Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Hijackthis Ecco un'altro disperato ! Opzioni
gisto
Inviato: Tuesday, April 05, 2005 11:29:30 AM
Rank: Member

Iscritto dal : 4/5/2005
Posts: 0
Su Win2000 con tutti gli aggiornamenti,Installai Alice , antivirus McAfee, Spyboot,AdAware,Sono rimasto scoperto 3 giorni da ZoneAlarm e ecco i risultati SONO DISPERATO
Se qualcuno mi aiuta .....

Logfile of HijackThis v1.99.1
Scan saved at 21.42.53, on 03/04/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Programmi\Network Associates\VirusScan\Avsynmgr.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\stisvc.exe
C:\Programmi\Network Associates\VirusScan\VsStat.exe
C:\Programmi\Network Associates\VirusScan\Vshwin32.exe
C:\Programmi\File comuni\Network Associates\McShield\Mcshield.exe
C:\Programmi\Network Associates\VirusScan\Avconsol.exe
C:\Programmi\Network Associates\VirusScan\Webscanx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Promon.exe
C:\Programmi\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programmi\QuickTime\qttask.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\WINNT\system32\gah95on6.exe
C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
C:\PROGRA~1\FILECO~1\ADAPTE~1\CreateCD\CREATE~1.EXE
C:\WINNT\system32\internat.exe
D:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tin.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nvappw] appNV.exe
O4 - HKLM\..\Run: [NVUpload] NVsload.exe
O4 - HKLM\..\Run: [Secure Microsoft Windows] integitor.exe
O4 - HKLM\..\Run: [Network Configurator] escfg32.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [vsadmin] smrs.exe
O4 - HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINNT\system32\gah95on6.exe
O4 - HKLM\..\Run: [ip] ip.exe
O4 - HKLM\..\Run: [AnyDVD] "C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKLM\..\Run: [fqfeqajw] C:\WINNT\SYSTEM32\epetypa.exe
O4 - HKLM\..\Run: [Comcast Network] C:\WINNT\SYSTEM32\getikap.exe
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [Ecat] yetenyve.exe
O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\FILECO~1\ADAPTE~1\CreateCD\CREATE~1.EXE -r
O4 - HKLM\..\RunServices: [Secure Microsoft Windows] integitor.exe
O4 - HKLM\..\RunServices: [SDKz0r] SDKc55rezzz2.exe
O4 - HKLM\..\RunServices: [Network Configurator] escfg32.exe
O4 - HKLM\..\RunServices: [vsadmin] smrs.exe
O4 - HKLM\..\RunServices: [ip] ip.exe
O4 - HKLM\..\RunServices: [Ecat] yetenyve.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [nvappw] appNV.exe
O4 - HKCU\..\Run: [Norton Antivirus CCDebug] CCSEVRT.exe
O4 - HKCU\..\Run: [NVUpload] NVsload.exe
O4 - HKCU\..\Run: [birelosit] ucilonyc.exe
O4 - HKCU\..\Run: [Ecat] yetenyve.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Programmi\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: fxjeq - Unknown owner - \\82.50.20.49\admin$\csrsvcs.exe" -service (file missing)
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: McShield - Unknown owner - C:\Programmi\File comuni\Network Associates\McShield\Mcshield.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
O23 - Service: Servizio Numero di serie per dispositivi multimediali portatili (WmdmPmSN) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)



Edited by - gisto on 04/05/2005 15:15:25
Sponsor
Inviato: Tuesday, April 05, 2005 11:29:30 AM

 
alfonso
Inviato: Tuesday, April 05, 2005 3:31:33 PM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Ciao ,
esegui queste operazioni

riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono, (nel caso le righe da eliminare non compaiono in modalità provvisoria, eliminale dalla modalità normale e riavvia il computer).

==================================
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
-
O4 - HKLM\..\Run: [nvappw] appNV.exe
O4 - HKLM\..\Run: [NVUpload] NVsload.exe
O4 - HKLM\..\Run: [Secure Microsoft Windows] integitor.exe
O4 - HKLM\..\Run: [Network Configurator] escfg32.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [vsadmin] smrs.exe
O4 - HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINNT\system32\gah95on6.exe
O4 - HKLM\..\Run: [ip] ip.exe
-
O4 - HKLM\..\Run: [fqfeqajw] C:\WINNT\SYSTEM32\epetypa.exe
O4 - HKLM\..\Run: [Comcast Network] C:\WINNT\SYSTEM32\getikap.exe
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [Ecat] yetenyve.exe
-
O4 - HKLM\..\RunServices: [Secure Microsoft Windows] integitor.exe
O4 - HKLM\..\RunServices: [SDKz0r] SDKc55rezzz2.exe
O4 - HKLM\..\RunServices: [Network Configurator] escfg32.exe
O4 - HKLM\..\RunServices: [vsadmin] smrs.exe
O4 - HKLM\..\RunServices: [ip] ip.exe
O4 - HKLM\..\RunServices: [Ecat] yetenyve.exe
-
O4 - HKCU\..\Run: [nvappw] appNV.exe
O4 - HKCU\..\Run: [Norton Antivirus CCDebug] CCSEVRT.exe
O4 - HKCU\..\Run: [NVUpload] NVsload.exe
O4 - HKCU\..\Run: [birelosit] ucilonyc.exe
O4 - HKCU\..\Run: [Ecat] yetenyve.exe
O4 - Startup: PowerReg Scheduler V3.exe
-
O23 - Service: fxjeq - Unknown owner - \\82.50.20.49\admin$\csrsvcs.exe" -service (file missing)
-
O23 - Service: Servizio Numero di serie per dispositivi multimediali portatili (WmdmPmSN) - Unknown owner - C:\WINNT\System32\svchost.exe (file missing)
==================================

Con la funzione TROVA di Windows, cerca ed elimina questi file,

==================================
appNV.exe
NVsload.exe
integitor.exe
escfg32.exe
MediaAccK.exe
smrs.exe
AdTools.exe
gah95on6.exe
ip.exe
epetypa.exe
getikap.exe
yetenyve.exe
SDKc55rezzz2.exe
CCSEVRT.exe
ucilonyc.exe
PowerReg Scheduler V3.exe
csrsvcs.exe
==================================

al termine utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

sempre in modalità provvisoria fai una scansione Antivirus.

Collaboratore Aiutamici
gisto
Inviato: Tuesday, April 05, 2005 4:16:51 PM
Rank: Member

Iscritto dal : 4/5/2005
Posts: 0
Grazie infinite !
stasera provo.
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.