Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

log hjiack

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

log hjiack

Messaggioda greenday84 » ven giu 30, 2006 4:27 pm

E' un paio di giorni che non mi funziona piu il firewall (sygate) e l'antivirus non riesce ad aggiornarsi (avast).


Provo a postare il log di hjacthis per vedere se c'è qualcosa di anormale :


ogfile of HijackThis v1.98.0
Scan saved at 17.22.03, on 30/06/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Executive Software\DiskeeperLite\DKService.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\windows\System32\nvsvc32.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\S4TSR.EXE
C:\windows\System32\GSICON.EXE
C:\windows\System32\dslagent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\ICQLite\ICQLite.exe
C:\PROGRA~1\FREESP~1\SpyWatcher.exe
C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\windows\System32\wuauclt.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Alwil Software\Avast4\setup\avast.setup
C:\Documents and Settings\alle\Desktop\jjj\huhu\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DisableEHCI] C:\WINDOWS\S4TSR.EXE
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programmi\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Spy Watcher] "C:\PROGRA~1\FREESP~1\SpyWatcher.exe" -S
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programmi\ICQLite\ICQLite.exe -trayboot
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {1EDF25DE-DFB2-40CA-AA83-30AE7DA8C203} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/A ... ngctrl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 6740738285
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{64B442C3-1E3C-4B47-A801-DF9F614CACA9}: NameServer = 85.37.17.10 85.38.28.86
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll"
Memento audere semper
Avatar utente
greenday84
Aficionado
Aficionado
 
Messaggi: 61
Iscritto il: mer ott 13, 2004 5:50 pm

Messaggioda crazy.cat » ven giu 30, 2006 4:35 pm

Carica questo file su www.virustotal.com e vedi cosa dicono sia
O4 - HKLM\..\Run: [DisableEHCI] C:\WINDOWS\S4TSR.EXE

Scarica hijackthis più aggiornato, lo trovi nella nostra sezione dei download e rifai il log e poi ci dici anche il risultato di quel file.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda greenday84 » ven giu 30, 2006 4:42 pm

ogfile of HijackThis v1.99.1
Scan saved at 17.37.05, on 30/06/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Executive Software\DiskeeperLite\DKService.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\windows\System32\nvsvc32.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\S4TSR.EXE
C:\windows\System32\GSICON.EXE
C:\windows\System32\dslagent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\ICQLite\ICQLite.exe
C:\PROGRA~1\FREESP~1\SpyWatcher.exe
C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Alwil Software\Avast4\setup\avast.setup
C:\Documents and Settings\alle\Desktop\hijackthis-1\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DisableEHCI] C:\WINDOWS\S4TSR.EXE
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programmi\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Spy Watcher] "C:\PROGRA~1\FREESP~1\SpyWatcher.exe" -S
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programmi\ICQLite\ICQLite.exe -trayboot
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {1EDF25DE-DFB2-40CA-AA83-30AE7DA8C203} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/A ... ngctrl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 6740738285
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{64B442C3-1E3C-4B47-A801-DF9F614CACA9}: NameServer = 85.37.17.10 85.38.28.86
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmi\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe
Memento audere semper
Avatar utente
greenday84
Aficionado
Aficionado
 
Messaggi: 61
Iscritto il: mer ott 13, 2004 5:50 pm


Messaggioda crazy.cat » ven giu 30, 2006 5:04 pm

Il log è pulito ed anche quel file, dovrebbe essere collegato alla ta scheda madre.

Prova a fare uno scan online sul sito della kaspersky così vedi di preciso se è un problem di virus.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda greenday84 » ven giu 30, 2006 5:58 pm

Ho controllato ma non ci sono virus.

Cos'altro puo essere?

Ho notato che non mi fa aggiornare nemmeno spybot
Memento audere semper
Avatar utente
greenday84
Aficionado
Aficionado
 
Messaggi: 61
Iscritto il: mer ott 13, 2004 5:50 pm

Messaggioda crazy.cat » ven giu 30, 2006 5:59 pm

Messaggi di errore quando tenti di scaricare?
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda greenday84 » ven giu 30, 2006 6:05 pm

In pratica mi dice : tempo per l'esecuzione....terminato. (o qualcosa di simile)

Nel caso di avast, mi dice che i server non sono attivi

Con Sygate...addirittura non riesco nemmeno ad avviarlo
Memento audere semper
Avatar utente
greenday84
Aficionado
Aficionado
 
Messaggi: 61
Iscritto il: mer ott 13, 2004 5:50 pm

Messaggioda greenday84 » sab lug 01, 2006 1:48 pm

Ho fatto una scansione approfondita con kaspersky online e mi ha dato questo responso :

