ps076
17-05-2005, 15.41.50
Ciao a tutti ho un problema con un pc del mio ufficio, dopo il solito cambiamento cambiamento della prima pagina di explorer ho inziato una scansione per capire cosa stava succedendo, ho rilevato molti spyware che ho provveduto ad eliminare con:
- Ad-aware
- SpyBot S&D
- Microsoft Windows Antispyware (beta)
Dopo diverse pulizie con i programmi sopra indicati sono arrivato ad avere ad ogni scansione con nessun risultato.
Inizio a navigare con explorer e la prima pagina è quella che io ho scelto, chiudo explorer e lo riapro e la prima pagina è cambiato ricomincio le scansioni e ci sono nuovamento degli Spyware... credo ci sia qualche cosa che devo cancellare.
Di seguito vi riporto il log di HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 14.42.04, on 17/05/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\Programmi\Symantec AntiVirus\SavRoam.exe
C:\WINNT\system32\MSTask.exe
C:\Programmi\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Mixer.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINNT\system32\ntvdm.exe
C:\Programmi\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programmi\Microsoft AntiSpyware\gcasServ.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\apiyx32.exe
C:\WINNT\apign.exe
C:\Documents and Settings\ptega\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Programmi\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {4BCC690C-D3F4-0710-E185-C39B88202BAB} - C:\WINNT\system32\addzl32.dll
O2 - BHO: Class - {FE79CBCE-07E9-CBB1-F15F-8C97C0DBD1A1} - C:\WINNT\system32\netsi32.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [[01]################################################## ################################################## ##########################] C:\Documents and Settings\ptega\Internet Optimizer\update\rogue.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programmi\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [apiyx32.exe] C:\WINNT\system32\apiyx32.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\Programmi\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [iwfr] C:\PROGRA~1\COMMON~1\iwfr\iwfrm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {1F831FA9-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Programmi\AutoCAD LT 2002 Ita\InstFred.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Controllo AcDc oggi) - file://C:\Programmi\AutoCAD LT 2002 Ita\AcDcToday.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {AE563729-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programmi\AutoCAD LT 2002 Ita\InstBanr.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Controllo AcPreview) - file://C:\Programmi\AutoCAD LT 2002 Ita\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = almagesto.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = almagesto.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = almagesto.local
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINNT\javaty.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programmi\Symantec AntiVirus\DefWatch.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programmi\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programmi\Symantec AntiVirus\Rtvscan.exe
GRAZIE PER L'AIUTO.
CIAO A TUTTI
- Ad-aware
- SpyBot S&D
- Microsoft Windows Antispyware (beta)
Dopo diverse pulizie con i programmi sopra indicati sono arrivato ad avere ad ogni scansione con nessun risultato.
Inizio a navigare con explorer e la prima pagina è quella che io ho scelto, chiudo explorer e lo riapro e la prima pagina è cambiato ricomincio le scansioni e ci sono nuovamento degli Spyware... credo ci sia qualche cosa che devo cancellare.
Di seguito vi riporto il log di HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 14.42.04, on 17/05/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\Programmi\Symantec AntiVirus\SavRoam.exe
C:\WINNT\system32\MSTask.exe
C:\Programmi\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Mixer.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINNT\system32\ntvdm.exe
C:\Programmi\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programmi\Microsoft AntiSpyware\gcasServ.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\apiyx32.exe
C:\WINNT\apign.exe
C:\Documents and Settings\ptega\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Programmi\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {4BCC690C-D3F4-0710-E185-C39B88202BAB} - C:\WINNT\system32\addzl32.dll
O2 - BHO: Class - {FE79CBCE-07E9-CBB1-F15F-8C97C0DBD1A1} - C:\WINNT\system32\netsi32.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [[01]################################################## ################################################## ##########################] C:\Documents and Settings\ptega\Internet Optimizer\update\rogue.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programmi\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [apiyx32.exe] C:\WINNT\system32\apiyx32.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\Programmi\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [iwfr] C:\PROGRA~1\COMMON~1\iwfr\iwfrm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {1F831FA9-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Programmi\AutoCAD LT 2002 Ita\InstFred.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Controllo AcDc oggi) - file://C:\Programmi\AutoCAD LT 2002 Ita\AcDcToday.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {AE563729-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programmi\AutoCAD LT 2002 Ita\InstBanr.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Controllo AcPreview) - file://C:\Programmi\AutoCAD LT 2002 Ita\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = almagesto.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = almagesto.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = almagesto.local
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINNT\javaty.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programmi\Symantec AntiVirus\DefWatch.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programmi\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programmi\Symantec AntiVirus\Rtvscan.exe
GRAZIE PER L'AIUTO.
CIAO A TUTTI