Hijack this Approfondimento... - Sicurezza VIRUS - Aiutamici Forum

Aiutamici Forum

Benvenuto Ospite

Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Hijack this Approfondimento...

Hijack this Approfondimento...

Opzioni

Topic Precedente · Topic Sucessivo

tanzj

Inviato: Saturday, November 26, 2005 2:23:09 PM

Rank: Member

Iscritto dal : 3/6/2001
Posts: 0

Cari amici, avrei il grandissimo desiderio di riuscire ad acquisire conoscenze su questo fondamentale programma, e cioè come capire che cosa eliminare insomma gestire il programma.
vi sarei grato se parlate di come acquisire queste conoscenze
ciao Grazie gigi

Sponsor

Inviato: Saturday, November 26, 2005 2:23:09 PM

alfonso

Inviato: Monday, November 28, 2005 11:55:38 AM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132

Ciao Gigi

Il programma Hijack This non fa altro che elencare i processi attivi in un sistema

quando il programma ci rilascia la lista si deve controllare riga per riga tutti i programma in esecuzione, e qui é un bel casotto in quanto bisognerebbe conoscere nome per nome tutti i file EXE e DLL che esistano sul computer, praticamente é impossibile

allora si cerca i nomi di questi programmi nei motori di ricerca per vedere se quel programma é stato già catalogato come malware o é sano

ma anche cosi facendo esiste un margine di errore, alcuni file passati per malware sono buoni e viceversa, quindi per ogni file che si cerca nel motore bisogna fare più ricerche incrociate

Quando ho iniziato con l'aiutare gli amici con i LOG, impiegavo quasi un ora per ognuno, poi man mano, con l'esperienza go imparato a riconoscere i file comuni e quindi vado a cercare solo quelli che mi sono nuovi.

Se vuoi fare pratica, prendi qualche log a cui ho già risposto, e senza leggere la mia risposta, cerca di risolvere il problema, poi lo confronti con la mia risposta e ti rendi conto se sarai pronto oppure no.

Collaboratore Aiutamici

tanzj

Inviato: Monday, November 28, 2005 6:10:43 PM

Rank: Member

Iscritto dal : 3/6/2001
Posts: 0

ti ringrazio sei stato molto chiaro e l'idea di provare con i log che ti vengono inviati è ottima
grazie a presto

Redpeople

Inviato: Wednesday, November 30, 2005 1:53:00 AM

Rank: Member

Iscritto dal : 11/30/2005
Posts: 0

Salve ragazzi...avrei bisogno se qualcuno può aiutarmi di verificare quali dei files elencati nel log che genera hijack this mi crea un fastidioso problema di messageria istantanea ogni volta che sono collegato...e come devo proseguire per eliminare il tutto...
mispiace rompervi ma non ho grande esperienza e vi sarei grato se qualcuno mi rispondesse..(vi elenco i files che mi trova..)

Logfile of HijackThis v1.99.1
Scan saved at 1.42.43, on 30/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programmi\Creative\Mouse Optical\mouse_2k.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\KMaestro\KMaestro.exe
D:\Programmi\BlueSoleil\BlueSoleil.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
d:\Programmi\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\pctspk.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
d:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\Davide\IMPOST~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.repubblica.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\PROGRA~1\RXTOOL~1\sfcont.dll (file missing)
O2 - BHO: (no name) - {8E13DDE1-E013-47ec-9C4C-27C2F78BDD26} - C:\WINDOWS\System32\req.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [CreativeMouse ] C:\Programmi\Creative\Mouse Optical\mouse_2k.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "D:\Programmi\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [KeyMaestro] C:\KMaestro\KMaestro.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = D:\Programmi\Office\Office\OSA9.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\PROGRA~1\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\PROGRA~1\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBB73D33-6A24-41D0-A8F4-77A9583B55FD}: NameServer = 193.70.152.15 193.70.152.25
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\PROGRA~1\RXTOOL~1\sfcont.dll
O20 - Winlogon Notify: req - C:\WINDOWS\System32\req.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - d:\Programmi\BlueSoleil\BTNtService.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

Grazie ancora...

Redpeople

Inviato: Wednesday, November 30, 2005 1:54:40 AM

Rank: Member

Iscritto dal : 11/30/2005
Posts: 0

Salve...qualcuno sa indicarmi quale file devo eliminare e come ...dalla lista che genera hijack this?
Logfile of HijackThis v1.99.1
Scan saved at 1.42.43, on 30/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programmi\Creative\Mouse Optical\mouse_2k.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\KMaestro\KMaestro.exe
D:\Programmi\BlueSoleil\BlueSoleil.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
d:\Programmi\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\pctspk.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
d:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\Davide\IMPOST~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.repubblica.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\PROGRA~1\RXTOOL~1\sfcont.dll (file missing)
O2 - BHO: (no name) - {8E13DDE1-E013-47ec-9C4C-27C2F78BDD26} - C:\WINDOWS\System32\req.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [CreativeMouse ] C:\Programmi\Creative\Mouse Optical\mouse_2k.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "D:\Programmi\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [KeyMaestro] C:\KMaestro\KMaestro.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = D:\Programmi\Office\Office\OSA9.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\PROGRA~1\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\PROGRA~1\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBB73D33-6A24-41D0-A8F4-77A9583B55FD}: NameServer = 193.70.152.15 193.70.152.25
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\PROGRA~1\RXTOOL~1\sfcont.dll
O20 - Winlogon Notify: req - C:\WINDOWS\System32\req.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - d:\Programmi\BlueSoleil\BTNtService.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
ve ne sarei grato!!!