C:\Documents and Settings\alle\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-5aa0b436-6cff673a.zip/javainstaller/InstallerApplet.class Infected: Trojan-Downloader.Java.OpenStream.w skipped
C:\Documents and Settings\alle\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-5aa0b436-6cff673a.zip ZIP: infected - 1 skipped
C:\Documents and Settings\alle\Desktop\jjj\huhu\varie\mirc612.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.612 skipped
C:\Documents and Settings\alle\Desktop\jjj\huhu\varie\mirc612.exe mIRC: infected - 1 skipped
C:\Documents and Settings\alle\Desktop\jjj\huhu\varie\mirc614.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.614 skipped
C:\Documents and Settings\alle\Desktop\jjj\huhu\varie\mirc614.exe mIRC: infected - 1 skipped
C:\download\Axis And Allies Cheats.rar/Axis and Allies_cheats.exe Infected: not-a-virus:Porn-Dialer.Win32.Star skipped
C:\download\Axis And Allies Cheats.rar RAR: infected - 1 skipped
C:\download\Contenuti Per MSN (Emoticon, Animoticon, Avtar, Muggin, Mood)\Avtars + Extra\Extras\5000 Emoticones.rar/Smiley Central v1.1.2.6.zip/SmileyCentralBetaSetup1.1.2.6.exe Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\download\Contenuti Per MSN (Emoticon, Animoticon, Avtar, Muggin, Mood)\Avtars + Extra\Extras\5000 Emoticones.rar/Smiley Central v1.1.2.6.zip Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\download\Contenuti Per MSN (Emoticon, Animoticon, Avtar, Muggin, Mood)\Avtars + Extra\Extras\5000 Emoticones.rar RAR: infected - 2 skipped
C:\download\Contenuti Per MSN (Emoticon, Animoticon, Avtar, Muggin, Mood)\winkchi1123.exe Infected: Trojan-Downloader.Win32.VB.oc skipped
C:\download\Contenuti Per MSN (Emoticon, Animoticon, Avtar, Muggin, Mood)\winkchi1126.exe Infected: Trojan-Downloader.Win32.VB.oc skipped
C:\download\Contenuti Per MSN (Emoticon, Animoticon, Avtar, Muggin, Mood)\winkdut1125.exe Infected: Trojan-Downloader.Win32.VB.oc skipped
C:\download\Contenuti Per MSN (Emoticon, Animoticon, Avtar, Muggin, Mood)\winkkor1133.exe Infected: Trojan-Downloader.Win32.VB.oc skipped
C:\download\sky\come vedere gratis sky tv con windows media player (e connessione almeno 300kbps) - aggiornato 25 marzo 2004\self extractor.exe Infected: Trojan-Dropper.Win32.Agent.a skipped
C:\download\sky\la codifica per seca 2 titanium card sky\la codifica per seca 2 titanium card sky.exe Infected: Trojan-Dropper.Win32.Agent.a skipped
C:\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.614 skipped
C:\RECYCLER\NPROTECT\00109806.cab/ied.exe Infected: Trojan-Downloader.Win32.Mediket.e skipped
C:\RECYCLER\NPROTECT\00109806.cab CAB: infected - 1 skipped
C:\System Volume Information\_restore{43304618-8512-4557-98E4-D08328AB9B97}\RP621\A0215793.EXE Infected: Trojan.Win32.Delf.bj skipped
C:\System Volume Information\_restore{43304618-8512-4557-98E4-D08328AB9B97}\RP621\A0215794.EXE Infected: Trojan.Win32.Delf.bj skipped
C:\System Volume Information\_restore{43304618-8512-4557-98E4-D08328AB9B97}\RP624\change.log Object is locked skipped
C:\WINDOWS\system32\i Infected: Trojan-Downloader.BAT.Ftp.ab skipped
Avatar utente
greenday84
Aficionado
Aficionado
 
Messaggi: 61
Iscritto il: mer ott 13, 2004 5:50 pm

Messaggioda crazy.cat » sab lug 01, 2006 2:15 pm

greenday84 ha scritto:C:\Documents and Settings\alle\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-5aa0b436-6cff673a.zip/javainstaller/InstallerApplet.class Infected: Trojan-Downloader.Java.OpenStream.w skipped
C:\Documents and Settings\alle\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-5aa0b436-6cff673a.zip ZIP: infected - 1 skipped


http://www.MegaLab.it/2467

Codice: Seleziona tutto
C:\download\Axis And Allies Cheats.rar/Axis and Allies_cheats.exe    Infected: not-a-virus:Porn-Dialer.Win32.Star    skipped
C:\download\Axis And Allies Cheats.rar    RAR: infected - 1    skipped
C:\download\Contenuti Per MSN (Emoticon, Animoticon, Avtar, Muggin, Mood)\Avtars + Extra\Extras\5000 Emoticones.rar/Smiley Central v1.1.2.6.zip/SmileyCentralBetaSetup1.1.2.6.exe    Infected: not-a-virus:AdWare.Win32.MyWebSearch    skipped
C:\download\Contenuti Per MSN (Emoticon, Animoticon, Avtar, Muggin, Mood)\Avtars + Extra\Extras\5000 Emoticones.rar/Smiley Central v1.1.2.6.zip    Infected: not-a-virus:AdWare.Win32.MyWebSearch    skipped
C:\download\Contenuti Per MSN (Emoticon, Animoticon, Avtar, Muggin, Mood)\Avtars + Extra\Extras\5000 Emoticones.rar    RAR: infected - 2    skipped
C:\download\Contenuti Per MSN (Emoticon, Animoticon, Avtar, Muggin, Mood)\winkchi1123.exe    Infected: Trojan-Downloader.Win32.VB.oc    skipped
C:\download\Contenuti Per MSN (Emoticon, Animoticon, Avtar, Muggin, Mood)\winkchi1126.exe    Infected: Trojan-Downloader.Win32.VB.oc    skipped
C:\download\Contenuti Per MSN (Emoticon, Animoticon, Avtar, Muggin, Mood)\winkdut1125.exe    Infected: Trojan-Downloader.Win32.VB.oc    skipped
C:\download\Contenuti Per MSN (Emoticon, Animoticon, Avtar, Muggin, Mood)\winkkor1133.exe    Infected: Trojan-Downloader.Win32.VB.oc    skipped
C:\download\sky\come vedere gratis sky tv con windows media player (e connessione almeno 300kbps) - aggiornato 25 marzo 2004\self extractor.exe    Infected: Trojan-Dropper.Win32.Agent.a    skipped
C:\download\sky\la codifica per seca 2 titanium card sky\la codifica per seca 2 titanium card sky.exe    Infected: Trojan-Dropper.Win32.Agent.a    skipped

