Utility
Home Messaggi odierni FAQ Ricerca avanzata Lo staff del forum Regolamento Utenti Archivio
Visualizzazione dei risultati da 1 a 6 su 6

Discussione: HJT Log

  1. 12-11-2004, 18:48 #1
    Babuk
    Babuk non è in linea
    Utente di HTML.it L'avatar di Babuk
    Registrato dal
    Oct 2003
    Messaggi
    222

    HJT Log

    Ciao a Tutti.

    Qualche consiglio su questo log del PC di un mio amico?
    Grazie

    Logfile of HijackThis v1.98.2
    Scan saved at 18.44.50, on 10/11/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
    C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
    C:\WINDOWS\system32\gsicon.exe
    C:\WINDOWS\system32\dslagent.exe
    C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
    C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printra y.exe
    C:\Programmi\File comuni\Symantec Shared\ccApp.exe
    C:\Programmi\EpsonNet\EpsonNet WebManager\bin\EMMONITOR.exe
    C:\WINDOWS\system32\LMSAL1K.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Programmi\WinZip\WZQKPICK.EXE
    C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
    C:\Programmi\EpsonNet\EpsonNet WebManager\bin\EMONMGR.exe
    C:\Programmi\EpsonNet\EpsonNet WebManager\bin\EMRR.exe
    C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
    C:\Programmi\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\Programmi\Norton AntiVirus\navapsvc.exe
    C:\Programmi\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Programmi\MSN Messenger\msnmsgr.exe
    C:\Programmi\Internet Explorer\iexplore.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Programmi\Messenger\msmsgs.exe
    C:\Documents and Settings\Ing. Gianpaolo Villa\Desktop\HijackThis1982.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ymwivsjijrzztogv.com/I5vD...od__Jioj2.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.umwxgdqqfpyrfss.com/I5vDN...wI1SrYllg.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {91BEA175-5982-F991-641D-168BFB81044B} - C:\DOCUME~1\ING~1.GIA\DATIAP~1\TRUSTT~1\flaw upload.exe
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {CA7D54D3-C45C-FDC9-3224-0D6D3F549C87} - C:\DOCUME~1\ING~1.GIA\DATIAP~1\TRUSTT~1\flaw upload.exe
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
    O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
    O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
    O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
    O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printra y.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NAV CfgWiz] C:\Programmi\File comuni\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [EMmonitor] C:\Programmi\EpsonNet\EpsonNet WebManager\bin\EMMONITOR.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Corn itch ref multi] C:\Documents and Settings\All Users\Dati applicazioni\truststopcornitch\Mess win.exe
    O4 - HKLM\..\Run: [wma delete comp base] C:\Documents and Settings\All Users\Dati applicazioni\type proc wma delete\logeggs.exe
    O4 - HKLM\..\Run: [LMSAL1K] LMSAL1K.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [OnlineCdrom] C:\DOCUME~1\ING~1.GIA\DATIAP~1\ATOMDE~1\32third.ex e
    O4 - Global Startup: Service Manager.lnk = C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0 2.EXE
    O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8D7A28F8-F3FA-431E-AEC9-488C3BD5B8C8}: NameServer = 212.131.30.42,212.131.30.43
    Rispondi quotando Rispondi quotando
  2. 15-11-2004, 10:14 #2
    Babuk
    Babuk non è in linea
    Utente di HTML.it L'avatar di Babuk
    Registrato dal
    Oct 2003
    Messaggi
    222

    up

    Rispondi quotando Rispondi quotando
  3. 15-11-2004, 19:55 #3
    amvinfe
    amvinfe non è in linea
    Moderatore di Sicurezza informatica e virus L'avatar di amvinfe
    Registrato dal
    May 2002
    Messaggi
    6,739
    dalla modalità provvisoria elimina con HJT i valori:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ymwivsjijrzztogv.com/I5v...Kod__Jioj2.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.umwxgdqqfpyrfss.com/ I5v...
    llg.html
    O2 - BHO: (no name) - {91BEA175-5982-F991-641D-168BFB81044B} - C:\DOCUME~1\ING~1.GIA\DATIAP~1\TRUSTT~1\flaw upload.exe
    O2 - BHO: (no name) - {CA7D54D3-C45C-FDC9-3224-0D6D3F549C87} - C:\DOCUME~1\ING~1.GIA\DATIAP~1\TRUSTT~1\flaw upload.exe
    O4 - HKLM\..\Run: [Corn itch ref multi] C:\Documents and Settings\All Users\Dati applicazioni\truststopcornitch\Mess win.exe O4 - HKLM\..\Run: [wma delete comp base] C:\Documents and Settings\All Users\Dati applicazioni\type proc wma delete\logeggs.exe ===> questi valori non li conosco
    O4 - HKCU\..\Run: [OnlineCdrom] C:\DOCUME~1\ING~1.GIA\DATIAP~1\ATOMDE~1\32third.ex e

