Discussione: [risolto][win2000 SP4] aa.exe
View Single Post
Old 22-11-2007, 07:30   #4
GiulioM
Senior Member
 
L'Avatar di GiulioM
 
Iscritto dal: May 2001
Città: Prov. di Alessandria
Messaggi: 1842
Ciao

Prevx CSI trova appunto c:/aa.exe che è un backdoor.1053.A

Fine assassin potrebbe esere una soluzione ma devo capire come si chiama realmente il file perchè aa.exe non si trova da nessuna parte

Hijackthis credo sia pulito

Codice:
Logfile of HijackThis v1.98.0
Scan saved at 8.39.09, on 22/11/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
D:\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\svchost.exe
C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\giuliano\Desktop\PREVXCSIFREE.EXE
C:\Temp\Tmp___6634\prevxcsi.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
D:\hjthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 64.71.141.137:1813
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O8 - Extra context menu item: Download using Download &Express - file://C:\Programmi\Download Express\Add_Url.htm
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-48.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C7A28E3-CC08-494E-BA37-96B31C2A6808}: NameServer = 85.37.17.41 85.38.28.83
grazie
__________________
PC1: p4 2400bus 800/ IC7 / 1GB ddr 400 / XFX 7600GT 256mb DDR3 / Maxtor 60gb /ali 400w/ Hitachi 174sxw
PC2: p3 700 / BE6 / 512 sdr / POV MX2 400 /Quantum 20gb/Philips 107e/ alice 640
PC3: Acer TM292ELC Celeron M 1,3ghz / 256 ddr / Intel Extreme2 / Hd 40 gb / Combo DvD-CD / lcd 15"
Ultima modifica di xcdegasp : 22-11-2007 alle 23:13.
GiulioM è offline   Rispondi citando il messaggio o parte di esso