Condividi:        

Un PERICOLOSO INTRUSO in ACCESSO REMOTO

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Postdi Diegotto » 24/04/06 15:15

Ciao a tutti! Ho anch'io il pc letteralmente martoriato da questo intruso, e mi sta letteralmente facendo impazzire... Ecco, ho seguito grossolanamente le indicazioni, e questo è il mio LOG

Logfile of HijackThis v1.99.1
Scan saved at 16.15.00, on 24/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Arcade\PCMService.exe
C:\Programmi\Launch Manager\QtZgAcer.EXE
C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Programmi\Winamp\winampa.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\D-Tools\daemon.exe
C:\WINDOWS\system32\spoolsvc.exe
C:\Documents and Settings\Diego\Dati applicazioni\sgrunt\IE4321.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINDOWS\etb\pokapoka79.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programmi\acer\eRecovery\Monitor.exe
C:\WINDOWS\system32\sistray.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Acer\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skymasters.biz?301
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Programmi\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LManager] C:\Programmi\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P and now I post my Hijack log whining] C:\WINDOWS\system32\Civilization 4 crack.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [gcasServ] "C:\Programmi\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\system32\spoolsvc.exe
O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\Diego\Dati applicazioni\sgrunt\IE4321.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [System service79] C:\WINDOWS\etb\pokapoka79.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Eurobarre.lnk = ?
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.archiviosex.net
O15 - Trusted Zone: http://www.redfunny.com
O15 - Trusted Zone: http://www.sgrunt.biz
O15 - Trusted Zone: http://www.skymasters.biz
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe



Ora cosa devo fare?
Diegotto
Newbie
 
Post: 4
Iscritto il: 24/04/06 15:11

Sponsor
 

Postdi Kiaretta » 24/04/06 15:28

Perfetto allora sto tranquilla... Nei prossimi giorni con calma sistemo il problema di RIOservice perchè direi che oggi il mio cervello ha già dato abbastanza!

Eheh, mi sa che adesso che ho scoperto quest'ottimo forum, sentirete ancora parlare di me... :D :D
Grazie ancora a tutti!!!
Kia
Kiaretta
Utente Junior
 
Post: 38
Iscritto il: 24/04/06 07:39

Postdi fabrizius » 24/04/06 15:34

Ciao

-Scarica lo script per riparare la trusted zone <--->(tasto destro sul link e salvalo sul desktop)
-Scarica KillSgrunte fai uno scan
-Scarica questo tool per pokapoka
Adesso vai nel task manager (Ctrl+Alt+Del) e termina questo processo:
spoolsvc.exe
IE4321.exe--se c'é ancora
pokapoka79.exe

Adesso:
1/disattivare il ripristino configurazione di sistema
(Vai su Start--->tasto destro del mouse sull'icona Risorse del computer----> Proprietà.Nella sezione "Ripristino configurazione di sistema",spuntare "Disattiva Ripristino configurazione di sistema)
2/Assciurati di avere accesso a cartelle e file nascosti
(Pannello di controllo---> Opzioni Cartella ---> Visualizzazione--->metti la spunta su"visualizza file e cartelle nascoste"--->disattiva nascondi file e cartelle di sistema)
3/Avvia il computer in modalità provvisoria
(Riavviare il sistema--->Immediatamente al termine del caricamento del BIOS premere ripetutamente il tasto F8 fin quando non appare il menu Opzioni avanzate di Windows--->Vai su Modalità provvisoria e premi Invio).
-----------------------------------------------------------------------------
-Esegui lo script per riparare la Trusted Zone--->click con il tasto destro sul file .inf e seleziona Installa
-Fai lo scan con il tool Elite

Adesso con hijackthis fixa questi processi:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skymasters.biz?301
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P and now I post my Hijack log whining] C:\WINDOWS\system32\Civilization 4 crack.exe
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\system32\spoolsvc.exe
O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\Diego\Dati applicazioni\sgrunt\IE4321.exe
O4 - HKLM\..\Run: [System service79] C:\WINDOWS\etb\pokapoka79.exe
tutte le 015

Adesso cerca ed elimina questi file (potrebbero non esserci tutti)
C:\WINDOWS\system32\spoolsvc.exe
C:\Documents and Settings\Diego\Dati applicazioni\sgrunt\IE4321.exe-->>cartella
C:\WINDOWS\etb\pokapoka79.exe

Ora dai una ripulita ai files inutili,temp,cookie etc con Ccleaner
PS:prima di usarlo vai in opzioni--->avanzate e togli la spunta da:(elimina file solo se piu vecchi di 48 ore)

Riavvia in modalità normale,riattiva il ripristino e riposta un log aggiornato

PS:metti hijackthis in una cartella a lui dedicata
fabrizius
Utente Senior
 
Post: 1220
Iscritto il: 20/05/05 13:55

Postdi Diegotto » 24/04/06 16:02

Grazie mille!!

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skymasters.biz?301
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\system32\spoolsvc.exe
O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\Diego\Dati applicazioni\sgrunt\IE4321.exe
O4 - HKLM\..\Run: [System service79] C:\WINDOWS\etb\pokapoka79.exe
tutte le 015

Non me li ha trovati, non so!
Stessa cosa per IE4321 e pokapoka79!

Però il problema sembra essere scomparso... Questo è il log!
Logfile of HijackThis v1.99.1
Scan saved at 17.01.44, on 24/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Arcade\PCMService.exe
C:\Programmi\Launch Manager\QtZgAcer.EXE
C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Acer\eManager\anbmServ.exe
C:\Programmi\Microsoft AntiSpyware\gcasServ.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\D-Tools\daemon.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmi\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\acer\eRecovery\Monitor.exe
C:\WINDOWS\system32\sistray.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Messenger\msmsgs.exe
D:\HJ\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Programmi\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LManager] C:\Programmi\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [gcasServ] "C:\Programmi\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Eurobarre.lnk = ?
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
Diegotto
Newbie
 
Post: 4
Iscritto il: 24/04/06 15:11

Postdi fabrizius » 24/04/06 16:13

perfetto ;) ,hai fatto un ottimo lavoro,il log é uno specchio...

PS:per quelle voci 015 che non hai trovato é normale,le ha eliminate lo script....e invece le altre sono state eliminate dagli appositi programmi..
fabrizius
Utente Senior
 
Post: 1220
Iscritto il: 20/05/05 13:55

Postdi griever » 04/06/06 22:52

salve a tutti, grazie a voi sono finalmente (dopo mesi di convienza) a eliminare quel c***o di file ibm... ma ho trovato altri file ke devo eliminare visto che mi danno problemi e non so come fare ad eliminarli.. sono graditi suggerimenti e aiuti :D :D
griever
Newbie
 
Post: 4
Iscritto il: 04/06/06 22:48

Log

Postdi porcelain » 11/08/06 09:41

Logfile of HijackThis v1.99.1
Scan saved at 10.35.52, on 11/08/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\CMMPU.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMMI\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAMMI\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAMMI\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\ROCK.EXE
C:\PROGRAMMI\FREEPOPS\FREEPOPSD.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMMI\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\DOCUMENTI\VALERIA\COMPUTER\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F1 - win.ini: run=C:\WINDOWS\SYSTEM\cmmpu.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [rock] rock.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: FreePOPs.lnk = C:\Programmi\FreePOPs\freepopsd.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll


C'è qualcosa che non va???
Ho di nuovo il problema di strane connessioni che s'infiltrano
porcelain
Utente Junior
 
Post: 41
Iscritto il: 27/06/04 10:53

Postdi andorra24 » 11/08/06 09:54

Ciao porcelain, apri hijackthis, premi su ''open the misc tools section'', poi premi ''open process manager'', individua la voce indicata sotto e premi ''kill process'':

C:\WINDOWS\SYSTEM\ROCK.EXE

Poi vai in basso e premi il tasto back e subito dopo il tasto scan. Metti la spunta nella casellina accanto alla voce indicata sotto e premi ''fix checked'' :

O4 - HKLM\..\Run: [rock] rock.exe

Scarica killbox da qui:
http://www.bleepingcomputer.com/files/killbox.php
con killbox elimina il seguente file:
C:\WINDOWS\SYSTEM\ROCK.EXE
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Precedente

Torna a Sicurezza e Privacy


Topic correlati a "Un PERICOLOSO INTRUSO in ACCESSO REMOTO":


Chi c’è in linea

Visitano il forum: Nessuno e 32 ospiti

cron