Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
logfile hijackthis
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
rmarino75
Comune mortale
Comune mortale


Registrato: 30/05/11 19:37
Messaggi: 1
MessaggioInviato: 30 Mag 2011 19:56    Oggetto: logfile hijackthis Rispondi citando
Salve a tutti, sono nuovo, ho letto qualcosa ed avendo diversi problemi con il PC ho pensato di allegare il logfile generato dal mio pc.
Qualcuno potrebbe aiutarmi????


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20.03.02, on 30/05/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\DynDNS Updater\DynUpSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Programmi\ATI Technologies\ATI HYDRAVISION\HydraMD.exe
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\DynDNS Updater\DynTray.exe
C:\WINDOWS\TrayMin700.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programmi\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - (no file)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Programmi\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [HydraVisionViewPort] C:\Programmi\ATI Technologies\ATI HYDRAVISION\HydraMD.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DynDNS Updater Tray Icon.lnk = C:\Programmi\DynDNS Updater\DynTray.exe
O4 - Global Startup: TrayMin700.exe.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: http://dvredicola.dyndns.org
O16 - DPF: {0002E510-0000-0000-C000-000000000046} (Microsoft Office Spreadsheet 9.0) - http://www.web.seat.it/climan/cab/owc.CAB
O16 - DPF: {0A14BF1B-3095-407F-93B4-7617F0C805E5} (IdamClient.ObjControl) - http://www.web.seat.it/climan/CAB/IdamClient.CAB
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5806D0CE-CE96-493B-808B-E3AB51CD7C2B} (IBCListFilter.IBCListControl) - http://www.web.seat.it/climan/cab/IBCListFilter.CAB
O16 - DPF: {6980A6FB-83DB-4AB3-A478-E2FBF3C94B93} (IBCXMLConvert.ITranslate) - http://www.web.seat.it/climan/CAB/IBCXMLConvert.CAB
O16 - DPF: {702EB464-6DCB-4791-A122-C391613ED74E} (ServerCaller.idamCalls) - http://www.web.seat.it/climan/cab/ServerCaller.CAB
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://194.244.16.123/g_bin/eng/poker_2_0_0_48.cab
O16 - DPF: {87CB7BA6-70F0-4468-ADB2-075987BAEE5C} (IBCexpStatus.expStore) - http://www.web.seat.it/climan/CAB/IBCexpStatus.CAB
O16 - DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} (DvrOcx Control) - http://dvredicola.dyndns.org/DvrOcx.cab
O16 - DPF: {A854AD6D-6DB5-41FB-8044-0BD38092A007} (Ganymede Sudoku) - http://194.244.16.123/g_bin/eng/sudoku_2_0_0_15.cab
O16 - DPF: {D2444EF0-CEB0-4268-8983-1AD735005451} (IdamForm.IBCIdamForm) - http://www.web.seat.it/climan/cab/IBCIdamForm.CAB
O16 - DPF: {D2C6D2A7-EA9C-4653-8271-5200B01BECD8} (IdamNote.IdamNoteControl) - http://www.web.seat.it/climan/cab/IdamNotes.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.fueps.com/gp/resources/games/puzzle/PopCapGames/popcaploader_v10_it.cab
O16 - DPF: {E5B732AD-3F2D-4630-B63D-3E37F4D50CCD} (IBCScriptControl.UserControl1) - http://www.web.seat.it/climan/cab/IBCScriptControl.CAB
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BF2F769-CE0B-42A5-A929-893196220AFC}: NameServer = 85.37.17.50 85.38.28.76
O17 - HKLM\System\CCS\Services\Tcpip\..\{619A5709-59B3-447B-99C6-860C2D0FFB60}: NameServer = 216.146.35.35,216.146.36.36
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: DynDNS Updater - Dynamic Network Services, Inc. - C:\Programmi\DynDNS Updater\DynUpSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe

--
End of file - 8206 bytes
Top
Profilo Invia messaggio privato
R16
Dio maturo
Dio maturo


Registrato: 07/03/08 22:58
Messaggi: 10129
MessaggioInviato: 30 Mag 2011 20:45    Oggetto: Rispondi
Ciao rmarino75 e benvenuto . Ciao

Segui queste indicazioni:

Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su "fix checked":
Citazione:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
O3 - Toolbar: (no name) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - (no file)
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: http://dvredicola.dyndns.org
O16 - DPF: {0002E510-0000-0000-C000-000000000046} (Microsoft Office Spreadsheet 9.0) - http://www.web.seat.it/climan/cab/owc.CAB
O16 - DPF: {0A14BF1B-3095-407F-93B4-7617F0C805E5} (IdamClient.ObjControl) - http://www.web.seat.it/climan/CAB/IdamClient.CAB
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5806D0CE-CE96-493B-808B-E3AB51CD7C2B} (IBCListFilter.IBCListControl) - http://www.web.seat.it/climan/cab/IBCListFilter.CAB
O16 - DPF: {6980A6FB-83DB-4AB3-A478-E2FBF3C94B93} (IBCXMLConvert.ITranslate) - http://www.web.seat.it/climan/CAB/IBCXMLConvert.CAB
O16 - DPF: {702EB464-6DCB-4791-A122-C391613ED74E} (ServerCaller.idamCalls) - http://www.web.seat.it/climan/cab/ServerCaller.CAB
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://194.244.16.123/g_bin/eng/poker_2_0_0_48.cab
O16 - DPF: {87CB7BA6-70F0-4468-ADB2-075987BAEE5C} (IBCexpStatus.expStore) - http://www.web.seat.it/climan/CAB/IBCexpStatus.CAB
O16 - DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} (DvrOcx Control) - http://dvredicola.dyndns.org/DvrOcx.cab
O16 - DPF: {A854AD6D-6DB5-41FB-8044-0BD38092A007} (Ganymede Sudoku) - http://194.244.16.123/g_bin/eng/sudoku_2_0_0_15.cab
O16 - DPF: {D2444EF0-CEB0-4268-8983-1AD735005451} (IdamForm.IBCIdamForm) - http://www.web.seat.it/climan/cab/IBCIdamForm.CAB
O16 - DPF: {D2C6D2A7-EA9C-4653-8271-5200B01BECD8} (IdamNote.IdamNoteControl) - http://www.web.seat.it/climan/cab/IdamNotes.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.fueps.com/gp/resources/games/puzzle/PopCapGames/popcaploader_v10_it.c ab
O16 - DPF: {E5B732AD-3F2D-4630-B63D-3E37F4D50CCD} (IBCScriptControl.UserControl1) - http://www.web.seat.it/climan/cab/IBCScriptControl.CAB
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

Pulisci i files temporanei con CCleaner (registro compreso)
http://forum.zeusnews.com/viewtopic.php?p=282670#282670

Riavvia il pc.

Scarica e installa la versione Free di SuperAntispyware:
link
lo configuri come da immagini :
http://www.zeusnews.it/zz_upload/img/PSV/SAS/7477731.jpg
http://www.zeusnews.it/zz_upload/img/PSV/SAS/9926902.jpg
Esegui una scansione completa.

Segui le istruzioni di questo topic per usare MBAM: (ricorda di aggiornarlo prima della scansione)
http://forum.zeusnews.com/viewtopic.php?p=297823#297823
Esegui una scansione completa.
Elimina gli eventuali file infetti trovati.

Carica i log di SuperAntispyware, e MBAM, su http://www.wikisend.com/ e posta il Forum Link che ti viene assegnato.
link

Domanda:
Dov'è l'antivirus? Think
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Pagina 1 di 1

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi