controllo log - Sicurezza VIRUS

Benvenuto Ospite

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » controllo log

controllo log

Opzioni

Topic Precedente · Topic Sucessivo

webnight

Inviato: Monday, May 08, 2006 3:23:05 PM

Rank: Member

Iscritto dal : 2/18/2005
Posts: 0

ciao, ho riattivato un mio vecchio pc, vorrei sistemarlo, cominciare con una bella pulizia mi pare una ottima cosa.
Di seguito il file log.
Grazie mille

Logfile of HijackThis v1.99.1
Scan saved at 15.10.57, on 08/05/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\System32\cisvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\mqsvc.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINNT\TWAIN_32\D66U\D066UUTY.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\svchost.exe
C:\Documents and Settings\Administrator\Desktop\Pulizia PC\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://magicsearch.us/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://magicsearch.us/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://magicsearch.us/browser/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://magicsearch.us/browser/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://magicsearch.us/browser/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://magicsearch.us/browser/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://magicsearch.us/browser/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://www.iol.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [D066UUtility] C:\WINNT\TWAIN_32\D66U\D066UUTY.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: GStartup.lnk = C:\Programmi\File comuni\GMT\GMT.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &List Stylesheets - C:\WINNT\Web\CSS_Stylesheets.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {ffcd98a0-9e1a-11d5-aa62-e2dcf03ff459} - C:\WINNT\Web\CSS_Stylesheets.html
O9 - Extra 'Tools' menuitem: &List Stylesheets - {ffcd98a0-9e1a-11d5-aa62-e2dcf03ff459} - C:\WINNT\Web\CSS_Stylesheets.html
O12 - Plugin for .pdf: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.it
O16 - DPF: DigiChat Applet - http://host.digichat.com/DigiChat/DigiClasses/Client_IE.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {72FF22A1-8BF1-11D5-9A3D-000021506A27} (ShClass Class) - http://www.adult-women.com/AdServer/short.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://cam.strettowebcam.it:8080/activex/AxisCamControl.ocx
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C9B08199-657A-468D-A26B-692137572131} (FFHostContainer Class) - http://focusfocus.com/download/windows/ffhost.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4270/mcfscan.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Persits Software EmailAgent - Unknown owner - C:\Programmi\Persits Software\AspEmail\BIN\EmailAgent.exe" /run (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe

Torna in alto

Sponsor

Inviato: Monday, May 08, 2006 3:23:05 PM

Torna in alto

alfonso

Inviato: Monday, May 08, 2006 3:34:18 PM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132

Ciao ,
esegui queste operazioni

Riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono.

==================================
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://magicsearch.us/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://magicsearch.us/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://magicsearch.us/browser/
-
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://magicsearch.us/browser/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://magicsearch.us/browser/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://magicsearch.us/browser/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://magicsearch.us/browser/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://www.iol.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.1
-
O4 - Global Startup: GStartup.lnk = C:\Programmi\File comuni\GMT\GMT.exe
-
O8 - Extra context menu item: &List Stylesheets - C:\WINNT\Web\CSS_Stylesheets.html
-
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {ffcd98a0-9e1a-11d5-aa62-e2dcf03ff459} - C:\WINNT\Web\CSS_Stylesheets.html
O9 - Extra 'Tools' menuitem: &List Stylesheets - {ffcd98a0-9e1a-11d5-aa62-e2dcf03ff459} - C:\WINNT\Web\CSS_Stylesheets.html
-
O16 - DPF: DigiChat Applet - http://host.digichat.com/DigiChat/DigiClasses/Client_IE.cab
-
O16 - DPF: {72FF22A1-8BF1-11D5-9A3D-000021506A27} (ShClass Class) - http://www.adult-women.com/AdServer/short.cab
-
O16 - DPF: {C9B08199-657A-468D-A26B-692137572131} (FFHostContainer Class) - http://focusfocus.com/download/windows/ffhost.cab
-
O23 - Service: Persits Software EmailAgent - Unknown owner - C:\Programmi\Persits Software\AspEmail\BIN\EmailAgent.exe" /run (file missing)
==================================

ELIMINA LA CARTELLA IN ROSSO
==================================
C:\Programmi\File comuni\<font color=red><b>GMT</font id=red></b>
==================================

Vai a PANNELLO DI CONTROLLO e clicca su OPZIONI INTERNET
nella finestra che si apre clicca i tre pulsanti
ELIMINA COOKIES - ELIMINA FILE - CANCELLA CRONOOLOGIA

al termine utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

sempre in modalità provvisoria fai una scansione Antivirus

Nel sistema non é presente un Firewall, installa questo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=56

Utilizza questI programmI
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=1041
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=931
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=1223

Edited by - alfonso on 05/08/2006 15:37:36

Collaboratore Aiutamici

Torna in alto

Utenti presenti in questo topic

Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » controllo log

Salta al Forum

Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Invia topic via Email

RSS Feed

Watch this topic

Stampa topic

Normale

Threaded