pc impazziti

**betalaga** · 08-11-2004, 16:51

non so se sia un virus che gira x la rete del mio ufficio ma i pc sono impazziti... dopo qualche minuto che sono accesi si riavviano, senza fare disconnessioni o cose simili.... virus non ne trova... in nessun pc...

**betalaga** · 08-11-2004, 17:00

Originariamente inviato da betalaga
non so se sia un virus che gira x la rete del mio ufficio ma i pc sono impazziti... dopo qualche minuto che sono accesi si riavviano, senza fare disconnessioni o cose simili.... virus non ne trova... in nessun pc...

**SuperMariano81** · 08-11-2004, 17:00

S.O.?
Hai provato a scannare i PC con dei programmi apposta trova spyware-malware-toryan?

**betalaga** · 08-11-2004, 17:04

Originariamente inviato da SuperMariano81
S.O.?
Hai provato a scannare i PC con dei programmi apposta trova spyware-malware-toryan?

tutti windows xp

ho fatto la ricerca di virus e spyware dappertutto con AVG spybot e adware....

**SuperMariano81** · 08-11-2004, 17:27

Mmmm che sia un caso di blaster o sasser? no l'antivirus avrebbe trovato qualcosa....
Prova a postare un log di hijackthis o fare un scan con un software anti trojan.

**betalaga** · 08-11-2004, 17:31

Originariamente inviato da SuperMariano81
Mmmm che sia un caso di blaster o sasser? no l'antivirus avrebbe trovato qualcosa....
Prova a postare un log di hijackthis o fare un scan con un software anti trojan.

mi dici il nome di un software anti trojan?

se sto con il filo di rete scollegato non si riavvia... se collego il cavo si riavvia sempre e fa riavviare pure gli altri...

**betalaga** · 08-11-2004, 17:34

ah, non penso sia blaster o sasser xke davano la finestrina di chiusura di windows con il timer di 20 secondi... questo no si riavvia senza dire nulla... di botto!

**SuperMariano81** · 08-11-2004, 17:37

Originariamente inviato da betalaga
ah, non penso sia blaster o sasser xke davano la finestrina di chiusura di windows con il timer di 20 secondi... questo no si riavvia senza dire nulla... di botto!

mmmm sembra sicuramente un infezione di massa visto che ha colpito i PC credo si tratti di qualche programmino schifoso, prova come ti ho detto con il log di un pc con hijackthis e vediamo.

**betalaga** · 08-11-2004, 17:41

Logfile of HijackThis v1.98.2
Scan saved at 16.41.42, on 08/11/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Grisoft\AVG6\avgcc32.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\ATnotes\ATnotes.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.100.1.2/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [AVG_CC] C:\Programmi\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ATnotes.exe] C:\Programmi\ATnotes\ATnotes.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {1F831FA9-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Programmi\AutoCAD LT 2002 Ita\InstFred.ocx
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1098469628492
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Controllo AcDc oggi) - file://C:\Programmi\AutoCAD LT 2002 Ita\AcDcToday.ocx
O16 - DPF: {AE563729-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programmi\AutoCAD LT 2002 Ita\InstBanr.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Controllo AcPreview) - file://C:\Programmi\AutoCAD LT 2002 Ita\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = technical.local
O17 - HKLM\Software\..\Telephony: DomainName = technical.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{20AA3133-8C5F-4D08-8025-8563B029BA53}: NameServer = 192.100.1.2,213.140.1.12
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = technical.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{20AA3133-8C5F-4D08-8025-8563B029BA53}: NameServer = 192.100.1.2,213.140.1.12
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = technical.local
O17 - HKLM\System\CS2\Services\Tcpip\..\{20AA3133-8C5F-4D08-8025-8563B029BA53}: NameServer = 192.100.1.2,213.140.1.12
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = technical.local
O17 - HKLM\System\CS3\Services\Tcpip\..\{20AA3133-8C5F-4D08-8025-8563B029BA53}: NameServer = 192.100.1.2,213.140.1.12

**betalaga** · 08-11-2004, 17:57

Originariamente inviato da betalaga
Logfile of HijackThis v1.98.2
Scan saved at 16.41.42, on 08/11/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Grisoft\AVG6\avgcc32.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\ATnotes\ATnotes.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.100.1.2/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [AVG_CC] C:\Programmi\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ATnotes.exe] C:\Programmi\ATnotes\ATnotes.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {1F831FA9-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Programmi\AutoCAD LT 2002 Ita\InstFred.ocx
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1098469628492
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Controllo AcDc oggi) - file://C:\Programmi\AutoCAD LT 2002 Ita\AcDcToday.ocx
O16 - DPF: {AE563729-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programmi\AutoCAD LT 2002 Ita\InstBanr.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Controllo AcPreview) - file://C:\Programmi\AutoCAD LT 2002 Ita\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = technical.local
O17 - HKLM\Software\..\Telephony: DomainName = technical.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{20AA3133-8C5F-4D08-8025-8563B029BA53}: NameServer = 192.100.1.2,213.140.1.12
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = technical.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{20AA3133-8C5F-4D08-8025-8563B029BA53}: NameServer = 192.100.1.2,213.140.1.12
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = technical.local
O17 - HKLM\System\CS2\Services\Tcpip\..\{20AA3133-8C5F-4D08-8025-8563B029BA53}: NameServer = 192.100.1.2,213.140.1.12
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = technical.local
O17 - HKLM\System\CS3\Services\Tcpip\..\{20AA3133-8C5F-4D08-8025-8563B029BA53}: NameServer = 192.100.1.2,213.140.1.12

è grave???

Discussione: pc impazziti

Strumenti discussione

Ricerca discussione

Visualizza

pc impazziti

Re: pc impazziti

Permessi di invio