Home News Guide Hardware Download Forum Glossario

Condividi:        

Help

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Regole del forum
Rispondi al post

Help

Postdi ciube » 30/10/06 21:11

Mi analizzate il Log per favore stò pieno di schfezze. Grazie

Logfile of HijackThis v1.99.1
Scan saved at 21.05.45, on 30/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\ltmoh\Ltmoh.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\HP\hpcoretech\comp\hptskmgr.exe
C:\Programmi\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\SuperInstaller.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\SuperInstaller.exe
C:\WINDOWS\system32\msn_loader.exe
C:\WINDOWS\system32\msn_loader.exe
C:\WINDOWS\system32\msn_loader.exe
C:\WINDOWS\system32\msn_loader.exe
C:\WINDOWS\system32\msn_loader.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Utente\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.virgilio.it/free
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.ricercadoppia.com/behaviors/google
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\WINDOWS\DOWNLO~1\tbhelper.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: XBTBPos00 - {9EC0E71A-88BE-49AF-B690-7C032CDCE8B4} - C:\WINDOWS\DOWNLO~1\RICERC~1.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Ricerca Doppia - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - C:\WINDOWS\Downloaded Program Files\Ricercadoppia.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Programmi\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [fix] C:\WINDOWS\system32\thecat.exe
O4 - HKLM\..\Run: [MSMalwareKit] C:\WINDOWS\system32\MalwareRemover.exe
O4 - HKLM\..\Run: [Messenger] C:\WINDOWS\system32\msn_loader.exe
O4 - HKLM\..\Run: [MSGlobal] C:\WINDOWS\system32\Idro.exe
O4 - HKLM\..\Run: [MicrosoftFirewall] C:\WINDOWS\system32\MSFirewall.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\linewsrv.exe /run
O4 - HKCU\..\Run: [lateshow.exe] C:\WINDOWS\system32\lateshow.exe
O4 - HKCU\..\Run: [wke.exe] C:\WINDOWS\system32\wke.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Scadenziario.lnk = C:\Programmi\Tecnobit\Gestu\GExpiry.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {01E69986-A054-4C52-ABE8-EF63DF1C5211} (Ricerca Doppia) - http://www.cywanstorage.biz/SUPERINSTAL ... doppia.cab
O16 - DPF: {3F5E67E1-81E6-4487-BF6F-07941A080BAB} - http://www.cywanstorage.biz/SUPERINSTAL ... senger.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
ciube
Utente Junior
 
Post: 26
Iscritto il: 08/06/06 17:50
Top
Sponsor
 

Postdi andorra24 » 30/10/06 21:36

Ciao, hai parecchie infezioni nel pc purtroppo.

Apri hijackthis, premi su ''open the misc tools section'', poi premi ''open process manager'', individua le voci indicate sotto e premi ''kill process'':

C:\WINDOWS\Downloaded Program Files\CONFLICT.5\SuperInstaller.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\SuperInstaller.exe
C:\WINDOWS\system32\msn_loader.exe

Poi vai in basso e premi il tasto back e subito dopo il tasto scan. Metti la spunta nella casellina accanto alle voci indicate sotto e premi ''fix checked'' :

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.ricercadoppia.com/behaviors/google
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\WINDOWS\DOWNLO~1\tbhelper.dll
O2 - BHO: XBTBPos00 - {9EC0E71A-88BE-49AF-B690-7C032CDCE8B4} - C:\WINDOWS\DOWNLO~1\RICERC~1.DLL
O3 - Toolbar: Ricerca Doppia - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - C:\WINDOWS\Downloaded Program Files\Ricercadoppia.dll
O4 - HKLM\..\Run: [fix] C:\WINDOWS\system32\thecat.exe
O4 - HKLM\..\Run: [MSMalwareKit] C:\WINDOWS\system32\MalwareRemover.exe
O4 - HKLM\..\Run: [Messenger] C:\WINDOWS\system32\msn_loader.exe
O4 - HKLM\..\Run: [MSGlobal] C:\WINDOWS\system32\Idro.exe
O4 - HKLM\..\Run: [MicrosoftFirewall] C:\WINDOWS\system32\MSFirewall.exe
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\linewsrv.exe /run
O4 - HKCU\..\Run: [lateshow.exe] C:\WINDOWS\system32\lateshow.exe
O4 - HKCU\..\Run: [wke.exe] C:\WINDOWS\system32\wke.exe
O16 - DPF: {01E69986-A054-4C52-ABE8-EF63DF1C5211} (Ricerca Doppia) - http://www.cywanstorage.biz/SUPERINSTAL ... doppia.cab
O16 - DPF: {3F5E67E1-81E6-4487-BF6F-07941A080BAB} - http://www.cywanstorage.biz/SUPERINSTAL ... senger.exe

Vai su start/risorse del computer/strumenti/opzioni cartella/visualizzazione e metti la spunta su visualizza cartelle file nascosti e togli la spunta da ''nascondi i file protetti di sistema''.

Scarica killbox da qui: http://www.killbox.net/downloads/KillBox.exe
Elimina i seguenti files e cartelle:
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\SuperInstaller.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\SuperInstaller.exe
C:\WINDOWS\system32\msn_loader.exe
C:\WINDOWS\DOWNLO~1\RICERC~1.DLL
C:\WINDOWS\DOWNLO~1\tbhelper.dll
C:\WINDOWS\Downloaded Program Files\Ricercadoppia.dll
C:\WINDOWS\system32\thecat.exe
C:\WINDOWS\system32\MalwareRemover.exe
C:\WINDOWS\system32\Idro.exe
C:\WINDOWS\system32\MSFirewall.exe
C:\WINDOWS\system32\linewsrv.exe
C:\WINDOWS\system32\lateshow.exe
C:\WINDOWS\system32\wke.exe

Hai un grande bisogno di fare alcune scansioni antivirus/antispyware:
http://downloads.grisoft.cz/softw/70/fi ... 5.0.50.exe
http://www.bitdefender.com/scan8/ie.html
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo
Top
Rispondi al post

Torna a Sicurezza e Privacy

Chi c’è in linea

Visitano il forum: Nessuno e 37 ospiti