Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Analisi logfile di Hijackthis

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Analisi logfile di Hijackthis

Messaggioda paoLo.noWar » sab giu 25, 2005 12:26 pm

Vorrrei installare Messenger 7 e preferirei che fosse tutto a posto....chi mi ci dà un'occhiata?

G r A z I e !!!

paOLO

[afro]

Logfile of HijackThis v1.99.0
Scan saved at 13.08.20, on 25/06/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Programmi\AVPersonal\AVGUARD.EXE
C:\Programmi\AVPersonal\AVWUPSRV.EXE
C:\Programmi\FreePOPs\freepopsservice.exe
C:\Programmi\FreePOPs\freepopsd.exe
C:\Windows\System32\gearsec.exe
C:\Programmi\Canon\MultiPASS4\MPSERVIC.EXE
C:\Windows\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\atiptaxx.exe
C:\Programmi\Compaq\EAB\EabServr.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
C:\Windows\System32\YPager.EXE
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\SlipStream Web Accelerator\slipcore.exe
C:\Programmi\AVPersonal\AVGNT.EXE
C:\Windows\System32\ctfmon.exe
C:\Programmi\SlipStream Web Accelerator\slipgui.exe
C:\Documents and Settings\paOLO\Menu Avvio\Programmi\Esecuzione automatica\SmartClock.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Windows\System32\wuauclt.exe
C:\Programmi\^ file .EXE\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = NOT USED (OK)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.peacelink.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = NOT USED (OK)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = NOT USED (OK)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Programmi\SlipStream Web Accelerator\PBHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: SlipStream Web Accelerator - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Programmi\SlipStream Web Accelerator\Toolband.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe
O4 - HKLM\..\Run: [Omnipage] C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Yahoo Messenger] YPager.EXE
O4 - HKLM\..\Run: [zSPGuard] c:\programmi\pjw\spguard\spguard.exe /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmi\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SlipStream] "C:\Programmi\SlipStream Web Accelerator\slipcore.exe"
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programmi\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\RunServices: [ZipGenius Clean] "C:\Windows\zg.exe" -cleantemp
O4 - HKLM\..\RunServices: [Yahoo Messenger] YPager.EXE
O4 - HKLM\..\RunServices: [VSP32 Controls] vsp32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\Windows\System32\ctfmon.exe
O4 - HKCU\..\Run: [VSP32 Controls] vsp32.exe
O4 - HKCU\..\Run: [HLL Data Parameter] hllcxpa.exe
O4 - HKCU\..\RunServices: [HLL Data Parameter] hllcxpa.exe
O4 - Startup: SmartClock.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SlipStream Web Accelerator.lnk = C:\Programmi\SlipStream Web Accelerator\slipgui.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\trash.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\trash.exe (file missing) (HKCU)
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programmi\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programmi\AVPersonal\AVWUPSRV.EXE
O23 - Service: FreePOPs - Unknown - C:\Programmi\FreePOPs\freepopsservice.exe
O23 - Service: Provvedere al Servizio Sicurezza - GEAR Software - C:\Windows\System32\gearsec.exe
O23 - Service: Servizio iPod - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: MpService - Canon Inc. - C:\Programmi\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: TrueVector Internet Monitor - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[applauso]
Avatar utente
paoLo.noWar
Neo Iscritto
Neo Iscritto
 
Messaggi: 20
Iscritto il: sab set 20, 2003 10:16 am

Messaggioda Monkey13 » sab giu 25, 2005 12:34 pm

mi sembra tutto... ok! [:-D]
sentiamo gli altri...
"La civiltà ebbe inizio quando per la prima volta l'uomo scavò la terra e vi gettò un seme." Kahlil Gibran
Avatar utente
Monkey13
Bronze Member
Bronze Member
 
Messaggi: 545
Iscritto il: gio giu 23, 2005 8:35 pm
Località: Padova (Vigodarzere)

Messaggioda paoLo.noWar » sab giu 25, 2005 12:44 pm

...aspetto con fiducia altre ananlisi!

