Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Log. di HiJackThis

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Log. di HiJackThis

Messaggioda scramble » sab lug 24, 2004 2:44 am

Ciao ragazzi!!! (rieccomi dopo tanto tempo eh)
Volevo sapere da voi cosa potevo eliminare e cosa no!!! (per nn fare casini ovviamente!)
OK, quello è il log di hijavkthis dopo che ho fatto la scansione :


Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Programmilsslss.exe
C:Program FilesBTVtv.exe
C:ProgrammiJavaj2re1.4.2_04injusched.exe
C:WINDOWSSystem32 undll32.exe
C:ProgrammiAVPersonalAVGUARD.EXE
C:ProgrammiFile comuniWinToolsWToolsA.exe
C:ProgrammiAVPersonalAVWUPSRV.EXE
C:ProgrammiFile comuniEPSONEBAPISAgent2.exe
C:WINDOWSSystem32
vsvc32.exe
C:ProgrammiAVPersonalAVGNT.EXE
C:WINDOWSSystem32 cpsvcs.exe
C:ProgrammiQuickTimeqttask.exe
C:ProgrammiWinampwinampa.exe
C:ProgrammiMessenger Plus! 3MsgPlus.exe
C:PROGRA~1Thunk WipeWindowShowPile.exe
C:ProgrammiBuyPin SoftwareAdvertising Killerakiller.exe
C:ProgrammiMessengermsmsgs.exe
C:ProgrammiWinZipWZQKPICK.EXE
C:WINDOWSSystem32snmp.exe
C:WINDOWSSystem32svchost.exe
C:TinMessengerTinMessenger.exe
C:ProgrammiFile comuniWinToolsWToolsS.exe
C:ProgrammiRealVNCVNC4WinVNC4.exe
C:ProgrammiFile comuniWinToolsWSup.exe
C:ProgrammiMSN Messengermsnmsgr.exe
C:Documents and SettingsScrambleDesktop40b2fixVenom4.exe
C:ProgrammiAzureusAzureus.exe
C:ProgrammiJavaj2re1.4.2_01injavaw.exe
C:WINDOWSSystem32wuauclt.exe
C:ProgrammiWindows Media Playerwmplayer.exe
C:Documents and SettingsScrambleDesktopHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://mysearchnow.com/searchbar.html
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://mysearchnow.com/passthrough/inde ... google.it/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://mysearchnow.com/searchbar.html
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://mysearchnow.com/searchbar.html
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50007
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:PROGRA~1FILECO~1WinToolsWToolsB.dll
O2 - BHO: (no name) - {034C8311-C15D-636A-51EA-25D35A04763B} - C:PROGRA~1HopeskipLONGMPEG.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:ProgrammiAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:ProgrammiSpybot - Search & DestroySDHelper.dll
O2 - BHO: (no name) - {63CF97E8-4133-438a-A831-CC9C6D47D673} - (no file)
O2 - BHO: (no name) - {665ACD90-4541-4836-9FE4-062386BB8F05} - (no file)
O2 - BHO: (no name) - {7371F073-AC0F-4b80-BB2F-96A488CEFB32} - c:Program FilesXmodxm320.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:PROGRA~1FILECO~1WinToolsWToolsB.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O3 - Toolbar: Bone stop eggs - {4F11DB4F-5CA6-113A-E83F-DA9762E9D20F} - C:PROGRA~1HopeskipLONGMPEG.dll
O4 - HKLM..Run: [Creative WebCam Tray] C:ProgrammiCreativeShared FilesCAMTRAY.EXE
O4 - HKLM..Run: [blss] C:Programmilsslss.exe
O4 - HKLM..Run: [BTV] C:Program FilesBTVtv.exe
O4 - HKLM..Run: [Breg] "C:Program FilesCommon FilesJavareg.exe"
O4 - HKLM..Run: [SunJavaUpdateSched] C:ProgrammiJavaj2re1.4.2_04injusched.exe
O4 - HKLM..Run: [Jreg] "C:Program FilesCommon FilesJavaJreg2b.exe"
O4 - HKLM..Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM..Run: [WinTools] C:ProgrammiFile comuniWinToolsWToolsA.exe
O4 - HKLM..Run: [Overnet] C:ProgrammiOverneteDonkey2000.exe -t
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [AVGCtrl] "C:ProgrammiAVPersonalAVGNT.EXE" /min
O4 - HKLM..Run: [QuickTime Task] "C:ProgrammiQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [Microsoft Update Machine] systemse.exe
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [WinampAgent] C:ProgrammiWinampwinampa.exe
O4 - HKLM..Run: [MessengerPlus3] "C:ProgrammiMessenger Plus! 3MsgPlus.exe"
O4 - HKLM..Run: [manager great] C:PROGRA~1Thunk WipeWindowShowPile.exe
O4 - HKLM..Run: [Desksite CMA] C:Programmidesksiteincma.exe
O4 - HKLM..RunServices: [Microsoft Update Machine] systemse.exe
O4 - HKCU..Run: [Microsoft Update Machine] systemse.exe
O4 - HKCU..Run: [MessengerPlus3] "C:ProgrammiMessenger Plus! 3MsgPlus.exe" /WinStart
O4 - HKCU..Run: [Skype] "C:ProgrammiSkypePhoneSkype.exe" /nosplash /minimized
O4 - HKCU..Run: [AKiller] "C:ProgrammiBuyPin SoftwareAdvertising Killerakiller.exe"
O4 - HKCU..Run: [MSMSGS] "C:ProgrammiMessengermsmsgs.exe" /background
O4 - HKCU..Run: [msnmsgr] "C:ProgrammiMSN Messengermsnmsgr.exe" /background
O4 - Startup: C6 Client.LNK = C:TinMessengerTinMessenger.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:ProgrammiFile comuniAdobeCalibrationAdobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:ProgrammiWinZipWZQKPICK.EXE
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc ... tor/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/ ... mv9VCM.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b28578.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://www.webcamnow.com/broadcast/ActiveXWebCam.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc ... wflash.cab
O17 - HKLMSystemCCSServicesTcpip..{DA526313-AB57-4379-B106-6FDC94B97BAB}: NameServer = 81.74.229.227 151.99.125.1



