Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
Log Hijackthis
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
Mandrake
Comune mortale
Comune mortale


Registrato: 23/02/07 16:31
Messaggi: 1
MessaggioInviato: 23 Feb 2007 16:32    Oggetto: Log Hijackthis Rispondi citando
Salve ragazzi, so quanto sia noioso analizzare un log di hijackthis, ma potreste aiutarmi con questo log di un mio amico? ho trovato parecchie cosette... vorrei avere altri pareri! Grazie in anticipo

Logfile of HijackThis v1.99.1
Scan saved at 22:43:39, on 22.02.2007
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\mssmpp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Downloaded Program
Files\CONFLICT.1\UERSU_0001_N91M2407NetInstaller.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\VeriSign\NAVI\naviagent.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\NetPumper\NetPumperIEProxy.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\Netscape\Netscape\Netscp.exe
C:\WINDOWS\System32\svchost.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://g.msn.ch/0SEDECH/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: i-Nav IDN SearchHook -
{CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program
Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} -
C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.de.de-ch\msntb.dll
O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\System32\spoolsvc.exe
O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe
O4 - HKLM\..\Run: [Microsft Security Monitor Process] mssmpp.exe
O4 - HKLM\..\Run: [Services] C:\WINDOWS\System32\wapq.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Local Security Authority Service]
C:\WINDOWS\System32\lssas.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe
"C:\WINDOWS\System32\xvjnblma.dll",setvm
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition
Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NI.UERSU_0001_N91M2407] "C:\WINDOWS\Downloaded Program
Files\CONFLICT.1\UERSU_0001_N91M2407NetInstaller.exe" -nag
O4 - HKLM\..\Run: [NetPumper] "C:\Program
Files\NetPumper\NetPumperIEProxy.exe"
O4 - HKLM\..\RunServices: [Microsft Security Monitor Process] mssmpp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe"
/background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program
Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Program
Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program
Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Download with NetPumper - C:\Program
Files\NetPumper\AddUrl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: i-Nav Pomoc - {CE000992-A58C-4441-8938-744CD72AB27F} -
http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: i-Nav Pomoc -
{CE000992-A58C-4441-8938-744CD72AB27F} -
http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} -
C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: i-Nav Ustawienia -
{CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program
Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O16 - DPF: {B562BC94-9A3A-4760-AE48-0D52FD01B1B5} (VeriSign Software Update
Service) - http://download.verisign-grs.com/plug-in/i-navinstall.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) -
Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) -
AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program
Files\VeriSign\NAVI\naviagent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Top
Profilo Invia messaggio privato
Smjert
Dio maturo
Dio maturo


Registrato: 01/04/06 18:19
Messaggi: 1619
Residenza: Perso nella rete
MessaggioInviato: 23 Feb 2007 17:07    Oggetto: Rispondi
Ha un po' di schifezze...

Avvia HijackThis, premi Do a system scan only, spunta queste voci e poi premi FixChecked(non fixare le voci in rosso se sai cosa sono):

Citazione:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ch/0SEDECH/SAOS01
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\System32\spoolsvc.exe
O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe
O4 - HKLM\..\Run: [Microsft Security Monitor Process] mssmpp.exe
O4 - HKLM\..\Run: [Services] C:\WINDOWS\System32\wapq.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe
"C:\WINDOWS\System32\xvjnblma.dll",setvm
O4 - HKLM\..\Run: [NI.UERSU_0001_N91M2407] "C:\WINDOWS\Downloaded Program
Files\CONFLICT.1\UERSU_0001_N91M2407NetInstaller.exe" -nag
O4 - HKLM\..\Run: [NetPumper] "C:\Program
Files\NetPumper\NetPumperIEProxy.exe"
O4 - HKLM\..\RunServices: [Microsft Security Monitor Process] mssmpp.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll


Riavvia il pc in Modalità Provvisoria (quando ti fa il calcolo della memoria, ti segna gli hd collegati ecc premi continuamente F8 finchè non appare un menu, da lì scegli con le freccie la modalità).

Cancella queste cartelle C:\Program Files\VSAdd-in, C:\Program Files\NetPumper\
Cancella questi files C:\WINDOWS\System32\spoolsvc.exe, C:\WINDOWS\System32\wapq.exe, C:\WINDOWS\System32\xvjnblma.dll, C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERSU_0001_N91M2407NetInstaller.exe, C:\Windows\mssmpp.exe

Riavvia il pc in Modalità Normale.

Posta un nuovo log di HijackThis.
Top
Profilo Invia messaggio privato HomePage
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Pagina 1 di 1

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi