Utility
Home Messaggi odierni FAQ Ricerca avanzata Lo staff del forum Regolamento Utenti Archivio
Visualizzazione dei risultati da 1 a 4 su 4

Discussione: whataboutadog

  1. 14-10-2007, 23:36 #1
    tempestasolare
    tempestasolare non è in linea
    Utente di HTML.it L'avatar di tempestasolare
    Registrato dal
    Oct 2007
    Messaggi
    2

    whataboutadog

    Ho un problema che non riesco a risolvere.........
    mi compare in trusted zone un dominio "fasullo" *.whataboutadog.com e compare un file in C:\WINDOWS\Temp un file che cambia di volta in volta, ora trovo YO4B3F.exe (lo cancello in modalità provvisoria ma ricompare con altro nome).
    Ho fatto girare un pò di "cose" ma non risolvo il problema....
    ccleaner
    spybot
    trend micro antispyware
    AD aware se
    trend nicro office scan
    e
    altro
    allego log hijackthis
    Logfile of HijackThis v1.99.1
    Scan saved at 23.23.48, on 14/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Officescan NT\ntrtscan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Officescan NT\tmlisten.exe
    C:\WINDOWS\system32\CCM\CcmExec.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Officescan NT\OfcPfwSvc.exe
    C:\WINDOWS\TEMP\YO4B3F.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Officescan NT\pccntmon.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Logitech\Video\ISStart.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\Officescan NT\Pop3Trap.exe
    C:\Program Files\QuickTime\bak\qttask.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft Office Communicator\Communicator.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Alice ti aiuta\bin\mpbtn.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\regedit.exe
    C:\Program Files\Opera\Opera.exe
    C:\Documents and Settings\00215629\My Documents\hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://noiportal.telecomitalia.it
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Telecom Italia s.p.a.
    R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Officescan NT\pccntmon.exe" -HideWindow
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [PDUiP6220DMon] C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [RUN_PWR_SETTINGS] %windir%\system32\RunUnset.vbs
    O4 - HKLM\..\Run: [sealmon] C:\Program Files\SealedMedia\sealmon.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\bak\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
    O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
    O4 - Global Startup: Alice ti aiuta.lnk = C:\Program Files\Alice ti aiuta\bin\matcli.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: MapiProfileTI.lnk = C:\WINDOWS\MapiProfileTI.vbs
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://noiportal.telecomitalia.it
    O15 - Trusted Zone: http://organigramma.griffon.local
    O15 - Trusted Zone: *.griffon.local
    O15 - Trusted Zone: http://atomwfe1.telecomitalia.it
    O15 - Trusted Zone: http://atomwfe2.telecomitalia.it
    O15 - Trusted Zone: http://griffon.ittelecom.open.telecomitalia.it
    O15 - Trusted Zone: http://griffon.open.telecomitalia.it
    O15 - Trusted Zone: http://hr.open.telecomitalia.it
    O15 - Trusted Zone: http://paperless.open.telecomitalia.it
    O15 - Trusted Zone: http://tils.open.telecomitalia.it
    O15 - Trusted Zone: http://dwh-o2c.telecomitalia.local
    O15 - Trusted Zone: http://soa404.telecomitalia.local
    O15 - Trusted Zone: *.whataboutadog.com
    O15 - Trusted Zone: http://organigramma.griffon.local (HKLM)
    O15 - Trusted Zone: *.griffon.local (HKLM)
    O15 - Trusted Zone: http://atomwfe1.telecomitalia.it (HKLM)
    O15 - Trusted Zone: http://atomwfe2.telecomitalia.it (HKLM)
    O15 - Trusted Zone: http://griffon.ittelecom.open.telecomitalia.it (HKLM)
    O15 - Trusted Zone: http://griffon.open.telecomitalia.it (HKLM)
    O15 - Trusted Zone: http://hr.open.telecomitalia.it (HKLM)
    O15 - Trusted Zone: http://paperless.open.telecomitalia.it (HKLM)
    O15 - Trusted Zone: http://tils.open.telecomitalia.it (HKLM)
    O15 - Trusted Zone: http://dwh-o2c.telecomitalia.local (HKLM)
    O15 - Trusted Zone: http://soa404.telecomitalia.local (HKLM)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = telecomitalia.local
    O17 - HKLM\Software\..\Telephony: DomainName = telecomitalia.local
    O17 - HKLM\System\CCS\Services\Tcpip\..\{04B7E05C-ECA4-4393-BC1B-FC1B635BA7C4}: NameServer = 156.54.205.68,156.54.17.166
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A9FA1FB0-D522-4225-95FD-95A29CD25D01}: NameServer = 85.37.17.16 85.38.28.68
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = telecomitalia.local
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = telecomitalia.local
    O17 - HKLM\System\CS1\Services\Tcpip\..\{04B7E05C-ECA4-4393-BC1B-FC1B635BA7C4}: NameServer = 156.54.205.68,156.54.17.166
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = telecomitalia.local
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Officescan NT\ntrtscan.exe
    O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Officescan NT\OfcPfwSvc.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
    O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Officescan NT\tmlisten.exe
    Rispondi quotando Rispondi quotando
  2. 15-10-2007, 14:16 #2
    ste_95
    ste_95 non è in linea
    Utente bannato
    Registrato dal
    Jun 2007
    Messaggi
    3,899
    scarica findawf e fai la scansione, al termine postane il log...
    Rispondi quotando Rispondi quotando
  3. 15-10-2007, 22:06 #3
    tempestasolare
    tempestasolare non è in linea
    Utente di HTML.it L'avatar di tempestasolare
    Registrato dal
    Oct 2007
    Messaggi
    2
    ecco il log findawf


    Find AWF report by noahdfear ©2006
    Version 1.40

    The current date is: 15/10/2007
    The current time is: 22.01.57,90


    bak folders found
    ~~~~~~~~~~~


    Directory of C:\OFFICE~1\BAK

    0 File(s) 0 bytes

    Directory of C:\WINDOWS\BAK

    10/06/2004 14.48 286.720 vsnpstd.exe
    1 File(s) 286.720 bytes

    Directory of C:\PROGRA~1\ALICEM~1\BAK

    0 File(s) 0 bytes

    Directory of C:\PROGRA~1\MESSEN~1\BAK

    0 File(s) 0 bytes

    Directory of C:\PROGRA~1\MI71C1~1\BAK

    0 File(s) 0 bytes

    Directory of C:\PROGRA~1\QUICKT~1\BAK

    0 File(s) 0 bytes

    Directory of C:\PROGRA~1\REGSHAVE\BAK

    0 File(s) 0 bytes

    Directory of C:\PROGRA~1\SEALED~1\BAK

    0 File(s) 0 bytes

    Directory of C:\WINDOWS\SYSTEM32\BAK

    0 File(s) 0 bytes

    Directory of C:\PROGRA~1\ALICET~1\SMARTB~1\BAK

    0 File(s) 0 bytes

    Directory of C:\PROGRA~1\ANALOG~1\CORE\BAK

    0 File(s) 0 bytes

    Directory of C:\PROGRA~1\ANALOG~1\SOUNDMAX\BAK

    0 File(s) 0 bytes

    Directory of C:\PROGRA~1\CANON\EASY-P~2\BAK

    0 File(s) 0 bytes

    Directory of C:\PROGRA~1\HPQ\DEFAUL~1\BAK

    0 File(s) 0 bytes

    Directory of C:\PROGRA~1\LOGITECH\VIDEO\BAK

    0 File(s) 0 bytes

    Directory of C:\PROGRA~1\SYNAPT~1\SYNTP\BAK

    0 File(s) 0 bytes

    Directory of C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK

    0 File(s) 0 bytes

    Directory of C:\PROGRA~1\CANON\MEMORY~1\IP6220D\BAK

    0 File(s) 0 bytes

    Directory of C:\PROGRA~1\ADOBE\PHOTOS~1\3.2\APPS\BAK

    0 File(s) 0 bytes


    Duplicate files of bak directory contents
    ~~~~~~~~~~~~~~~~~~~~~~~

    286720 10 Jun 2004 "C:\WINDOWS\bak\vsnpstd.exe"
    286720 10 Jun 2004 "C:\Program Files\Trust\150 Spacecam Portable\vsnpstd.exe"


    end of report
    Rispondi quotando Rispondi quotando
  4. 16-10-2007, 14:48 #4
    ste_95
    ste_95 non è in linea
    Utente bannato
    Registrato dal
    Jun 2007
    Messaggi
    3,899
    seleziona queste voci e premi fix checked:

    R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O15 - Trusted Zone: http://organigramma.griffon.local
    O15 - Trusted Zone: *.griffon.local
    O15 - Trusted Zone: *.whataboutadog.com
    O15 - Trusted Zone: *.griffon.local (HKLM)

    fai una pulizia con CClenaer..

    ps. per i file vbs che si avviano non saprei....aspettiamo pareri
    Rispondi quotando Rispondi quotando
« Discussione precedente | Prossima discussione »

Permessi di invio

  • Non puoi inserire discussioni
  • Non puoi inserire repliche
  • Non puoi inserire allegati
  • Non puoi modificare i tuoi messaggi
  •  

Regole del Forum

Powered by vBulletin® Version 4.2.1
Copyright © 2024 vBulletin Solutions, Inc. All rights reserved.