Condividi:        

MI CONTROLLATE LOG DI HIJACKTHIS PERFAVORE?

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

MI CONTROLLATE LOG DI HIJACKTHIS PERFAVORE?

Postdi bisciu » 19/01/07 11:12

POTETE PERFAVORE CONTROLLARE IL MIO LOG? PENSO CI SIANO ANCORA ALCUNE VOCI DA FIXARE. GRAZIE
bisciu
Utente Junior
 
Post: 66
Iscritto il: 19/01/07 11:07

Sponsor
 

Re: MI CONTROLLATE LOG DI HIJACKTHIS PERFAVORE?

Postdi bisciu » 19/01/07 11:14

bisciu ha scritto:POTETE PERFAVORE CONTROLLARE IL MIO LOG? PENSO CI SIANO ANCORA ALCUNE VOCI DA FIXARE. GRAZIE


Logfile of HijackThis v1.99.1
Scan saved at 11.19.52, on 19/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmi\IBM\Messages By IBM\ibmmessages.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Programmi\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programmi\ClamWin\bin\ClamTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\UTENTE01.W2K3\Documenti\Updater\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {751D5A0A-0EAD-ABB5-818A-86F85ED1905E} - C:\WINDOWS\njruk1.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [UC_Start] C:\Programmi\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ibmmessages] C:\Programmi\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Programmi\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Programmi\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [euoai] C:\Documents and Settings\UTENTE01.W2K3\Dati applicazioni\faretoraci\sysvmtrs.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Programmi\IBM\Messages By IBM\ibmmessages.exe
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8428616890
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = W2K3.local
O17 - HKLM\Software\..\Telephony: DomainName = W2K3.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{2AE3AA71-C942-44A4-9B23-F351A84CBA7D}: NameServer = 192.168.1.100,151.99.125.2,151.99.125.3
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = W2K3.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{2AE3AA71-C942-44A4-9B23-F351A84CBA7D}: NameServer = 192.168.1.100,151.99.125.2,151.99.125.3
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = W2K3.local
O17 - HKLM\System\CS2\Services\Tcpip\..\{2AE3AA71-C942-44A4-9B23-F351A84CBA7D}: NameServer = 192.168.1.100,151.99.125.2,151.99.125.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Programmi\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
bisciu
Utente Junior
 
Post: 66
Iscritto il: 19/01/07 11:07

Postdi Luke57 » 21/01/07 11:13

Ciao, scarica questi due tools:

http://www.prevx.com/gromozon.asp

Tool di rimozione della Symantec:
http://smallbiz.symantec.com/security_r ... 16-4153-99

Eseguili uno alla volta; disattiva il tuo antivirus durante la scansione.

Quello della prevx fa riavviare il computer e al riavvio viene completata la scansione, al termine della quale viene rilasciato un report che trovi in C:\Gromozon_Removal.log.

Poi esegui il tool della symantec (dalla modalità provvisoria; se
non sai come andarci, premi ripetutamente il tasto F8 all'accensione del computer prima che inizi a caricarsi windows; sulla schermata grigia che appare scegli modalità provvisoria spostandoti con le freccette e premendo invio).

Anche questo tool rilascia un rapporto della scansione nella cartella dove
hai messo il file (Fixlinkopt.log)

Posta i due report delle scansioni.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

risultati dei log

Postdi bisciu » 22/01/07 10:36

Dalla scansione con gromozon non appare nulla. Mentre vi riporto di seguito quella fatta con il tool della symantec:

Symantec Trojan.Linkoptimizer Removal Tool 1.0.8
Restored SeDebugPrivilege to Administrators group
service: UpdWea (logon as: .\ZiAbSWupCF, passed filters)
service: UpdWea (file path: C:\Programmi\File comuni\System\CTC.exe - infected)
file: C:\Programmi\File comuni\System\CTC.exe (deleted)
reg: ...\SYSTEM\CurrentControlSet\Services\UpdWea\Security (key deleted)
reg: ...\SYSTEM\CurrentControlSet\Services\UpdWea\Enum (key deleted)
reg: ...\SYSTEM\CurrentControlSet\Services\UpdWea (key deleted)
reg: ...\SpecialAccounts\UserList\ZiAbSWupCF (value deleted)
folder: \\?\C:\Documents and Settings\ZiAbSWupCF (deleted)
user: ZiAbSWupCF (deleted)


C:\WINDOWS\8.tmp: (deleted)
C:\WINDOWS\9.tmp: (deleted)
reg: ...\CLSID\{CA6EE128-EC66-360D-7097-AB022D6F44CD}\InprocServer32 (key deleted)
reg: ...\CLSID\{CA6EE128-EC66-360D-7097-AB022D6F44CD} (key deleted)
reg: ...\Internet Explorer\URLSearchHooks\{CA6EE128-EC66-360D-7097-AB022D6F44CD} (value deleted)
reg: ...\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6EE128-EC66-360D-7097-AB022D6F44CD} (key deleted)
C:\WINDOWS\njruk1.dll: (deleted)

Trojan.Linkoptimizer has been successfully removed from your computer!

Here is the report:

The total number of the scanned files: 52844
The number of deleted threat files: 4
The number of directories deleted: 1
The number of threat processes terminated: 0
The number of threat threads terminated: 0
The number of registry entries fixed: 8
The number of threat services removed: 1
The number of accounts disabled: 1

The tool initiated a system reboot.

registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (cleared)
bisciu
Utente Junior
 
Post: 66
Iscritto il: 19/01/07 11:07

Postdi Luke57 » 22/01/07 11:31

Ciao, esegui anche questi controlli:
1) Rendi visibili file e cartelle nascosti:
da risorse del computer>strumenti>Opzioni Cartella
Seleziona Visualizza
Spunta "mostra file e cartelle nascoste"
Togli la spunta da "nascondi file di sistema protetti (consigliato)"
Click Ok

Poi controlla nelle seguenti cartelle:
C\Programmi; C\Programmi\File comuni\system, C\Programmi\File comuni\Microsoft Share, C\Programmi\File comuni\Services, la presenza di files con estnsione .exe colorati di verde o comunque sospetti, se ci sono segnati il nome e percorso;

2) lancia questo comando:
start>esegui>lusrmgr.msc (lo digiti nello spazio)>OK
nella nova finestra apri la cartella Users e se trovi questa utenza:
ZiAbSWupCF
la evidenzi e la cancelli

3) Apri hiajckthis, premi open the misc tools section", "open uninstall manager", se trovi fra le applicazioni:
LinkOptimizer
-ConnectionService
-Power Verify
-StrongestGuard
-ConnectionKnight
-StrongestOptimizer
-SecurityOptimizer
-InternetOptimizer
-StrongestPaladin
-SecurityGuard
-InternerGuard
-InternetShield

le evidenzi e premi il tasto "delete this entry".
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi bisciu » 22/01/07 15:41

Ho eseguito tutti i controlli che mi hai segnalato e "'unica cosa"che ho trovato sono stati numerosi (circa 90) files con estensione .exe colorati di verde ( per esempio: aaw, AOY, Asl, aZB,ecc.).
Ti posto il log di hijackthis dopo aver eseguito tutti i controlli:

Logfile of HijackThis v1.99.1
Scan saved at 15.27.38, on 22/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmi\IBM\Messages By IBM\ibmmessages.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Programmi\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programmi\ClamWin\bin\ClamTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
F:\M32\Bin\M32.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\UTENTE01.W2K3\Documenti\Updater\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [UC_Start] C:\Programmi\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ibmmessages] C:\Programmi\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Programmi\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Programmi\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [euoai] C:\Documents and Settings\UTENTE01.W2K3\Dati applicazioni\faretoraci\sysvmtrs.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Programmi\IBM\Messages By IBM\ibmmessages.exe
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8428616890
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = W2K3.local
O17 - HKLM\Software\..\Telephony: DomainName = W2K3.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{2AE3AA71-C942-44A4-9B23-F351A84CBA7D}: NameServer = 192.168.1.100,151.99.125.2,151.99.125.3
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = W2K3.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{2AE3AA71-C942-44A4-9B23-F351A84CBA7D}: NameServer = 192.168.1.100,151.99.125.2,151.99.125.3
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = W2K3.local
O17 - HKLM\System\CS2\Services\Tcpip\..\{2AE3AA71-C942-44A4-9B23-F351A84CBA7D}: NameServer = 192.168.1.100,151.99.125.2,151.99.125.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Programmi\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
bisciu
Utente Junior
 
Post: 66
Iscritto il: 19/01/07 11:07

Postdi bisciu » 22/01/07 15:45

Hai notato che nell'ultimo log che ti ho inviato c'è una stringa contenente un riferimento a "CITOFARERA":

O4 - HKLM\..\Run: [euoai] C:\Documents and Settings\UTENTE01.W2K3\Dati applicazioni\faretoraci\sysvmtrs.exe

Cosa devo fare?Ho già eliminato la cartella corrispondente e tutto il resto.
bisciu
Utente Junior
 
Post: 66
Iscritto il: 19/01/07 11:07

Postdi bisciu » 22/01/07 15:57

Scusatemi se vi tempesto di domande ma ho appena notato un'applicazione strana denominata "errorsafefreeinstall_it" nella cartella C:\Documents and Settings\UTENTE01.W2K3\Dati applicazioni .
Inoltre ci sono 2 cartelle vuote di nome "Opera" e "Mozilla" sempre nella cartella "Dati applicazioni".
bisciu
Utente Junior
 
Post: 66
Iscritto il: 19/01/07 11:07

Postdi Luke57 » 22/01/07 16:15

Ciao, il fatto è che sei ancora invaso dalle schifezze.
scarica Systemscan da qua http://www.suspectfile.com/upload/files ... emscan.exe
Avvialo, spunta ogni opzione e clicca su "Scan now". Alla fine della scansione, ti verrà salvato un file chiamato report.txt su c:\suspectfile.
A questo punto vai su
http://www.mytempdir.com
carica, scegliendo Sfoglia e premendo Hostit, il file report.txt e copia e incolla in un post il link che apparirà per poterlo visionare
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi bisciu » 22/01/07 16:50

bisciu
Utente Junior
 
Post: 66
Iscritto il: 19/01/07 11:07

Postdi Luke57 » 22/01/07 17:55

Ciao, scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip
scompatta il file.zip
Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte in neretto:


Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | euoai

folders to delete:
C:\Documents and Settings\UTENTE01.W2K3\Dati applicazioni\faretoraci

Files to delete:
C:\Programmi\File comuni\System\aaW.exe
C:\Programmi\File comuni\System\AOY.exe
C:\Programmi\File comuni\System\Asl.exe
C:\Programmi\File comuni\System\aZB.exe
C:\Programmi\File comuni\System\baNXCZ.exe
C:\Programmi\File comuni\System\BHxg.exe
C:\Programmi\File comuni\System\BKN.exe
C:\Programmi\File comuni\System\bLx.exe
C:\Programmi\File comuni\System\BmJ.exe
C:\Programmi\File comuni\System\bNJ.exe
C:\Programmi\File comuni\System\bVRplg.exe
C:\Programmi\File comuni\System\CMi.exe
C:\Programmi\File comuni\System\CqC.exe
C:\Programmi\File comuni\System\cRS.exe
C:\Programmi\File comuni\System\CTl.exe
C:\Programmi\File comuni\System\CWI.exe
C:\Programmi\File comuni\System\ddU.exe
C:\Programmi\File comuni\System\DqY.exe
C:\Programmi\File comuni\System\dREOEx.exe
C:\Programmi\File comuni\System\drK.exe
C:\Programmi\File comuni\System\duA.exe
C:\Programmi\File comuni\System\dUL.exe
C:\Programmi\File comuni\System\dwD.exe
C:\Programmi\File comuni\System\dXS.exe
C:\Programmi\File comuni\System\EErqp.exe
C:\Programmi\File comuni\System\Ehspc.exe
C:\Programmi\File comuni\System\EMY.exe
C:\Programmi\File comuni\System\EOl.exe
C:\Programmi\File comuni\System\EQcH.exe
C:\Programmi\File comuni\System\ErPk.exe
C:\Programmi\File comuni\System\fdAQf.exe
C:\Programmi\File comuni\System\FDf.exe
C:\Programmi\File comuni\System\fEymfS.exe
C:\Programmi\File comuni\System\ffyA.exe
C:\Programmi\File comuni\System\FHf.exe
C:\Programmi\File comuni\System\fWj.exe
C:\Programmi\File comuni\System\fybCN.exe
C:\Programmi\File comuni\System\gFX.exe
C:\Programmi\File comuni\System\GnRdf.exe
C:\Programmi\File comuni\System\gqfClS.exe
C:\Programmi\File comuni\System\gsD.exe
C:\Programmi\File comuni\System\gXy.exe
C:\Programmi\File comuni\System\gzx.exe
C:\Programmi\File comuni\System\hJW.exe
C:\Programmi\File comuni\System\iCOBe.exe
C:\Programmi\File comuni\System\iKopnM.exe
C:\Programmi\File comuni\System\iNgmny.exe
C:\Programmi\File comuni\System\IrC.exe
C:\Programmi\File comuni\System\Jal.exe
C:\Programmi\File comuni\System\kXC.exe
C:\Programmi\File comuni\System\lFJ.exe
C:\Programmi\File comuni\System\lIZnqV.exe
C:\Programmi\File comuni\System\LKlG.exe
C:\Programmi\File comuni\System\LNz.exe
C:\Programmi\File comuni\System\LopVHp.exe
C:\Programmi\File comuni\System\LSTA.exe
C:\Programmi\File comuni\System\LTb.exe
C:\Programmi\File comuni\System\luA.exe
C:\Programmi\File comuni\System\LUDx.exe
C:\Programmi\File comuni\System\lyxlF.exe
C:\Programmi\File comuni\System\MKD.exe
C:\Programmi\File comuni\System\MvgYaO.exe
C:\Programmi\File comuni\System\mXR.exe
C:\Programmi\File comuni\System\NFsre.exe
C:\Programmi\File comuni\System\OJizJm.exe
C:\Programmi\File comuni\System\Otp.exe
C:\Programmi\File comuni\System\oxaO.exe
C:\Programmi\File comuni\System\PIHU.exe
C:\Programmi\File comuni\System\pnYO.exe
C:\Programmi\File comuni\System\ppf.exe
C:\Programmi\File comuni\System\PTp.exe
C:\Programmi\File comuni\System\pVzgFw.exe
C:\Programmi\File comuni\System\qbh.exe
C:\Programmi\File comuni\System\Qcc.exe
C:\Programmi\File comuni\System\qebK.exe
C:\Programmi\File comuni\System\QkO.exe
C:\Programmi\File comuni\System\QzBM.exe
C:\Programmi\File comuni\System\rJEDRA.exe
C:\Programmi\File comuni\System\RLXJ.exe
C:\Programmi\File comuni\System\rZc.exe
C:\Programmi\File comuni\System\sAQGG.exe
C:\Programmi\File comuni\System\sDDTN.exe
C:\Programmi\File comuni\System\SHO.exe
C:\Programmi\File comuni\System\SIEB.exe
C:\Programmi\File comuni\System\skLeTC.exe
C:\Programmi\File comuni\System\SyT.exe
C:\Programmi\File comuni\System\TrA.exe
C:\Programmi\File comuni\System\Tua.exe
C:\Programmi\File comuni\System\uFw.exe
C:\Programmi\File comuni\System\UOK.exe
C:\Programmi\File comuni\System\UXp.exe
C:\Programmi\File comuni\System\uYd.exe
C:\Programmi\File comuni\System\vBNtj.exe
C:\Programmi\File comuni\System\Vjs.exe
C:\Programmi\File comuni\System\vRh.exe
C:\Programmi\File comuni\System\vrP.exe
C:\Programmi\File comuni\System\VTqeiE.exe
C:\Programmi\File comuni\System\VTs.exe
C:\Programmi\File comuni\System\VyH.exe
C:\Programmi\File comuni\System\wdx.exe
C:\Programmi\File comuni\System\wFd.exe
C:\Programmi\File comuni\System\whb.exe
C:\Programmi\File comuni\System\WKI.exe
C:\Programmi\File comuni\System\Xbe.exe
C:\Programmi\File comuni\System\XEP.exe
C:\Programmi\File comuni\System\XKw.exe
C:\Programmi\File comuni\System\xON.exe
C:\Programmi\File comuni\System\yABSz.exe
C:\Programmi\File comuni\System\yMi.exe
C:\Programmi\File comuni\System\zse.exe



Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente

Posta il log di Avenger (C:/avenger.txt) con l´esito dello script
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi bisciu » 22/01/07 18:16

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\gegaxofi

*******************

Script file located at: \??\C:\Program Files\tswgfjaw.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Folder C:\Documents and Settings\UTENTE01.W2K3\Dati applicazioni\faretoraci not found!
Deletion of folder C:\Documents and Settings\UTENTE01.W2K3\Dati applicazioni\faretoraci failed!

Could not process line:
C:\Documents and Settings\UTENTE01.W2K3\Dati applicazioni\faretoraci
Status: 0xc0000034

File C:\Programmi\File comuni\System\aaW.exe deleted successfully.
File C:\Programmi\File comuni\System\AOY.exe deleted successfully.
File C:\Programmi\File comuni\System\Asl.exe deleted successfully.
File C:\Programmi\File comuni\System\aZB.exe deleted successfully.
File C:\Programmi\File comuni\System\baNXCZ.exe deleted successfully.
File C:\Programmi\File comuni\System\BHxg.exe deleted successfully.
File C:\Programmi\File comuni\System\BKN.exe deleted successfully.
File C:\Programmi\File comuni\System\bLx.exe deleted successfully.
File C:\Programmi\File comuni\System\BmJ.exe deleted successfully.
File C:\Programmi\File comuni\System\bNJ.exe deleted successfully.
File C:\Programmi\File comuni\System\bVRplg.exe deleted successfully.
File C:\Programmi\File comuni\System\CMi.exe deleted successfully.
File C:\Programmi\File comuni\System\CqC.exe deleted successfully.
File C:\Programmi\File comuni\System\cRS.exe deleted successfully.
File C:\Programmi\File comuni\System\CTl.exe deleted successfully.
File C:\Programmi\File comuni\System\CWI.exe deleted successfully.
File C:\Programmi\File comuni\System\ddU.exe deleted successfully.
File C:\Programmi\File comuni\System\DqY.exe deleted successfully.
File C:\Programmi\File comuni\System\dREOEx.exe deleted successfully.
File C:\Programmi\File comuni\System\drK.exe deleted successfully.
File C:\Programmi\File comuni\System\duA.exe deleted successfully.
File C:\Programmi\File comuni\System\dUL.exe deleted successfully.
File C:\Programmi\File comuni\System\dwD.exe deleted successfully.
File C:\Programmi\File comuni\System\dXS.exe deleted successfully.
File C:\Programmi\File comuni\System\EErqp.exe deleted successfully.
File C:\Programmi\File comuni\System\Ehspc.exe deleted successfully.
File C:\Programmi\File comuni\System\EMY.exe deleted successfully.
File C:\Programmi\File comuni\System\EOl.exe deleted successfully.
File C:\Programmi\File comuni\System\EQcH.exe deleted successfully.
File C:\Programmi\File comuni\System\ErPk.exe deleted successfully.
File C:\Programmi\File comuni\System\fdAQf.exe deleted successfully.
File C:\Programmi\File comuni\System\FDf.exe deleted successfully.
File C:\Programmi\File comuni\System\fEymfS.exe deleted successfully.
File C:\Programmi\File comuni\System\ffyA.exe deleted successfully.
File C:\Programmi\File comuni\System\FHf.exe deleted successfully.
File C:\Programmi\File comuni\System\fWj.exe deleted successfully.
File C:\Programmi\File comuni\System\fybCN.exe deleted successfully.
File C:\Programmi\File comuni\System\gFX.exe deleted successfully.
File C:\Programmi\File comuni\System\GnRdf.exe deleted successfully.
File C:\Programmi\File comuni\System\gqfClS.exe deleted successfully.
File C:\Programmi\File comuni\System\gsD.exe deleted successfully.
File C:\Programmi\File comuni\System\gXy.exe deleted successfully.
File C:\Programmi\File comuni\System\gzx.exe deleted successfully.
File C:\Programmi\File comuni\System\hJW.exe deleted successfully.
File C:\Programmi\File comuni\System\iCOBe.exe deleted successfully.
File C:\Programmi\File comuni\System\iKopnM.exe deleted successfully.
File C:\Programmi\File comuni\System\iNgmny.exe deleted successfully.
File C:\Programmi\File comuni\System\IrC.exe deleted successfully.
File C:\Programmi\File comuni\System\Jal.exe deleted successfully.
File C:\Programmi\File comuni\System\kXC.exe deleted successfully.