Redpeople

Inviato: Wednesday, November 30, 2005 2:00:43 AM

Rank: Member

Iscritto dal : 11/30/2005
Posts: 0

Salve...qualcuno sa indicarmi quale file devo eliminare e come ...dalla lista che genera hijack this?
Logfile of HijackThis v1.99.1
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
d:\Programmi\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\pctspk.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
d:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\Davide\IMPOST~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\PROGRA~1\RXTOOL~1\sfcont.dll (file missing)
O2 - BHO: (no name) - {8E13DDE1-E013-47ec-9C4C-27C2F78BDD26} - C:\WINDOWS\System32\req.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "D:\Programmi\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBB73D33-6A24-41D0-A8F4-77A9583B55FD}: NameServer = 193.70.152.15 193.70.152.25
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\PROGRA~1\RXTOOL~1\sfcont.dll
O20 - Winlogon Notify: req - C:\WINDOWS\System32\req.dll (file missing)
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
ve ne sarei veramente grato!!!

Redpeople

Inviato: Wednesday, November 30, 2005 2:02:01 AM

Rank: Member

Iscritto dal : 11/30/2005
Posts: 0

Salve...qualcuno sa indicarmi quale file devo eliminare e come ...dalla lista che genera hijack this?
Logfile of HijackThis v1.99.1
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
d:\Programmi\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\pctspk.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
d:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\Davide\IMPOST~1\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\PROGRA~1\RXTOOL~1\sfcont.dll (file missing)
O2 - BHO: (no name) - {8E13DDE1-E013-47ec-9C4C-27C2F78BDD26} - C:\WINDOWS\System32\req.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "D:\Programmi\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
HKLM\System\CCS\Services\Tcpip\..\{CBB73D33-6A24-41D0-A8F4-77A9583B55FD}: NameServer = 193.70.152.15 193.70.152.25
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\PROGRA~1\RXTOOL~1\sfcont.dll
O20 - Winlogon Notify: req - C:\WINDOWS\System32\req.dll (file missing)
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
ve ne sarei veramente grato!!!<font size=2></font id=size2>

Redpeople

Inviato: Wednesday, November 30, 2005 2:03:33 AM

Rank: Member

Iscritto dal : 11/30/2005
Posts: 0

Salve...qualcuno sa indicarmi quale file devo eliminare e come ...dalla lista che genera hijack this?
Logfile of HijackThis v1.99.1
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
d:\Programmi\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\pctspk.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
d:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\Davide\IMPOST~1\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\PROGRA~1\RXTOOL~1\sfcont.dll (file missing)
O2 - BHO: (no name) - {8E13DDE1-E013-47ec-9C4C-27C2F78BDD26} - C:\WINDOWS\System32\req.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "D:\Programmi\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
HKLM\System\CCS\Services\Tcpip\..\{CBB73D33-6A24-41D0-A8F4-77A9583B55FD}: NameServer = 193.70.152.15 193.70.152.25
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\PROGRA~1\RXTOOL~1\sfcont.dll
O20 - Winlogon Notify: req - C:\WINDOWS\System32\req.dll (file missing)
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe ve ne sarei veramente grato!!

Redpeople

Inviato: Wednesday, November 30, 2005 2:05:32 AM

Rank: Member

Iscritto dal : 11/30/2005
Posts: 0

Salve...qualcuno sa indicarmi quale file devo eliminare e come ...dalla lista che genera hijack this?
Logfile of HijackThis v1.99.1
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
Ve ne sarei molto grato!!
(non riesco a copiare l'intera lista...spero che i processi bastino per indiviaduare il prob!)
Grazie ancora

Redpeople

Inviato: Wednesday, November 30, 2005 2:07:39 AM

Rank: Member

Iscritto dal : 11/30/2005
Posts: 0

Salve...qualcuno sa indicarmi quale file devo eliminare e come ...dalla lista che genera hijack this?
Logfile of HijackThis v1.99.1
Running processes:C:\WINDOWS\System32 smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe Ve ne sarei molto grato!!(non riesco a copiare l'intera lista...spero che i processi bastino per indiviaduare il prob!)Grazie ancora

Redpeople

Inviato: Wednesday, November 30, 2005 2:09:47 AM

Rank: Member

Iscritto dal : 11/30/2005
Posts: 0

Ho ula lista immensa che nn riesco a dinserire nello spazio...come faccio a sapere quale file mi crea un prob di messaggeria istantania che mi compare ogni volta che mi collego? Vi ringrazio anticipatamente!

Redpeople

Inviato: Wednesday, November 30, 2005 2:11:29 AM

Rank: Member

Iscritto dal : 11/30/2005
Posts: 0

ops...mi dava errore ma in realtà inseriva il mio messaggio...scusatemi!!!!!

Utenti presenti in questo topic

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Hijack this Approfondimento...

Salta al Forum

Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS :

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.

Invia topic via Email

RSS Feed

Watch this topic

Stampa topic

Normale

Threaded