    sempre dalla provvisoria fai una scansione con AdAware aggiornato, nella macchina avrai sicuramente parecchi files collegati ad almeno uno spyware (flaw upload.exe)
    Elimina i valori infetti, riavvia posta un nuovo log di HJT
    ==
    Visita il mio blog SuspectFile.com
    ==
    Rispondi quotando Rispondi quotando
  4. 16-11-2004, 12:36 #4
    Babuk
    Babuk non è in linea
    Utente di HTML.it L'avatar di Babuk
    Registrato dal
    Oct 2003
    Messaggi
    222

    dopo la cura...

    questo è il risultato:

    Logfile of HijackThis v1.98.2
    Scan saved at 20.07.52, on 15/11/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
    C:\Programmi\EpsonNet\EpsonNet WebManager\bin\EMONMGR.exe
    C:\Programmi\EpsonNet\EpsonNet WebManager\bin\EMRR.exe
    C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
    C:\Programmi\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
    C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
    C:\WINDOWS\system32\gsicon.exe
    C:\WINDOWS\system32\dslagent.exe
    C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
    C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printra y.exe
    C:\Programmi\File comuni\Symantec Shared\ccApp.exe
    C:\Programmi\Norton AntiVirus\navapsvc.exe
    C:\Programmi\EpsonNet\EpsonNet WebManager\bin\EMMONITOR.exe
    C:\WINDOWS\system32\LMSAL1K.exe
    C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
    C:\Programmi\Norton SystemWorks\Password Manager\AcctMgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\Internet Explorer\iexplore.exe
    C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Programmi\WinZip\WZQKPICK.EXE
    C:\Programmi\Norton AntiVirus\SAVScan.exe
    C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
    C:\Programmi\Messenger\msmsgs.exe
    C:\Documents and Settings\Ing. Gianpaolo Villa\Desktop\HijackThis1982.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=hom e
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
    O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
    O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
    O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
    O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printra y.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NAV CfgWiz] C:\Programmi\File comuni\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [EMmonitor] C:\Programmi\EpsonNet\EpsonNet WebManager\bin\EMMONITOR.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Corn itch ref multi] C:\Documents and Settings\All Users\Dati applicazioni\truststopcornitch\Mess win.exe
    O4 - HKLM\..\Run: [wma delete comp base] C:\Documents and Settings\All Users\Dati applicazioni\type proc wma delete\logeggs.exe
    O4 - HKLM\..\Run: [LMSAL1K] LMSAL1K.exe
    O4 - HKLM\..\Run: [AcctMgr] C:\Programmi\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Service Manager.lnk = C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0 2.EXE
    O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8D7A28F8-F3FA-431E-AEC9-488C3BD5B8C8}: NameServer = 212.131.30.42,212.131.30.43

    X Amvinfe: I valori evidenziati in blu sul tuo ultimo msg non li conosci?
    Rispondi quotando Rispondi quotando
  5. 16-11-2004, 19:47 #5
    amvinfe
    amvinfe non è in linea
    Moderatore di Sicurezza informatica e virus L'avatar di amvinfe
    Registrato dal
    May 2002
    Messaggi
    6,739
    esatto, non li conosco. Il log sembra essere a posto
    ==
    Visita il mio blog SuspectFile.com
    ==
    Rispondi quotando Rispondi quotando
  6. 16-11-2004, 20:27 #6
    Babuk
    Babuk non è in linea
    Utente di HTML.it L'avatar di Babuk
    Registrato dal
    Oct 2003
    Messaggi
    222
    wow!!! è la prima volta che mi capita di trovare qualcosa che non conosci,
    perchè in sintesi si potrebbe dire che

    Grazie per la disponibilità.
    Rispondi quotando Rispondi quotando
« Discussione precedente | Prossima discussione »

Permessi di invio

  • Non puoi inserire discussioni
  • Non puoi inserire repliche
  • Non puoi inserire allegati
  • Non puoi modificare i tuoi messaggi
  •  

Regole del Forum

Powered by vBulletin® Version 4.2.1
Copyright © 2026 vBulletin Solutions, Inc. All rights reserved.