|
|||||||
|
|
|
 |
|
|
Strumenti |
18-12-2005, 21:19
|
#1 |
|
Member
Iscritto dal: Dec 2005
Città: Ancona
Messaggi: 44
|
aiuto con HijackThis
innanzitutto spero di non aver sbagliato thread....
Salve ragazzi sono nuovo del forum e legendo dei post qua e la ho scaricato HijackThis e fatto una scansione. Ho controllato sul sito come spiegato nella guida ma fra i vari risultati ci sono questi che non mi convincono. Scriverò la "chiave" che non mi convince con sotto il problema... O4 - HKLM\..\Run: [Windows Installer] C:\WINDOWS\System32\ntdll.exe Windows Installer X ntdll.exe Added by an unidentified WORM or TROJAN! O4 - HKLM\..\Run: [Windows Spooler] C:\WINDOWS\System32\spoolsv32.exe Windows Spooler X spoolsv32.exe Added by an unidentified WORM or TROJAN! O4 - HKLM\..\Run: [Windows DLL Host] C:\WINDOWS\System32\dllhost32.exe Windows DLL Host X dllhost32.exe Added by an unidentified WORM or TROJAN! O4 - HKLM\..\Run: [Windows update] C:\WINDOWS\System32\wudupdate.exe Windows update X wudupdate.exe Adware downloader - Istbar related O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe non trovato se rispetto maiuscolo/minuscolo O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background non trovato se rispetto maiuscolo/minuscolo anche se dovrebbe essere il normale messenger O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Programmi\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4 non trovato O4 - HKCU\..\RunOnce: [Web Offer] C:\WINDOWS\System32\smmss.exe non trovato O4 - Global Startup: Kaspersky Anti-Hacker.lnk = ? è il Kaspersky ma non so se è tutto ok... O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab questo dovrebbe essere da fixare O17 - HKLM\System\CCS\Services\Tcpip\..\{FE06D946-8995-4AFC-9C69-FA96D868F4C2}: NameServer = 85.37.17.57 151.99.125.1 questo in teoria va bene..... o no??? O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) questo dovrebbe essere da fixare O23 - Service: NetDDE Server (NetDDEsrv) - Unknown owner - C:\WINDOWS\System32\netddesrv.exe questo non ne ho la + pallida idea..... Spero che qualcuno che ci capisce sappia darmi una risposta. Grazie in anticipo. |
|
|
|
18-12-2005, 21:39
|
#2 |
|
Senior Member
Iscritto dal: May 2005
Città: Palermo
Messaggi: 6390
|
Fixa le seguenti voci:
O4 - HKLM\..\Run: [Windows Installer] C:\WINDOWS\System32\ntdll.exe Windows Installer X ntdll.exe Added by an unidentified WORM or TROJAN! O4 - HKLM\..\Run: [Windows Spooler] C:\WINDOWS\System32\spoolsv32.exe Windows Spooler X spoolsv32.exe Added by an unidentified WORM or TROJAN! O4 - HKLM\..\Run: [Windows DLL Host] C:\WINDOWS\System32\dllhost32.exe Windows DLL Host X dllhost32.exe Added by an unidentified WORM or TROJAN! O4 - HKLM\..\Run: [Windows update] C:\WINDOWS\System32\wudupdate.exe Windows update X wudupdate.exe Adware downloader - Istbar related O4 - HKCU\..\RunOnce: [Web Offer] C:\WINDOWS\System32\smmss.exe O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: NetDDE Server (NetDDEsrv) - Unknown owner - C:\WINDOWS\System32\netddesrv.exe Le altre cose vanno bene. Ti consiglio di fare una scansione con ewido:http://download.ewido.net/ewido-setup.exe |
|
|
|
|
18-12-2005, 21:53
|
#3 |
|
Member
Iscritto dal: Dec 2005
Città: Ancona
Messaggi: 44
|
grazie milleeeeeeeeee...
|
|
|
|
|
18-12-2005, 22:15
|
#4 | |
|
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28661
|
Quote:
|
|
|
|
|
|
20-12-2005, 09:22
|
#5 |
|
Member
Iscritto dal: May 2005
Messaggi: 274
|
dove si trova il thread ufficiale
io ho un portatile e vengo continuamente attaccato da non so chi ad-watch me li blocca il tentativo di modificare il registro . ho questi file quali devo eliminare ? Logfile of HijackThis v1.99.1 Scan saved at 20.02.21, on 19/12/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\SERVICES.EXE C:\WINDOWS\SERVICES.EXE C:\Documents and Settings\utente\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\SERVICES.EXE F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\SERVICES.EXE O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] C:\Programmi\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" O4 - HKLM\..\Run: [WatchDog] C:\Programmi\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [Ad-watch] "C:\Programmi\Lavasoft\Ad-aware 6\Ad-watch.exe" O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [SERVICES.EXE] C:\WINDOWS\SERVICES.EXE O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: del.bat O4 - Global Startup: KVG.exe O8 - Extra context menu item: &Cerca con Google - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Traduci parola in italiano - res://C:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm O8 - Extra context menu item: Link a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6FEAD20E-4272-406B-B5F7-F4729AFFE698} (CWImgUpldAxCtrl Object) - http://www.enterlink.it/enter/wiu/WImgUpld.cab O16 - DPF: {D75CC892-8952-4F6A-B082-FF1103E0D5A7} (WRControlLite.WaveletReader) - http://85.37.96.67/WRControlLite.CAB O17 - HKLM\System\CCS\Services\Tcpip\..\{9ED82290-82F3-462F-B92A-FA73D2F69840}: NameServer = 151.99.125.1,151.99.0.100 O17 - HKLM\System\CCS\Services\Tcpip\..\{F7E9C18D-D4D2-4047-A469-E6CDEC781DE1}: NameServer = 151.99.125.1,151.99.0.100,192.168.0.4 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\SHARED\HPQWMI.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe ciao grazie |
|
|
|
|
20-12-2005, 09:23
|
#6 |
|
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28661
|
il thread ufficiale lo trovi in rilievo,nella prima pagina di questa sezione,postalo li
|
|
|
|
|
20-12-2005, 10:17
|
#7 | |
|
Senior Member
Iscritto dal: May 2005
Città: Palermo
Messaggi: 6390
|
Quote:
C:\WINDOWS\SERVICES.EXE C:\WINDOWS\SERVICES.EXE F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\SERVICES.EXE F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\SERVICES.EXE O4 - HKLM\..\Run: [SERVICES.EXE] C:\WINDOWS\SERVICES.EXE O4 - Global Startup: del.bat O4 - Global Startup: KVG.exe Controlla se conosci le 2 seguenti voci,se le conosci le tieni,se non le conosci le fixi: O16 - DPF: {6FEAD20E-4272-406B-B5F7-F4729AFFE698} (CWImgUpldAxCtrl Object) - http://www.enterlink.it/enter/wiu/WImgUpld.cab O16 - DPF: {D75CC892-8952-4F6A-B082-FF1103E0D5A7} (WRControlLite.WaveletReader) - http://85.37.96.67/WRControlLite.CAB Ti consiglio anche di fare una scansione con ewido:http://download.ewido.net/ewido-setup.exe e una scansione con il tuo antivirus in modalita' provvisoria dopo aver disattivato il ripristino di sistema. |
|
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 07:47.
