SERVER IMPESTATO?

**Spyfil** · 18-03-2005, 19:19

ho fatto una scanzione HijackThis
qualcuno riesce a dirmi cosa c'è che non va?
ho sempre la cpu al 99% con SVCHOST.exe..
---------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 18.20.39, on 18/03/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\CpqRcmc.exe
C:\PROGRA~1\SAV\DefWatch.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\cba\pds.exe
C:\WINNT\System32\ismserv.exe
C:\WINNT\System32\llssrv.exe
C:\Programmi\Microsoft BackOffice\Connectivity\POP3 Connector\vmimb.exe
C:\Programmi\Xerox\Network Installer\npas.exe
C:\PROGRA~1\SAV\Rtvscan.exe
C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
C:\WINNT\system32\ntfrs.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\locator.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
C:\Programmi\American Megatrends, Inc\MegaRAID IDE\spyser.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wins.exe
C:\WINNT\System32\CPQNiMgt\CPQNIMGT.EXE
C:\WINNT\system32\cpqmgmt\CqMgServ\CqMgServ.EXE
C:\WINNT\system32\cpqmgmt\cqmgstor\cqmgstor.exe
C:\WINNT\System32\dns.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\system32\ams_ii\hndlrsvc.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\system32\ams_ii\iao.exe
C:\WINNT\system32\cba\xfr.exe
C:\WINNT\System32\modemshr.exe
C:\Programmi\Exchsrvr\bin\mad.exe
C:\Programmi\File comuni\System\MSSearch\Bin\mssearch.exe
C:\Programmi\Microsoft Shared Fax\Bin\FXSSVC.exe
C:\WINNT\System32\sysdown.exe
C:\WINNT\system32\cpqmgmt\CqMgHost\CQMGHOST.EXE
C:\WINNT\System32\CPQMGMT\CPQWMGMT.EXE
C:\Programmi\Microsoft ISA Server\mspadmin.exe
C:\Programmi\Exchsrvr\bin\store.exe
C:\Programmi\Microsoft ISA Server\w3proxy.exe
C:\Programmi\Microsoft ISA Server\W3Prefch.exe
C:\Programmi\Microsoft ISA Server\wspsrv.exe
C:\WINNT\Explorer.EXE
C:\Programmi\American Megatrends, Inc\MegaRAID IDE\spyui.exe
C:\PROGRA~1\SAV\vptray.exe
C:\Programmi\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\WINNT\System32\internat.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackTh is.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = MORETTO-SRV:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [MegaIDESpy] C:\Programmi\American Megatrends, Inc\MegaRAID IDE\spyui.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SAV\vptray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programmi\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MorettoServizi.it
O17 - HKLM\System\CCS\Services\Tcpip\..\{0FBA8011-5FA0-426B-9D30-3ACED505E3C1}: NameServer = xxxxx
O17 - HKLM\System\CCS\Services\Tcpip\..\{BBCF4AB5-13C0-45CB-AA73-67570F1746A5}: NameServer = xxxx,xxxxx
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9059363-A67F-46CB-98B5-96426569F9FB}: NameServer = xxxxxx
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = MorettoServizi.it
O17 - HKLM\System\CS1\Services\Tcpip\..\{0FBA8011-5FA0-426B-9D30-3ACED505E3C1}: NameServer = xxxx
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = MorettoServizi.it
O17 - HKLM\System\CS2\Services\Tcpip\..\{0FBA8011-5FA0-426B-9D30-3ACED505E3C1}: NameServer = xxxx
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = MorettoServizi.it
O17 - HKLM\System\CS3\Services\Tcpip\..\{0FBA8011-5FA0-426B-9D30-3ACED505E3C1}: NameServer = xxxx
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\\NavLogon.dll
O23 - Service: Compaq NIC Agents (CPQNicMgmt) - Compaq Information Technologies Group, L.P. - C:\WINNT\System32\CPQNiMgt\CPQNIMGT.EXE
O23 - Service: Compaq Remote Monitor Service (CpqRcmc) - Compaq - C:\WINNT\System32\CpqRcmc.exe
O23 - Service: Compaq Web Agent (CpqWebMgmt) - Compaq Computer Corp. - C:\WINNT\System32\CPQMGMT\CPQWMGMT.EXE
O23 - Service: Compaq Foundation Agents (CqMgHost) - Compaq Computer Corp. - C:\WINNT\system32\cpqmgmt\CqMgHost\CQMGHOST.EXE
O23 - Service: Compaq Server Agents (CqMgServ) - Compaq Computer Corp. - C:\WINNT\system32\cpqmgmt\CqMgServ\CqMgServ.EXE
O23 - Service: Compaq Storage Agents (CqMgStor) - Compaq Computer Corp. - C:\WINNT\system32\cpqmgmt\cqmgstor\cqmgstor.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SAV\DefWatch.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Programmi\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Microsoft H.323 Gatekeeper (GKSVC) - Unknown owner - svchost.exe (file missing)
O23 - Service: Intel Alert Handler - Intel® Corporation - C:\WINNT\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - Intel® Corporation - C:\WINNT\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINNT\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINNT\System32\cba\pds.exe
O23 - Service: Microsoft Connector for POP3 Mailboxes (MSPOP3Connector) - Unknown owner - C:\Programmi\Microsoft BackOffice\Connectivity\POP3 Connector\vmimb.exe" /SERVICE (file missing)
O23 - Service: New Printer Alert - Xerox - C:\Programmi\Xerox\Network Installer\npas.exe
O23 - Service: Server Symantec AntiVirus (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SAV\Rtvscan.exe
O23 - Service: Servizio Discovery di Symantec System Center (NSCTOP) - Symantec Corporation - C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
O23 - Service: SpySer - American Megatrends, Inc. - C:\Programmi\American Megatrends, Inc\MegaRAID IDE\spyser.exe
O23 - Service: Compaq System Shutdown Service (sysdown) - Compaq Computer Corporation - C:\WINNT\System32\sysdown.exe

**Joe Taras** · 18-03-2005, 20:09

Secondo me sei impestato, non saprei dirti l'entità del danno ma se intacca SVCHOST.EXE mi preoccuperei

e in bocca al lupo!

**Spyfil** · 21-03-2005, 19:18

UP!!!

**amvinfe** · 21-03-2005, 19:46

lo so che noi moderatori possiamo passare per rompiscatole, ma le domande che ci vengono spontanee e che troveresti, fra l'altro, anche nel 3d in rilievo
http://forum.html.it/forum/showthrea...hreadid=769694
sono sempre le stesse.
Di grazia, cosa hai fatto prima d'eseguire uno scan con HJT?
Hai già effettuato le verifiche con antivirus e scansione online?

Molte grazie.

**Spyfil** · 22-03-2005, 11:17

Ma ti dico che ho fatto che una ricerca sui post..
ho fatto la scansione con il northon aggiornato ma non mi ha trovato nulla..

la scansione on-line non l'ho fatta!!
dove la si fa?

Grazie per avermi graziato!!!

**amvinfe** · 22-03-2005, 18:10

appena sotto a quello che già ti ho scritto c'è questo 3d in rilievo
http://forum.html.it/forum/showthrea...hreadid=235578

Discussione: SERVER IMPESTATO?

Strumenti discussione

Ricerca discussione

Visualizza

SERVER IMPESTATO?

Re: SERVER IMPESTATO?

SCUSA

Permessi di invio