNT\system32\ymklvg\ucdv.exe
C:\WINNT\system32\kpdgfdm\mumxefiw.exe
C:\WINNT\system32\wsxsvc\wsxsvc.exe
C:\WINNT\system32\pphur\kmjexvb.exe
C:\WINNT\system32\internat.exe
D:\Skype\Phone\Skype.exe
C:\PROGRA~1\COMMON~1\zkqm\zkqmm.exe
C:\PROGRA~1\COMMON~1\zkqm\zkqma.exe
C:\Programmi\VIA\RAID\raid_tool.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINNT\system32\igmstore.exe
C:\WINNT\system32\immxpand.exe
C:\Programmi\CxtPls\CxtPls.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
D:\hijack this\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcw.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Programmi\CxtPls\cxtpls.dll
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Programmi\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [LXBRKsk] C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [LaunchList] D:\Pinnacle Studio 9\LaunchList.exe
O4 - HKLM\..\Run: [bluestart] C:\\rraut.exe
O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\Gianka\Dati applicazioni\sgrunt\IE4321.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\quick time\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ohbauizm] c:\winnt\system32\ohbauizm.exe
O4 - HKLM\..\Run: [Bles] c:\windows\system\bles.exe
O4 - HKLM\..\Run: [antiware] C:\winnt\system32\elitetcr32.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINNT\system32\wintask.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINNT\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINNT\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [qmtph] C:\WINNT\system32\ojbdbvw\qmtph.exe
O4 - HKLM\..\Run: [yivr] C:\WINNT\system32\wahs\yivr.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [wluelw] C:\WINNT\system32\jevlw\wluelw.exe
O4 - HKLM\..\Run: [Dvx] C:\WINNT\system32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINNT\system32\exp.exe
O4 - HKLM\..\Run: [mcqeklo] C:\WINNT\system32\hlxn\mcqeklo.exe
O4 - HKLM\..\Run: [wqqpxy] C:\WINNT\system32\wuswbj\wqqpxy.exe
O4 - HKLM\..\Run: [dksuip] C:\WINNT\system32\mmpcw\dksuip.exe
O4 - HKLM\..\Run: [kmjexvb] C:\WINNT\system32\pphur\kmjexvb.exe
O4 - HKLM\..\Run: [mumxefiw] C:\WINNT\system32\kpdgfdm\mumxefiw.exe
O4 - HKLM\..\Run: [ucdv] C:\WINNT\system32\ymklvg\ucdv.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [x7mj3qQ] immxpand.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [gw5tRkc6V] igmstore.exe
O4 - HKCU\..\Run: [Skype] "D:\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [zkqm] C:\PROGRA~1\COMMON~1\zkqm\zkqmm.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programmi\VIA\RAID\raid_tool.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pcw.it
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F877F4E-1138-4F3A-AB54-40978C31CE57}: NameServer = 85.37.17.4 151.99.125.1
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINNT\isrvs\mfiltis.dll
O23 - Service: Adobe LM Service - Unknown - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Servizio amministrativo di Gestione disco logico - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InCD Helper - AHEAD Software - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Cryptainer service - Unknown - ssoftsrv.exe (file missing)
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
Torna in alto
 
Sponsor
Inviato: Tuesday, March 08, 2005 10:18:47 PM

 
Torna in alto
 
alfonso
Inviato: Tuesday, March 08, 2005 11:30:13 PM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Ciao,
il sistema e molto infetto, esegui queste operazioni

scarica i programmi AD-AWARE e SPYBOT da questo indirizzo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N
installali e aggiornali

poi riavvia il computer in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

e in modalità provvisoria fai ripetute scansioni con Adaware e Spybot e con un programma Antivirus

riavvia in modalità provvisoria e fai nuovamente le scansioni, fino a che questi programmi non eliminano tutti i problemi

quindi rimandami il log di Hijack da fare in modalità normale.

Collaboratore Aiutamici
Torna in alto
 
MRPauLBaD
Inviato: Tuesday, March 08, 2005 11:39:17 PM
Rank: Member

Iscritto dal : 3/6/2005
Posts: 0
Lo farò, comunque ti posso assicurare che avrò fatto mille scansioni con antivirus (ieri ne ho fatte 5, in un giorno solo!!!)e con adaware e spybot.
Rileva alcune cose,elimina. La rifaccio e stop. Una volta che riavvio è tutto daccapo e alcune cose non riesce proprio a eliminarle: faccio ripetutamente la scansione e tiene sempre le stesse cose.
Comunque provo anche a fare tutto in mod provvisoria poi ti dico e rimetto il .log.
Grazie, il vostro lavoro è lungo e pesante. Siete mitici!
Torna in alto
 
alfonso
Inviato: Wednesday, March 09, 2005 12:03:34 AM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Grazie per i complimenti.

Devi fare le scansioni in modalità provvisoria perché in questo modo non sono residenti in memoria e quindi non possono rigenerarsi, comunque dal log possiamo eliminare solo gli spyware, per eliminare i virus devi affidarti solo all'Antivirus, ma rimandami il log comunque, al limite ti faccio il listone dei file da eliminare.
Collaboratore Aiutamici
Torna in alto
 
MRPauLBaD
Inviato: Wednesday, March 09, 2005 7:47:41 PM
Rank: Member

Iscritto dal : 3/6/2005
Posts: 0
ok,ho avviato il pc in mod provvisosoria, ho fatto la scansione antivirus, scansione con S&D e adaware. Ora ho rifatto il .log....

Logfile of HijackThis v1.99.0
Scan saved at 19.39.27, on 09/03/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\Programmi\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\ssoftsrv.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\WINNT\system32\carpserv.exe
C:\Programmi\Lexmark 3100 Series\lxbrbmgr.exe
C:\Programmi\Lexmark 3100 Series\lxbrbmon.exe
C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
C:\WINNT\system32\rundll32.exe
C:\Programmi\Lexmark 3100 Series\lxbrcmon.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\ymklvg\ucdv.exe
C:\WINNT\system32\wsxsvc\wsxsvc.exe
C:\WINNT\system32\kpdgfdm\mumxefiw.exe
C:\WINNT\system32\pphur\kmjexvb.exe
C:\WINNT\system32\immxpand.exe
C:\WINNT\system32\internat.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\WINNT\system32\igmstore.exe
C:\PROGRA~1\COMMON~1\zkqm\zkqmm.exe
C:\Programmi\VIA\RAID\raid_tool.exe
C:\PROGRA~1\COMMON~1\zkqm\zkqma.exe
C:\Programmi\Internet Explorer\iexplore.exe
D:\hijack this\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcw.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Programmi\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [LXBRKsk] C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [LaunchList] D:\Pinnacle Studio 9\LaunchList.exe
O4 - HKLM\..\Run: [bluestart] C:\\rraut.exe
O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\Gianka\Dati applicazioni\sgrunt\IE4321.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\quick time\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ohbauizm] c:\winnt\system32\ohbauizm.exe
O4 - HKLM\..\Run: [Bles] c:\windows\system\bles.exe
O4 - HKLM\..\Run: [antiware] C:\winnt\system32\elitetcr32.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINNT\system32\wintask.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINNT\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINNT\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [qmtph] C:\WINNT\system32\ojbdbvw\qmtph.exe
O4 - HKLM\..\Run: [yivr] C:\WINNT\system32\wahs\yivr.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [wluelw] C:\WINNT\system32\jevlw\wluelw.exe
O4 - HKLM\..\Run: [Dvx] C:\WINNT\system32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINNT\system32\exp.exe
O4 - HKLM\..\Run: [mcqeklo] C:\WINNT\system32\hlxn\mcqeklo.exe
O4 - HKLM\..\Run: [wqqpxy] C:\WINNT\system32\wuswbj\wqqpxy.exe
O4 - HKLM\..\Run: [dksuip] C:\WINNT\system32\mmpcw\dksuip.exe
O4 - HKLM\..\Run: [kmjexvb] C:\WINNT\system32\pphur\kmjexvb.exe
O4 - HKLM\..\Run: [mumxefiw] C:\WINNT\system32\kpdgfdm\mumxefiw.exe
O4 - HKLM\..\Run: [ucdv] C:\WINNT\system32\ymklvg\ucdv.exe
O4 - HKLM\..\Run: [x7mj3qQ] immxpand.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [gw5tRkc6V] igmstore.exe
O4 - HKCU\..\Run: [Skype] "D:\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [zkqm] C:\PROGRA~1\COMMON~1\zkqm\zkqmm.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programmi\VIA\RAID\raid_tool.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pcw.it
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F877F4E-1138-4F3A-AB54-40978C31CE57}: NameServer = 85.37.17.4 151.99.125.1
O23 - Service: Adobe LM Service - Unknown - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Servizio amministrativo di Gestione disco logico - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InCD Helper - AHEAD Software - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Cryptainer service - Unknown - ssoftsrv.exe (file missing)
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe

Ecco, credo che comunque ci sia ancora qualcosina dentro (mi appaiono continuamente messaggi poput aperti con IE nonostante uso Mozilla), me lo puoi controllare?
Grazie per il vostro lavoro, siete grandi!
Torna in alto
 
alfonso
Inviato: Wednesday, March 09, 2005 10:14:13 PM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Ciao ,
esegui queste operazioni

riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono, (nel caso le righe da eliminare non compaiono in modalità provvisoria, eliminale dalla modalità normale e riavvia il computer).

==================================
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
-
O4 - HKLM\..\Run: [bluestart] C:\\rraut.exe
O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\Gianka\Dati applicazioni\sgrunt\IE4321.exe
-
O4 - HKLM\..\Run: [ohbauizm] c:\winnt\system32\ohbauizm.exe
O4 - HKLM\..\Run: [Bles] c:\windows\system\bles.exe
O4 - HKLM\..\Run: [antiware] C:\winnt\system32\elitetcr32.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINNT\system32\wintask.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINNT\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINNT\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [qmtph] C:\WINNT\system32\ojbdbvw\qmtph.exe
O4 - HKLM\..\Run: [yivr] C:\WINNT\system32\wahs\yivr.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [wluelw] C:\WINNT\system32\jevlw\wluelw.exe
O4 - HKLM\..\Run: [Dvx] C:\WINNT\system32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINNT\system32\exp.exe
O4 - HKLM\..\Run: [mcqeklo] C:\WINNT\system32\hlxn\mcqeklo.exe
O4 - HKLM\..\Run: [wqqpxy] C:\WINNT\system32\wuswbj\wqqpxy.exe
O4 - HKLM\..\Run: [dksuip] C:\WINNT\system32\mmpcw\dksuip.exe
O4 - HKLM\..\Run: [kmjexvb] C:\WINNT\system32\pphur\kmjexvb.exe
O4 - HKLM\..\Run: [mumxefiw] C:\WINNT\system32\kpdgfdm\mumxefiw.exe
O4 - HKLM\..\Run: [ucdv] C:\WINNT\system32\ymklvg\ucdv.exe
O4 - HKLM\..\Run: [x7mj3qQ] immxpand.exe
-
O4 - HKCU\..\Run: [gw5tRkc6V] igmstore.exe
-
O4 - HKCU\..\Run: [zkqm] C:\PROGRA~1\COMMON~1\zkqm\zkqmm.exe
-
O23 - Service: Cryptainer service - Unknown - ssoftsrv.exe (file missing)
==================================

Con la funzione TROVA di Windows, cerca ed elimina questi file,

==================================
rraut.exe
ohbauizm.exe
bles.exe
elitetcr32.exe
wintask.exe
exp.exe
immxpand.exe
igmstore.exe
ssoftsrv.exe
==================================

ELIMINA la cartella in rosso C:\Documents and Settings\Gianka\Dati applicazioni\<b><font color=red>sgrunt</b></font id=red>

ELIMINA la cartella in rosso C:\WINNT\<b><font color=red>isrvs\</b></font id=red>

ELIMINA la cartella in rosso C:\WINNT\system32\<b><font color=red>ojbdbvw</b></font id=red>

ELIMINA la cartella in rosso C:\WINNT\system32\<b><font color=red>wahs</b></font id=red>

ELIMINA la cartella in rosso C:\PROGRA~1\<b><font color=red>VBouncer</b></font id=red>

ELIMINA la cartella in rosso C:\WINNT\system32\<b><font color=red>jevlw</b></font id=red>

ELIMINA la cartella in rosso C:\WINNT\system32\<b><font color=red>wsxsvc</b></font id=red>

ELIMINA la cartella in rosso C:\WINNT\system32\<b><font color=red>hlxn</b></font id=red>

ELIMINA la cartella in rosso C:\WINNT\system32\<b><font color=red>wuswbj</b></font id=red>

ELIMINA la cartella in rosso C:\WINNT\system32\<b><font color=red>mmpcw</b></font id=red>

ELIMINA la cartella in rosso C:\WINNT\system32\<b><font color=red>pphur</b></font id=red>

ELIMINA la cartella in rosso C:\WINNT\system32\<b><font color=red>kpdgfdm</b></font id=red>

ELIMINA la cartella in rosso C:\WINNT\system32\<b><font color=red>ymklvg</b></font id=red>

ELIMINA la cartella in rosso C:\PROGRA~1\COMMON~1\<b><font color=red>zkqm</b></font id=red>

al termine utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

sempre in modalità provvisoria fai una scansione Antivirus.
Collaboratore Aiutamici
Torna in alto
 
MRPauLBaD
Inviato: Thursday, March 10, 2005 6:59:42 PM
Rank: Member

Iscritto dal : 3/6/2005
Posts: 0
ok, fatto tutto! Ora dal poco tempo che provo il pc mi sembra che va tutto bene!!!!
Grazie, grazie infitite per la disponibilità!
Torna in alto
 
alfonso
Inviato: Thursday, March 10, 2005 9:10:50 PM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Metti nuovamente il log cosi controlliamo se ci sono ancora pericoli.
Collaboratore Aiutamici
Torna in alto
 
MRPauLBaD
Inviato: Thursday, March 10, 2005 11:05:47 PM
Rank: Member

Iscritto dal : 3/6/2005
Posts: 0
Ora il pc mi va bene. Vediamo un po'...<img src=icon_smile.gif border=0 align=middle>

Logfile of HijackThis v1.99.0
Scan saved at 23.01.29, on 10/03/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\Programmi\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\WINNT\system32\carpserv.exe
C:\Programmi\Lexmark 3100 Series\lxbrbmgr.exe
C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
C:\Programmi\Lexmark 3100 Series\lxbrbmon.exe
C:\WINNT\system32\rundll32.exe
C:\Programmi\Lexmark 3100 Series\lxbrcmon.exe
C:\WINNT\system32\internat.exe
D:\Skype\Phone\Skype.exe
C:\Programmi\VIA\RAID\raid_tool.exe
D:\emulev0.45b-MorphXTv6 e successive\emule\emule.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Mozilla Firefox\firefox.exe
D:\hijack this\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcw.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Programmi\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [LXBRKsk] C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [LaunchList] D:\Pinnacle Studio 9\LaunchList.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\quick time\qttask.exe" -atboottime
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "D:\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programmi\VIA\RAID\raid_tool.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pcw.it
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F877F4E-1138-4F3A-AB54-40978C31CE57}: NameServer = 85.37.17.4 151.99.125.1
O23 - Service: Adobe LM Service - Unknown - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Servizio amministrativo di Gestione disco logico - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InCD Helper - AHEAD Software - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
Torna in alto
 
alfonso
Inviato: Friday, March 11, 2005 10:56:08 AM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Dash più bianco non si può <img src=icon_smile_big.gif border=0 align=middle>
Collaboratore Aiutamici
Torna in alto
 
MRPauLBaD
Inviato: Friday, March 11, 2005 4:00:16 PM
Rank: Member

Iscritto dal : 3/6/2005
Posts: 0
Ottimo! Grazie ancora!
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » .log hijackthis


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.