File C:\Programmi\File comuni\System\lFJ.exe deleted successfully.
File C:\Programmi\File comuni\System\lIZnqV.exe deleted successfully.
File C:\Programmi\File comuni\System\LKlG.exe deleted successfully.
File C:\Programmi\File comuni\System\LNz.exe deleted successfully.
File C:\Programmi\File comuni\System\LopVHp.exe deleted successfully.
File C:\Programmi\File comuni\System\LSTA.exe deleted successfully.
File C:\Programmi\File comuni\System\LTb.exe deleted successfully.
File C:\Programmi\File comuni\System\luA.exe deleted successfully.
File C:\Programmi\File comuni\System\LUDx.exe deleted successfully.
File C:\Programmi\File comuni\System\lyxlF.exe deleted successfully.
File C:\Programmi\File comuni\System\MKD.exe deleted successfully.
File C:\Programmi\File comuni\System\MvgYaO.exe deleted successfully.
File C:\Programmi\File comuni\System\mXR.exe deleted successfully.
File C:\Programmi\File comuni\System\NFsre.exe deleted successfully.
File C:\Programmi\File comuni\System\OJizJm.exe deleted successfully.
File C:\Programmi\File comuni\System\Otp.exe deleted successfully.
File C:\Programmi\File comuni\System\oxaO.exe deleted successfully.
File C:\Programmi\File comuni\System\PIHU.exe deleted successfully.
File C:\Programmi\File comuni\System\pnYO.exe deleted successfully.
File C:\Programmi\File comuni\System\ppf.exe deleted successfully.
File C:\Programmi\File comuni\System\PTp.exe deleted successfully.
File C:\Programmi\File comuni\System\pVzgFw.exe deleted successfully.
File C:\Programmi\File comuni\System\qbh.exe deleted successfully.
File C:\Programmi\File comuni\System\Qcc.exe deleted successfully.
File C:\Programmi\File comuni\System\qebK.exe deleted successfully.
File C:\Programmi\File comuni\System\QkO.exe deleted successfully.
File C:\Programmi\File comuni\System\QzBM.exe deleted successfully.
File C:\Programmi\File comuni\System\rJEDRA.exe deleted successfully.
File C:\Programmi\File comuni\System\RLXJ.exe deleted successfully.
File C:\Programmi\File comuni\System\rZc.exe deleted successfully.
File C:\Programmi\File comuni\System\sAQGG.exe deleted successfully.
File C:\Programmi\File comuni\System\sDDTN.exe deleted successfully.
File C:\Programmi\File comuni\System\SHO.exe deleted successfully.
File C:\Programmi\File comuni\System\SIEB.exe deleted successfully.
File C:\Programmi\File comuni\System\skLeTC.exe deleted successfully.
File C:\Programmi\File comuni\System\SyT.exe deleted successfully.
File C:\Programmi\File comuni\System\TrA.exe deleted successfully.
File C:\Programmi\File comuni\System\Tua.exe deleted successfully.
File C:\Programmi\File comuni\System\uFw.exe deleted successfully.
File C:\Programmi\File comuni\System\UOK.exe deleted successfully.
File C:\Programmi\File comuni\System\UXp.exe deleted successfully.
File C:\Programmi\File comuni\System\uYd.exe deleted successfully.
File C:\Programmi\File comuni\System\vBNtj.exe deleted successfully.
File C:\Programmi\File comuni\System\Vjs.exe deleted successfully.
File C:\Programmi\File comuni\System\vRh.exe deleted successfully.
File C:\Programmi\File comuni\System\vrP.exe deleted successfully.
File C:\Programmi\File comuni\System\VTqeiE.exe deleted successfully.
File C:\Programmi\File comuni\System\VTs.exe deleted successfully.
File C:\Programmi\File comuni\System\VyH.exe deleted successfully.
File C:\Programmi\File comuni\System\wdx.exe deleted successfully.
File C:\Programmi\File comuni\System\wFd.exe deleted successfully.
File C:\Programmi\File comuni\System\whb.exe deleted successfully.
File C:\Programmi\File comuni\System\WKI.exe deleted successfully.
File C:\Programmi\File comuni\System\Xbe.exe deleted successfully.
File C:\Programmi\File comuni\System\XEP.exe deleted successfully.
File C:\Programmi\File comuni\System\XKw.exe deleted successfully.
File C:\Programmi\File comuni\System\xON.exe deleted successfully.
File C:\Programmi\File comuni\System\yABSz.exe deleted successfully.
File C:\Programmi\File comuni\System\yMi.exe deleted successfully.
File C:\Programmi\File comuni\System\zse.exe deleted successfully.


Could not get size of registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs
Replacement with dummy of registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs failed!
Status: 0xc0000034

Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|euoai deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

-------------------------------------------------------------------------------------

Ho notato che non riesce a trovare il folder "faretoraci", forse perchè lo avevo eliminato con hijack e killbox non poco tempo fa.

P.s. mi rimane sempre il file "errorsafefreeinstall_it" nella cartella C:\Documents and Settings\UTENTE01.W2K3\Dati applicazioni.Cosa faccio? Provo a cancellarlo con killbox manualmente?
bisciu
Utente Junior
 
Post: 66
Iscritto il: 19/01/07 11:07

ANCORA VIRUS???

Postdi bisciu » 23/01/07 14:52

VI POSTO IL LOG FATTO CON CLAMWIN ANTIVIRUS E CON HIJACKTHIS.IL LOG DI CLAMWIN INDICA DEI VIRUS. COME DEVO PROCEDERE?

Scan started: Tue Jan 23 12:31:22 2007


C:\!KillBox\loaderadv527.jar-4ad6d488-1508f2e8: Java.ClassLoader.24564 FOUND

C:\Documents and Settings\UTENTE01.W2K3\.jpi_cache\jar\1.0\loaderadv527.jar-4ad6d488-4c862804.zip: Java.ClassLoader.24564 FOUND

C:\Documents and Settings\UTENTE01.W2K3\Impostazioni locali\Temporary Internet Files\Content.IE5\4J77Q8XH\popup[1].htm: Trojan.Clicker.HTML.Agent FOUND

C:\Documents and Settings\UTENTE01.W2K3\Impostazioni locali\Temporary Internet Files\Content.IE5\8LQN4HMR\popup[1].htm: Trojan.Clicker.HTML.Agent FOUND

C:\Documents and Settings\UTENTE01.W2K3\Impostazioni locali\Temporary Internet Files\Content.IE5\RIWNNX0H\popup[1].htm: Trojan.Clicker.HTML.Agent FOUND

C:\Documents and Settings\UTENTE01.W2K3\Impostazioni locali\Temporary Internet Files\Content.IE5\RIWNNX0H\popup[2].htm: Trojan.Clicker.HTML.Agent FOUND

C:\WINDOWS\Downloaded Program Files\AUTO_340N.exe: Trojan.Startpage-417 FOUND

-- summary --

Known viruses: 87302

Engine version: 0.88.7

Scanned directories: 4400

Scanned files: 54804

Infected files: 7



Data scanned: 12522.84 MB

Time: 8203.286 sec (136 m 43 s)

--------------------------------------

Completed

--------------------------------------


Logfile of HijackThis v1.99.1
Scan saved at 14.54.13, on 23/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmi\IBM\Messages By IBM\ibmmessages.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Programmi\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programmi\ClamWin\bin\ClamTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Programmi\Internet Explorer\iexplore.exe
F:\M32\Bin\M32.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\UTENTE01.W2K3\Documenti\Updater\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [UC_Start] C:\Programmi\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ibmmessages] C:\Programmi\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Programmi\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Programmi\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Programmi\IBM\Messages By IBM\ibmmessages.exe
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8428616890
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = W2K3.local
O17 - HKLM\Software\..\Telephony: DomainName = W2K3.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{2AE3AA71-C942-44A4-9B23-F351A84CBA7D}: NameServer = 192.168.1.100,151.99.125.2,151.99.125.3
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = W2K3.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{2AE3AA71-C942-44A4-9B23-F351A84CBA7D}: NameServer = 192.168.1.100,151.99.125.2,151.99.125.3
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = W2K3.local
O17 - HKLM\System\CS2\Services\Tcpip\..\{2AE3AA71-C942-44A4-9B23-F351A84CBA7D}: NameServer = 192.168.1.100,151.99.125.2,151.99.125.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Programmi\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
bisciu
Utente Junior
 
Post: 66
Iscritto il: 19/01/07 11:07

vi prego,mi controllate sto log?fatemi sapere!!GRAZIE

Postdi headbanger85 » 23/01/07 15:33

Logfile of HijackThis v1.99.1
Scan saved at 15.16.40, on 23/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\HP\QuickPlay\QPService.exe
C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Programmi\HP\Digital Imaging\bin\hpotdd01.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\intern~1\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
C:\DOCUME~1\HEADBA~1\IMPOST~1\Temp\Rar$EX00.671\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://register.hp.com/servlet/WebReg. ... prodOS=011
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Programmi\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\Aethra\ADSL EB1070 USB\CnxTrApp.dll",AppEntry -REG "Aethra\ADSL EB1070 USB"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmi\HP\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [title corn anti 16] C:\Documents and Settings\All Users\Dati applicazioni\Eggs Gram Title Corn\build bait.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [JunkAtom] C:\DOCUME~1\HEADBA~1\DATIAP~1\DEBUGT~1\That Free.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio rapido HP Photosmart Premier.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://skullcrack.spaces.live.com//Phot ... nPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
headbanger85
Newbie
 
Post: 1
Iscritto il: 23/01/07 15:29


Torna a Sicurezza e Privacy


Topic correlati a "MI CONTROLLATE LOG DI HIJACKTHIS PERFAVORE?":

Analisi log HijackThis
Autore: Sanko
Forum: Sicurezza e Privacy
Risposte: 4
Pc lento e Hijackthis
Autore: Flopez
Forum: Assistenza Hardware
Risposte: 3
HijackThis
Autore: franco58
Forum: Sistemi Operativi Windows
Risposte: 0

Chi c’è in linea

Visitano il forum: Nessuno e 86 ospiti