Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Mi controllate il LOG di Hijack, per cortesia! Opzioni
alfiore
Inviato: Thursday, July 19, 2007 8:22:43 AM
Rank: Member

Iscritto dal : 9/6/2005
Posts: 1
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 02:59:48, on 19/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Ahead\InCD\InCD.exe
C:\Arquivos de programas\lg_fwupdate\fwupdate.exe
C:\WINDOWS\WinNT.exe
C:\WINDOWS\WinNT2.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Windowsupdate.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svhost.exe
c:\arquiv~1\intern~1\iexplore.exe
C:\WINDOWS\system32\bsyys.scr
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Arquivos de programas\Ares\Ares.exe
C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\bsyys.scr
C:\WINDOWS\WinNT.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\Microsoft Office\OFFICE11\POWERPNT.EXE
C:\Documents and Settings\Paulo\Meus documentos\Harry Potter\HiJackThis_v2.exe
C:\WINDOWS\explorer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\svchosts.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [InCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [WinNT] C:\WINDOWS\WinNT.exe
O4 - HKLM\..\Run: [WinNT2] C:\WINDOWS\WinNT2.exe
O4 - HKLM\..\Run: [Windowsupdate] C:\Arquivos de programas\Windowsupdate.exe
O4 - HKLM\..\Run: [Bore Locks Save Idle] C:\Documents and Settings\All Users\Dados de aplicativos\amen trust bore locks\Team locks.exe
O4 - HKLM\..\Run: [SymantecFilterCheck] C:\WINDOWS\system32\svhost.exe
O4 - HKLM\..\Run: [symanteccsysconf] C:\WINDOWS\system32\bsyys.scr
O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Steam] C:\Arquivos de programas\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [PowerBar] "C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [mpeg find] C:\DOCUME~1\Paulo\DADOSD~1\KNOBVG~1\COMP BOOK.exe
O4 - Global Startup: Windowsupdate.exe
O4 - Global Startup: svhost.exe
O4 - Global Startup: bsyys.scr
O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

--
End of file - 7014 bytes
Sponsor
Inviato: Thursday, July 19, 2007 8:22:43 AM

 
pidue
Inviato: Thursday, July 19, 2007 9:05:07 AM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
Allora, sperando che non mi sia sfuggito qualcosa (hai il computer leggermente disastrato), procedi come sotto indicato:

chiudi HijackThis in una cartella a lui dedicata (possibilmente non sul desktop), altrimenti perdi i backup;

<b>Disattiva il Ripristino configurazione di Sistema</b>: ------ > <b>procedura:</b>

<b>avvia in modalità provvisoria</b> ----- > <b>procedura:</b>

<b>rendi visibili le cartelle nascoste</b> ------ > <b>procedura</b>:
da Risorse del computer:
Strumenti >> Opzioni cartella >> visualizzazione;
metti la spunta su:
<i>Visualizza file e cartelle nascoste</i>;
togli la spunta da:
<i>Nascondi file protetti del sistema(consigliato)</i>


Avvia hijackthis, con tutte le applicazioni chiuse, premi su <b>Do a system scan only</b> , spunta ed elimina <b>(fix checked)</b> la seguente riga:


<font color=red>
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\svchosts.dll
O4 - HKLM\..\Run: [WinNT] C:\WINDOWS\WinNT.exe
O4 - HKLM\..\Run: [WinNT2] C:\WINDOWS\WinNT2.exe
O4 - HKLM\..\Run: [Windowsupdate] C:\Arquivos de programas\Windowsupdate.exe
O4 - HKLM\..\Run: [SymantecFilterCheck] C:\WINDOWS\system32\svhost.exe
O4 - HKLM\..\Run: [symanteccsysconf] C:\WINDOWS\system32\bsyys.scr
O4 - HKCU\..\Run: [mpeg find] C:\DOCUME~1\Paulo\DADOSD~1\KNOBVG~1\COMP BOOK.exe
O4 - Global Startup: Windowsupdate.exe
O4 - Global Startup: svhost.exe
O4 - Global Startup: bsyys.scr
</font id=red>




Con la funzione <b>cerca</b>, trova ed elimina i seguenti file in rosso:
___________________________________________
C:\WINDOWS\<font color=red>WinNT.exe</font id=red>
C:\WINDOWS\<font color=red>WinNT2.exe</font id=red>
C:\Arquivos de programas\<font color=red>Windowsupdate.exe</font id=red>
C:\WINDOWS\system32\<font color=red>svhost.exe</font id=red> ----- > non confonderlo con <b>svchost</b>, processo legittimo di Windows;
C:\WINDOWS\system32\<font color=red>bsyys.scr</font id=red>
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\<font color=red>bsyys.scr</font id=red>
C:\WINDOWS\<font color=red>svchosts.dll</font id=red>

_________________________________________


Da Start >> Esegui, incolla la stringa <b>%temp%</b> ed elimina tutti file della cartella temp;

segui il punto <b>1</b> al seguente link:
http://www.microsoft.com/italy/technet/community/mvp/editoriali/spyware.mspx

svuota il cestino;

riavvia il computer normalmente.

fai qui un controllo antivirus
http://www.bitdefender.com/it/

<b>Alla fine:</b>

rinascondi le cartelle di sistema;
riattiva il ripristino configurazione di sistema e, se tutto è a posto, creane uno nuovo.

Posta un log aggiornato.

<b>PS</b>

Dovresti installare un firewall, dal link sotto scarichi <font color=red>Zone Alarm</font id=red>, valido e gratuito.
http://www.aiutamici.com/software/descrizione.asp?CodSw=56


Edited by - pidue on 07/19/2007 09:07:47



Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.