|
| HOMEPAGE | INDICE FORUM | REGOLAMENTO | ::. | NEI PREFERITI | .:: | RSS Forum | RSS News | NEWS web | NEWS software | |
| PUBBLICITA' | | | ARTICOLI | WIN XP | VISTA | WIN 7 | REGISTRI | SOFTWARE | MANUALI | RECENSIONI | LINUX | HUMOR | HARDWARE | DOWNLOAD | | | CERCA nel FORUM » | |
27-07-2007, 12.33.31 | #16 |
Junior Member
Registrato: 24-04-2003
Loc.: Trieste
Messaggi: 72
|
Ho lanciato hijackthis e pulito alcune cose che mi saltavano subito all'occhio. Logfile of HijackThis v1.99.1 Scan saved at 12.13.34, on 27/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe C:\Windows\system32\LEXBCES.EXE C:\Windows\system32\LEXPPS.EXE C:\Windows\system32\spoolsv.exe C:\Windows\System32\svchost.exe C:\Programmi\Belkin\Software Bluetooth\bin\btwdins.exe C:\Programmi\Symantec AntiVirus\DefWatch.exe C:\Programmi\Symantec AntiVirus\SavRoam.exe C:\Programmi\Spyware Doctor\sdhelp.exe C:\Programmi\Symantec AntiVirus\Rtvscan.exe C:\Windows\System32\alg.exe C:\Programmi\QuickTime\qttask.exe C:\Windows\system32\atiptaxx.exe C:\Programmi\Synaptics\SynTP\SynTPLpr.exe C:\Programmi\Synaptics\SynTP\SynTPEnh.exe C:\Programmi\I-Storm USB ADSL Modem\CnxDslTb.exe C:\Windows\system32\LXSUPMON.EXE C:\Programmi\File comuni\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Programmi\Messenger\msmsgs.exe C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128 .5462\GoogleToolbarNotifier.exe C:\Programmi\Spyware Doctor\swdoctor.exe C:\Programmi\Belkin\Software Bluetooth\BTTray.exe C:\Programmi\DIGITAL GRAPH\Mind5\Alarm.exe C:\Windows\system32\taskmgr.exe C:\Windows\regedit.exe C:\Windows\explorer.exe E:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.libero.it R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Programmi\I-Storm USB ADSL Modem\CnxDslTb.exe O4 - HKLM\..\Run: [LXSUPMON] C:\Windows\system32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [oeuai] C:\Documents and Settings\vischi\Dati applicazioni\tofareraci\systvmrs.exe O4 - HKLM\..\Run: [tskxgljk] "c:\windows\system32\tskxgljk.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [PrevxRootkitRemovalTool] "F:\CD8487T.exe" -scan <- già rimosso O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128 .5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmi\Spyware Doctor\swdoctor.exe" /Q O4 - Startup: Scadenze Mind 5.0.lnk = ? O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\Belkin\Software Bluetooth\btsendto_ie_ctx.htm O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Belkin\Software Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Belkin\Software Bluetooth\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.libero.it O15 - Trusted Zone: *.cercoporno.com <- già rimosso O15 - Trusted Zone: *.eros-porno.com <- già rimosso O15 - Trusted Zone: www.hastalavista.it <- già rimosso O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab O20 - Winlogon Notify: NavLogon - C:\Windows\system32\NavLogon.dll O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\Belkin\Software Bluetooth\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programmi\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: OracleClientCache80 - Unknown owner - C:\ORANT\BIN\ONRSD80.EXE O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programmi\Symantec AntiVirus\SavRoam.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programmi\Spyware Doctor\sdhelp.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programmi\Symantec AntiVirus\Rtvscan.exe Ho forti dubbi sulla riga con tskxgljk anche perchè non trovo nessuna corrispondenza con google con questo nome di file. Se qualcuno vede altre cose da eliminare è il benvenuto Appena riesco pulisco anche l'altro pc e posto il log di hijackthis ciao e grazie Matteo |
27-07-2007, 12.50.26 | #17 |
Gold Member
Top Poster
Registrato: 20-08-2002
Loc.: Mestre
Messaggi: 3.563
|
Da far sparire questi due file
O4 - HKLM\..\Run: [oeuai] C:\Documents and Settings\vischi\Dati applicazioni\tofareraci\systvmrs.exe O4 - HKLM\..\Run: [tskxgljk] "c:\windows\system32\tskxgljk.exe" dai una passata con Virit http://www.tgsoft.it/italy/index_ita.html
___________________________________
Solo gli operai sanno quanto vale il tempo; se lo fanno sempre pagare. |
27-07-2007, 22.35.25 | #18 |
Gold Member
Top Poster
Registrato: 26-08-2000
Loc.: tokyo city
Messaggi: 8.374
|
Pc staccato da Internet prima di ogni scansione-rimozione.
SuperAntiSpyware 3.9.1008 Download: http://downloads2.superantispyware.c...ntiSpyware.exe Dovrebbe rilevarlo e toglierlo dal ripristino di sistema. Come prova definitiva fai partire il tool russo DrWeb CureIt! 4.33 Download: ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe |
Utenti attualmente attivi che stanno leggendo questa discussione: 1 (0 utenti e 1 ospiti) | |
Strumenti discussione | |
|
|