Server ukraino e controllo hijackthis [Stesso problema non risolto]

**frans_78** · 06-12-2008, 15:15

Sono nouvo del forum help me tank

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:06, on 2008-12-06
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\CheckPoint\SecuRemote\bin\SR_Service. exe
C:\Programmi\CheckPoint\SecuRemote\bin\SR_Watchdog .exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Altiris\AClient\AClient.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\McAfee\Common Framework\FrameworkService.exe
C:\Programmi\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Programmi\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Programmi\lotus\notes\ntmulti.exe
C:\Programmi\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Programmi\Altiris\AClient\AClntUsr.EXE
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Programmi\McAfee\Common Framework\UdaterUI.exe
C:\Programmi\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programmi\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [AClntUsr] C:\Programmi\Altiris\AClient\AClntUsr.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmi\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmi\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [OneCareUI] "C:\Programmi\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/actives.../as2stubie.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase6662.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1211359848640
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1211359931015
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dom2.ad.sys
O17 - HKLM\Software\..\Telephony: DomainName = dom2.ad.sys
O17 - HKLM\System\CCS\Services\Tcpip\..\{19E2919F-497B-4DC9-B0BC-47D5D63A6AC2}: NameServer = 85.255.115.51;85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\..\{777E373A-13D2-43D4-82E0-E7C1A1F1D453}: NameServer = 85.255.115.51;85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2FF26D9-F913-497B-AF8B-86AB5D2B2095}: NameServer = 85.255.115.51;85.255.112.187
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dom2.ad.sys
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.51;85.255.112.187
O17 - HKLM\System\CS1\Services\Tcpip\..\{19E2919F-497B-4DC9-B0BC-47D5D63A6AC2}: NameServer = 85.255.115.51;85.255.112.187
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = dom2.ad.sys
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.51;85.255.112.187
O17 - HKLM\System\CS3\Services\Tcpip\..\{19E2919F-497B-4DC9-B0BC-47D5D63A6AC2}: NameServer = 85.255.115.51;85.255.112.187
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = dom2.ad.sys
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.51;85.255.112.187
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Programmi\Altiris\AClient\AClient.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Programmi\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Programmi\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Programmi\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Programmi\lotus\notes\ntmulti.exe
O23 - Service: Check Point VPN-1 Securemote service (SR_Service) - Check Point Software Technologies - C:\Programmi\CheckPoint\SecuRemote\bin\SR_Service. exe
O23 - Service: Check Point VPN-1 Securemote watchdog (SR_Watchdog) - Check Point Software Technologies - C:\Programmi\CheckPoint\SecuRemote\bin\SR_Watchdog .exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Programmi\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programmi\File comuni\SureThing Shared\stllssvr.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7423 bytes

**SkinBonno** · 06-12-2008, 19:04

Ok che sei nuovo...però potevi dare un'occhiata al regolamento (titolo non conforme e mancanza di spiegazione nel messaggio). Pensaranno poi i moderatori come fare.
Comunque ci potresti spiegare che problemi ha il pc?
In ogni caso comincia così...
Riesegui Hijackthis, fai una scansione e Fixa questi:

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dom2.ad.sys
O17 - HKLM\Software\..\Telephony: DomainName = dom2.ad.sys
O17 - HKLM\System\CCS\Services\Tcpip\..\{19E2919F-497B-4DC9-B0BC-47D5D63A6AC2}: NameServer = 85.255.115.51;85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\..\{777E373A-13D2-43D4-82E0-E7C1A1F1D453}: NameServer = 85.255.115.51;85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2FF26D9-F913-497B-AF8B-86AB5D2B2095}: NameServer = 85.255.115.51;85.255.112.187
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dom2.ad.sys
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.51;85.255.112.187
O17 - HKLM\System\CS1\Services\Tcpip\..\{19E2919F-497B-4DC9-B0BC-47D5D63A6AC2}: NameServer = 85.255.115.51;85.255.112.187
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = dom2.ad.sys
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.51;85.255.112.187
O17 - HKLM\System\CS3\Services\Tcpip\..\{19E2919F-497B-4DC9-B0BC-47D5D63A6AC2}: NameServer = 85.255.115.51;85.255.112.187
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = dom2.ad.sys
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.51;85.255.112.187

Poi non sapendo che problemi hai col pc ti do da fare una delle cose di base:

Scarica e installa Malwarebytes. Aggiornalo e fai una scansione completa del computer. Posta il rapporto ottenuto. Per ora non rimuovere nessuna minaccia rilevata, aspetta nostre conferme.

Discussione: Server ukraino e controllo hijackthis [Stesso problema non risolto]

Strumenti discussione

Ricerca discussione

Visualizza

Stesso problema non risolto

Permessi di invio