[8D]

p.
Avatar utente
paoLo.noWar
Neo Iscritto
Neo Iscritto
 
Messaggi: 20
Iscritto il: sab set 20, 2003 10:16 am


Messaggioda crazy.cat » sab giu 25, 2005 12:49 pm

Cancella queste righe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = NOT USED (OK)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = NOT USED (OK)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = NOT USED (OK)
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\trash.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\trash.exe (file missing) (HKCU)

E un paio di vermicelli ci sono, dalla modalità provvisoria, cancella le righe sotto e controlla che spariscano anche i file Exe indicati.

http://www.sophos.com/virusinfo/analyses/w32rbotva.html
O4 - HKLM\..\RunServices: [VSP32 Controls] vsp32.exe
O4 - HKCU\..\Run: [VSP32 Controls] vsp32.exe

http://es.trendmicro-europe.com/smb/vin ... M_RBOT.AFG
O4 - HKCU\..\Run: [HLL Data Parameter] hllcxpa.exe
O4 - HKCU\..\RunServices: [HLL Data Parameter] hllcxpa.exe

Scansione con Scangui dalla modalità provvisoria è consigliata.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda paoLo.noWar » dom giu 26, 2005 9:08 am

[8D]

ho appena installato messenger 7.0 insieme ad un plug-in e dopo aver eseguito i preziosi suggerimenti; questa adesso è la situazione:

Logfile of HijackThis v1.99.0
Scan saved at 10.01.03, on 26/06/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Programmi\AVPersonal\AVGUARD.EXE
C:\Programmi\AVPersonal\AVWUPSRV.EXE
C:\Programmi\FreePOPs\freepopsservice.exe
C:\Programmi\FreePOPs\freepopsd.exe
C:\Windows\System32\gearsec.exe
C:\Programmi\Canon\MultiPASS4\MPSERVIC.EXE
C:\Windows\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\wuauclt.exe
C:\Windows\System32\atiptaxx.exe
C:\Programmi\Compaq\EAB\EabServr.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
C:\Windows\System32\YPager.EXE
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\SlipStream Web Accelerator\slipcore.exe
C:\Programmi\AVPersonal\AVGNT.EXE
C:\Windows\System32\ctfmon.exe
C:\Programmi\SlipStream Web Accelerator\slipgui.exe
C:\Documents and Settings\paOLO\Menu Avvio\Programmi\Esecuzione automatica\SmartClock.exe
C:\Programmi\Canon\MultiPASS4\MPDBMgr.exe
C:\WINDOWS\System32\msiexec.exe
C:\Programmi\^ file .EXE\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.peacelink.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Programmi\SlipStream Web Accelerator\PBHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: SlipStream Web Accelerator - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Programmi\SlipStream Web Accelerator\Toolband.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe
O4 - HKLM\..\Run: [Omnipage] C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Yahoo Messenger] YPager.EXE
O4 - HKLM\..\Run: [zSPGuard] c:\programmi\pjw\spguard\spguard.exe /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmi\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SlipStream] "C:\Programmi\SlipStream Web Accelerator\slipcore.exe"
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programmi\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\RunServices: [ZipGenius Clean] "C:\Windows\zg.exe" -cleantemp
O4 - HKLM\..\RunServices: [Yahoo Messenger] YPager.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\Windows\System32\ctfmon.exe
O4 - Startup: SmartClock.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SlipStream Web Accelerator.lnk = C:\Programmi\SlipStream Web Accelerator\slipgui.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{368A6AD8-95CF-4CDC-9B8A-85295AFA5A2A}: NameServer = 213.234.128.211 213.234.132.130
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programmi\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programmi\AVPersonal\AVWUPSRV.EXE
O23 - Service: FreePOPs - Unknown - C:\Programmi\FreePOPs\freepopsservice.exe
O23 - Service: Provvedere al Servizio Sicurezza - GEAR Software - C:\Windows\System32\gearsec.exe
O23 - Service: Servizio iPod - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: MpService - Canon Inc. - C:\Programmi\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: TrueVector Internet Monitor - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Tutto da rifare??...

[afro]

paOLO
Avatar utente
paoLo.noWar
Neo Iscritto
Neo Iscritto
 
Messaggi: 20
Iscritto il: sab set 20, 2003 10:16 am

Messaggioda crazy.cat » dom giu 26, 2005 9:16 am

paoLo.noWar ha scritto:Tutto da rifare??...


No sei a posto per me.
Se non vedi tu dei problemi sul pc.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 3 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising