Condividi:        

Innominabile HJT

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Postdi BilloKenobi » 12/12/06 16:27

ha avuto buon fine ;)
Begun the Clone War has

Sì sì, mi hanno fatto redattore --- SuspectFile
BilloKenobi
Utente Senior
 
Post: 348
Iscritto il: 08/07/06 11:05

Sponsor
 

Postdi maxilsub » 12/12/06 16:56

Ti ringrazio per l'aiuto,
è necessario che ti posti un log di HJT?
Se la risposta è no, arrisentirci alla prossima.
maxilsub
Utente Junior
 
Post: 31
Iscritto il: 16/01/06 19:20
Località: Latina

Postdi BilloKenobi » 12/12/06 17:37

postarlo non fa male di certo ;)
Begun the Clone War has

Sì sì, mi hanno fatto redattore --- SuspectFile
BilloKenobi
Utente Senior
 
Post: 348
Iscritto il: 08/07/06 11:05

Postdi maxilsub » 13/12/06 10:54

Logfile of HijackThis v1.99.1
Scan saved at 10.48.54, on 13/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SOINTGR.EXE
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\DOCUME~1\PRINCI~1\IMPOST~1\Temp\Directory temporanea 2 per hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.maxsub.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aruba.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,"c:\windows\symantec-tool.exe",
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - Global Startup: LG SyncManager.lnk = C:\Documents and Settings\principale\Desktop\Collegamenti desktop inutilizzati\LGSyncManager.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aruba.it
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSIns ... p?LANG=ita
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 7161669765
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4A48BBA-CE88-4BFC-B7CF-FC8DF57B125E}: NameServer = 193.12.150.2 212.247.152.2
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WebDrk - Unknown owner - C:\Programmi\File comuni\Services\pBxw.exe (file missing)
maxilsub
Utente Junior
 
Post: 31
Iscritto il: 16/01/06 19:20
Località: Latina

Postdi Luke57 » 13/12/06 12:53

Ciao, apri hiajckthis, premi "do a system scan only", cerca e spunta:
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,"c:\windows\symantec-tool.exe",

premi fix checked.

Poi, riavvia Avenger come hai fatto le volte precedenti, inserisci il seguente script:

registry keys to delete:
HKEY_LOCAL_MACHINE\system\controlset003\services\WebDrk

files to delete:
c:\windows\symantec-tool.exe


Posta il log di Avenger.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi maxilsub » 13/12/06 19:25

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\gqnkfxuf

*******************

Script file located at: \??\C:\byoqagxe.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Registry key HKEY_LOCAL_MACHINE\system\controlset003\services\WebDrk deleted successfully.


File c:\windows\symantec-tool.exe not found!
Deletion of file c:\windows\symantec-tool.exe failed!

Could not process line:
c:\windows\symantec-tool.exe
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
maxilsub
Utente Junior
 
Post: 31
Iscritto il: 16/01/06 19:20
Località: Latina

Postdi BilloKenobi » 13/12/06 19:27

se hai fixato la R3, ora sei a posto :)
Begun the Clone War has

Sì sì, mi hanno fatto redattore --- SuspectFile
BilloKenobi
Utente Senior
 
Post: 348
Iscritto il: 08/07/06 11:05

Precedente

Torna a Sicurezza e Privacy

Chi c’è in linea

Visitano il forum: Nessuno e 119 ospiti