Condividi:        

- Log HJT -

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

- Log HJT -

Postdi Airnorth » 26/10/07 23:35

Vi posto il log di HJT di un mio amico.

Qualcuno può controllarlo? Grazie mille! Confido in voi! ;)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0.31.47, on 27/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
C:\Programmi\Netropa\Multimedia Keyboard\nhksrv.exe
C:\windows\system32\nvsvc32.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\windows\System32\alg.exe
C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmi\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\windows\system32\RUNDLL32.EXE
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
C:\windows\system32\ctfmon.exe
C:\Programmi\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Programmi\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
C:\Programmi\Netropa\Onscreen Display\OSD.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\windows\system32\svchost.exe
C:\windows\system32\rundll32.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\windows\explorer.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Alwil Software\Avast4\ashSimpl.exe
C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe
C:\Programmi\True Sword 4\TrueSword4.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WINCINEMAMGR] C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Programmi\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Programmi\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [74eb0e77] rundll32.exe "C:\windows\system32\taxmqyrs.dll",sitypnow
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Programmi\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: *.archiviosex.net
O15 - Trusted Zone: *.eros-porno
O15 - Trusted Zone: *.otherchance.com
O15 - Trusted Zone: *.videopornazzi.com
O15 - Trusted Zone: *.whatsnew.name
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9281898558
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F69508D-2DE2-42E8-85A0-DFCA5A9028BA}: NameServer = 85.255.116.34,85.255.112.231
O17 - HKLM\System\CCS\Services\Tcpip\..\{649A7D36-0E78-42CA-B7A6-C12BE17E1E61}: NameServer = 85.255.116.34,85.255.112.231
O17 - HKLM\System\CCS\Services\Tcpip\..\{B39F1CA6-538D-4FCB-80C4-F009F9EDFDAF}: NameServer = 85.255.116.34,85.255.112.231
O17 - HKLM\System\CCS\Services\Tcpip\..\{D08EDC42-E8F8-4A3F-9D56-421B4F94E45F}: NameServer = 85.255.116.34,85.255.112.231
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.34 85.255.112.231
O17 - HKLM\System\CS1\Services\Tcpip\..\{5F69508D-2DE2-42E8-85A0-DFCA5A9028BA}: NameServer = 85.255.116.34,85.255.112.231
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.34 85.255.112.231
O17 - HKLM\System\CS2\Services\Tcpip\..\{5F69508D-2DE2-42E8-85A0-DFCA5A9028BA}: NameServer = 85.255.116.34,85.255.112.231
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.34 85.255.112.231
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Programmi\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 8683 bytes
Avatar utente
Airnorth
Utente Senior
 
Post: 169
Iscritto il: 05/02/06 21:04

Sponsor
 

Postdi Airnorth » 28/10/07 13:02

Up :)
Avatar utente
Airnorth
Utente Senior
 
Post: 169
Iscritto il: 05/02/06 21:04

Postdi Luke57 » 28/10/07 18:27

Airnorth ha scritto:Up :)

Ciao, per il tuo amico:
Scarica Ccleaner
http://download.piriform.com/ccsetup201.exe
Avvia l'installazione
Se non la vuoi, deseleziona la toolbar di Yahoo quando avvi l'installazione, finita l'installazione,apri Ccleaner,clicca su "Impostazioni">Avanzate" togli la spunta dalla casella "Cancella file in windows temp solo se + vecchi di 48 ore" .

Scarica deldomains sul desktop da qui:DelDomains http://www.mvps.org/winhelp2002/DelDomains.inf

A questo punto apri hijackthis, premi "do a system scan only", cerchi e spunti le voci seguenti:
O4 - HKLM\..\Run: [74eb0e77] rundll32.exe "C:\windows\system32\taxmqyrs.dll",sitypnow
O15 - Trusted Zone: *.archiviosex.net
O15 - Trusted Zone: *.eros-porno
O15 - Trusted Zone: *.otherchance.com
O15 - Trusted Zone: *.videopornazzi.com
O15 - Trusted Zone: *.whatsnew.name
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F69508D-2DE2-42E8-85A0-DFCA5A9028BA}: NameServer = 85.255.116.34,85.255.112.231
O17 - HKLM\System\CCS\Services\Tcpip\..\{649A7D36-0E78-42CA-B7A6-C12BE17E1E61}: NameServer = 85.255.116.34,85.255.112.231
O17 - HKLM\System\CCS\Services\Tcpip\..\{B39F1CA6-538D-4FCB-80C4-F009F9EDFDAF}: NameServer = 85.255.116.34,85.255.112.231
O17 - HKLM\System\CCS\Services\Tcpip\..\{D08EDC42-E8F8-4A3F-9D56-421B4F94E45F}: NameServer = 85.255.116.34,85.255.112.231
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.34 85.255.112.231
O17 - HKLM\System\CS1\Services\Tcpip\..\{5F69508D-2DE2-42E8-85A0-DFCA5A9028BA}: NameServer = 85.255.116.34,85.255.112.231
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.34 85.255.112.231
O17 - HKLM\System\CS2\Services\Tcpip\..\{5F69508D-2DE2-42E8-85A0-DFCA5A9028BA}: NameServer = 85.255.116.34,85.255.112.231
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.34 85.255.112.231

premi fix checked.

Riavvia in modalità provvisoria (premendo ripetutamente il tasto f8 all'accensione del computer prima che si carichi windows. Nella schermata grigia che appare, scegli mod.provvisoria spostandoti con le freccette e confermando con invio.).
Cerca ed elimina il seguente file, se presente:
C:\windows\system32\taxmqyrs.dll

Con il tasto dx del mouse click su deldomains.inf e scegli Installa (fa tutto da sè)

Apri ccleaner e clicca su "Avvia pulizia" attendi la fine della pulizia e riavvia il pc.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10


Torna a Sicurezza e Privacy

Chi c’è in linea

Visitano il forum: Nessuno e 110 ospiti