Cancella i file infetti

Codice: Seleziona tutto
C:\RECYCLER\NPROTECT\00109806.cab/ied.exe    Infected: Trojan-Downloader.Win32.Mediket.e    skipped
C:\RECYCLER\NPROTECT\00109806.cab    CAB: infected - 1    skipped

svuota il cestino

Codice: Seleziona tutto
C:\System Volume Information\_restore{43304618-8512-4557-98E4-D08328AB9B97}\RP621\A0215793.EXE    Infected: Trojan.Win32.Delf.bj    skipped
C:\System Volume Information\_restore{43304618-8512-4557-98E4-D08328AB9B97}\RP621\A0215794.EXE    Infected: Trojan.Win32.Delf.bj    skipped
C:\System Volume Information\_restore{43304618-8512-4557-98E4-D08328AB9B97}\RP624\change.log    Object is locked    skipped

disabilita il ripristino e riavvia il pc
http://www.MegaLab.it/2330

C:\WINDOWS\system32\i Infected: Trojan-Downloader.BAT.Ftp.ab skipped

cancella il file
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda greenday84 » dom lug 02, 2006 11:38 am

provato ma il problema rimane.


Che altro posso provare?
Memento audere semper
Avatar utente
greenday84
Aficionado
Aficionado
 
Messaggi: 61
Iscritto il: mer ott 13, 2004 5:50 pm

Messaggioda crazy.cat » dom lug 02, 2006 12:20 pm

Magari è un cavolata, ma non avendo il pc davanti non mi vengono altre idee.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda greenday84 » dom lug 02, 2006 12:32 pm

Ho provato con scangui in modalità provvisoria. Ha tirato via qualcosa...ma nn e' cambiato niente.

comunque se puo essere utile, provo a ripostare un nuovo log con hjiackthis

Logfile of HijackThis v1.99.1
Scan saved at 13.27.56, on 02/07/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Executive Software\DiskeeperLite\DKService.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\windows\System32\nvsvc32.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\S4TSR.EXE
C:\windows\System32\GSICON.EXE
C:\windows\System32\dslagent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\ICQLite\ICQLite.exe
C:\PROGRA~1\FREESP~1\SpyWatcher.exe
C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programmi\Alwil Software\Avast4\setup\avast.setup
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\alle\Desktop\hijackthis-1\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DisableEHCI] C:\WINDOWS\S4TSR.EXE
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programmi\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Spy Watcher] "C:\PROGRA~1\FREESP~1\SpyWatcher.exe" -S
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programmi\ICQLite\ICQLite.exe -trayboot
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {1EDF25DE-DFB2-40CA-AA83-30AE7DA8C203} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/A ... ngctrl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 6740738285
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{64B442C3-1E3C-4B47-A801-DF9F614CACA9}: NameServer = 85.37.17.10 85.38.28.86
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmi\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe
Memento audere semper
Avatar utente
greenday84
Aficionado
Aficionado
 
Messaggi: 61
Iscritto il: mer ott 13, 2004 5:50 pm

Messaggioda greenday84 » lun lug 03, 2006 2:59 pm

e' normale quel (file missing) nelle voci dell'antivirus?
Memento audere semper
Avatar utente
greenday84
Aficionado
Aficionado
 
Messaggi: 61
Iscritto il: mer ott 13, 2004 5:50 pm

Messaggioda crazy.cat » lun lug 03, 2006 4:23 pm

Deve essere un mezzo buco di hijackthis che non riesce a leggere alcuni servizi, come anche messenger, lo abbiamo tutti.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda greenday84 » lun lug 03, 2006 4:40 pm

per il resto...il log e' pulito?
Memento audere semper
Avatar utente
greenday84
Aficionado
Aficionado
 
Messaggi: 61
Iscritto il: mer ott 13, 2004 5:50 pm

Messaggioda crazy.cat » lun lug 03, 2006 4:42 pm

greenday84 ha scritto:per il resto...il log e' pulito?

si
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 16 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising