Virus e HijackThis

Gandalf_BD · 19-10-2005, 08:53

Ciao a tutti...
mi sono becacto un virus, ma AntiVir non mi è stato di nessun aiuto... sfogliando i vostri post vecchi ho visto che fate tutti affidamento su HijackThis...
io l'ho scaricato e l'ho fatto girare...
vi posto qua sotto il log file... come faccio a capire quali sono i files infetti?
grazie mille per l'attenzione e scusate l'ignoranza!

Codice:

Logfile of HijackThis v1.99.1
Scan saved at 9.50.07, on 19/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ASWLSVC.exe
C:\Programmi\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\ASWL2K.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\System32\csrs.exe
C:\WINDOWS\System32\lssas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Asus\Asus ChkMail\ChkMail.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\foobar2000\foobar2000.exe
C:\Programmi\Executive Software\Diskeeper\DfrgFat.exe
C:\WINDOWS\etb\pokapoka75.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\STEFAN~1\IMPOST~1\Temp\Rar$EX00.492\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.24-7searching-and-more.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.24-7searching-and-more.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.24-7searching-and-more.com/sp2.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com.tw
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com.tw
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINDOWS\System32\csrs.exe
O4 - HKLM\..\Run: [System service75] C:\WINDOWS\etb\pokapoka75.exe
O4 - HKLM\..\Run: [System service76] C:\WINDOWS\\\etb\\pokapoka76.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Programmi\Asus\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmi\Executive Software\Diskeeper\DkService.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe

BravoGT83 · 19-10-2005, 09:22

ce in rilievo il 3d ufficiale

Gandalf_BD · 19-10-2005, 09:28

oooooooops... grazie!!!

non l'ho visto... la prossima volta è meglio che vada a dormire più presto...

matteo1 · 19-10-2005, 09:31

magari dai una passata con:
mcafee solo scanner

BravoGT83 · 19-10-2005, 09:47

O4 - HKLM\..\Run: [System service75] C:\WINDOWS\etb\pokapoka75.exe
O4 - HKLM\..\Run: [System service76] C:\WINDOWS\\\etb\\pokapoka76.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.24-7searching-and-more.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.24-7searching-and-more.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.24-7searching-and-more.com/sp2.php

fixa e poi butta su SP2

andorra24 · 19-10-2005, 10:32

Fixa anche queste:

C:\WINDOWS\System32\csrs.exe
C:\WINDOWS\System32\lssas.exe
C:\WINDOWS\etb\pokapoka75.exe
O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINDOWS\System32\csrs.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Gandalf_BD · 19-10-2005, 10:51

GRAZIEEEE!!!!!

19-10-2005, 09:28	#3
Gandalf_BD Senior Member Iscritto dal: Jun 2004 Messaggi: 760	oooooooops... grazie!!! non l'ho visto... la prossima volta è meglio che vada a dormire più presto... __________________ Gandalf_BD -------------------------------------------- "When you aim at perfection, you discover it's a moving target"

19-10-2005, 09:31	#4
matteo1 Senior Member Iscritto dal: Jun 2005 Città: in lombardia Messaggi: 8414	magari dai una passata con: mcafee solo scanner __________________ Asrock z170m, i7 6700k, 8GB Kingston ddr4 2666, sandisk ssd120GB, Segate 4TB, XFX Radeon RX 480 RS 8GB

19-10-2005, 10:51	#7
Gandalf_BD Senior Member Iscritto dal: Jun 2004 Messaggi: 760	GRAZIEEEE!!!!! __________________ Gandalf_BD -------------------------------------------- "When you aim at perfection, you discover it's a moving target"

19-10-2005, 09:22	#2
BravoGT83 Senior Member Iscritto dal: Sep 2004 Messaggi: 6387	ce in rilievo il 3d ufficiale

19-10-2005, 09:47	#5
BravoGT83 Senior Member Iscritto dal: Sep 2004 Messaggi: 6387	O4 - HKLM\..\Run: [System service75] C:\WINDOWS\etb\pokapoka75.exe O4 - HKLM\..\Run: [System service76] C:\WINDOWS\\\etb\\pokapoka76.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.24-7searching-and-more.com/sp2.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.24-7searching-and-more.com/sp2.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.24-7searching-and-more.com/sp2.php fixa e poi butta su SP2

19-10-2005, 10:32	#6
andorra24 Senior Member Iscritto dal: May 2005 Città: Palermo Messaggi: 6390	Fixa anche queste: C:\WINDOWS\System32\csrs.exe C:\WINDOWS\System32\lssas.exe C:\WINDOWS\etb\pokapoka75.exe O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINDOWS\System32\csrs.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Strumenti
Mostra una versione stampabile Invia questa pagina per email