che de dite? O_o aiuto grazie!! [angel]
Avatar utente
scramble
Senior Member
Senior Member
 
Messaggi: 297
Iscritto il: dom ago 31, 2003 1:16 am
Località: Lazio

Messaggioda crazy.cat » sab lug 24, 2004 7:19 am

Hai un po di caos, le voci che ti ho indicato sotto sono da eliminare,prova a comincaire a pulire e poi rifai la scansione con hijackthis e vedi cosa rimane.

Per prima cosa segui bene le istruzioni e usa il programma che trovi qui
http://www.zanezane.net/articoli.asp?id=427

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://mysearchnow.com/searchbar.html
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://mysearchnow.com/passthrough/inde ... google.it/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://mysearchnow.com/searchbar.html
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://mysearchnow.com/searchbar.html
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50007
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:PROGRA~1FILECO~1WinToolsWToolsB.dll
O2 - BHO: (no name) - {63CF97E8-4133-438a-A831-CC9C6D47D673} - (no file)
O2 - BHO: (no name) - {665ACD90-4541-4836-9FE4-062386BB8F05} - (no file)
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:PROGRA~1FILECO~1WinToolsWToolsB.dll
O4 - HKLM..Run: [WinTools] C:ProgrammiFile comuniWinToolsWToolsA.exe

Per questi prova a seguire le istruzioni che trovi in questi link (sono dei virus/dialer)
http://www.trendmicro.com/vinfo/virusen ... .B&VSect=T
O4 - HKLM..Run: [blss] C:Programmilsslss.exe

http://www.pestpatrol.com/pestinfo/b/btv_dialer.asp
O4 - HKLM..Run: [BTV] C:Program FilesBTVtv.exe
O4 - HKLM..Run: [Breg] "C:Program FilesCommon FilesJavareg.exe"

http://fr.trendmicro-europe.com/enterpr ... CC&VSect=T
O4 - HKLM..Run: [Microsoft Update Machine] systemse.exe
O4 - HKLM..RunServices: [Microsoft Update Machine] systemse.exe
O4 - HKCU..Run: [Microsoft Update Machine] systemse.exe

Questi non sono riuscito a trovare notizie, ma sono sospetti.
O2 - BHO: (no name) - {034C8311-C15D-636A-51EA-25D35A04763B} - C:PROGRA~1HopeskipLONGMPEG.dll
O3 - Toolbar: Bone stop eggs - {4F11DB4F-5CA6-113A-E83F-DA9762E9D20F} - C:PROGRA~1HopeskipLONGMPEG.dll
O4 - HKLM..Run: [manager great] C:PROGRA~1Thunk WipeWindowShowPile.exe

Visto che hai un po di virus prova questo,per fare una pulizia più sicura
http://www.zanezane.net/articoli.asp?id=187
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda scramble » sab lug 24, 2004 7:09 pm

Ti ringrazio infinitamente!!![applauso]
Avatar utente
scramble
Senior Member
Senior Member
 
Messaggi: 297
Iscritto il: dom ago 31, 2003 1:16 am
Località: Lazio


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 1 ospite

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising