|
|||||||
|
|
|
 |
|
|
Strumenti |
14-10-2007, 23:03
|
#1 |
|
Junior Member
Iscritto dal: Oct 2007
Città: roma
Messaggi: 27
|
whataboutadog
Ho un problema che non riesco a risolvere.........
mi compare in trusted zone un dominio "fasullo" *.whataboutadog.com e compare un file in C:\WINDOWS\Temp un file che cambia di volta in volta, ora trovo YO4B3F.exe (lo cancello in modalità provvisoria ma ricompare con altro nome). Ho fatto girare un pò di "cose" ma non risolvo il problema.... ccleaner spybot trend micro antispyware AD aware se trend nicro office scan e altro allego log hijackthis Logfile of HijackThis v1.99.1 Scan saved at 23.23.48, on 14/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Officescan NT\ntrtscan.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\Officescan NT\tmlisten.exe C:\WINDOWS\system32\CCM\CcmExec.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Officescan NT\OfcPfwSvc.exe C:\WINDOWS\TEMP\YO4B3F.EXE C:\WINDOWS\Explorer.EXE C:\Officescan NT\pccntmon.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Logitech\Video\ISStart.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Officescan NT\Pop3Trap.exe C:\Program Files\QuickTime\bak\qttask.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft Office Communicator\Communicator.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Alice ti aiuta\bin\mpbtn.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Trend Micro\Tmasy\Tmasy.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\regedit.exe C:\Program Files\Opera\Opera.exe C:\Documents and Settings\00215629\My Documents\hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://noiportal.telecomitalia.it R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Telecom Italia s.p.a. R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Officescan NT\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [PDUiP6220DMon] C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [RUN_PWR_SETTINGS] %windir%\system32\RunUnset.vbs O4 - HKLM\..\Run: [sealmon] C:\Program Files\SealedMedia\sealmon.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\bak\qttask.exe" -atboottime O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe O4 - Global Startup: Alice ti aiuta.lnk = C:\Program Files\Alice ti aiuta\bin\matcli.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: MapiProfileTI.lnk = C:\WINDOWS\MapiProfileTI.vbs O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://noiportal.telecomitalia.it O15 - Trusted Zone: http://organigramma.griffon.local O15 - Trusted Zone: *.griffon.local O15 - Trusted Zone: http://atomwfe1.telecomitalia.it O15 - Trusted Zone: http://atomwfe2.telecomitalia.it O15 - Trusted Zone: http://griffon.ittelecom.open.telecomitalia.it O15 - Trusted Zone: http://griffon.open.telecomitalia.it O15 - Trusted Zone: http://hr.open.telecomitalia.it O15 - Trusted Zone: http://paperless.open.telecomitalia.it O15 - Trusted Zone: http://tils.open.telecomitalia.it O15 - Trusted Zone: http://dwh-o2c.telecomitalia.local O15 - Trusted Zone: http://soa404.telecomitalia.local O15 - Trusted Zone: *.whataboutadog.com O15 - Trusted Zone: http://organigramma.griffon.local (HKLM) O15 - Trusted Zone: *.griffon.local (HKLM) O15 - Trusted Zone: http://atomwfe1.telecomitalia.it (HKLM) O15 - Trusted Zone: http://atomwfe2.telecomitalia.it (HKLM) O15 - Trusted Zone: http://griffon.ittelecom.open.telecomitalia.it (HKLM) O15 - Trusted Zone: http://griffon.open.telecomitalia.it (HKLM) O15 - Trusted Zone: http://hr.open.telecomitalia.it (HKLM) O15 - Trusted Zone: http://paperless.open.telecomitalia.it (HKLM) O15 - Trusted Zone: http://tils.open.telecomitalia.it (HKLM) O15 - Trusted Zone: http://dwh-o2c.telecomitalia.local (HKLM) O15 - Trusted Zone: http://soa404.telecomitalia.local (HKLM) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = telecomitalia.local O17 - HKLM\Software\..\Telephony: DomainName = telecomitalia.local O17 - HKLM\System\CCS\Services\Tcpip\..\{04B7E05C-ECA4-4393-BC1B-FC1B635BA7C4}: NameServer = 156.54.205.68,156.54.17.166 O17 - HKLM\System\CCS\Services\Tcpip\..\{A9FA1FB0-D522-4225-95FD-95A29CD25D01}: NameServer = 85.37.17.16 85.38.28.68 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = telecomitalia.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = telecomitalia.local O17 - HKLM\System\CS1\Services\Tcpip\..\{04B7E05C-ECA4-4393-BC1B-FC1B635BA7C4}: NameServer = 156.54.205.68,156.54.17.166 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = telecomitalia.local O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Officescan NT\ntrtscan.exe O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Officescan NT\OfcPfwSvc.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Officescan NT\tmlisten.exe |
|
|
|
14-10-2007, 23:31
|
#2 | |
|
Bannato
Iscritto dal: Jul 2007
Città: Riverside House
Messaggi: 3333
|
Quote:
Disattiva il Ripristino configurazione di sistema e, per iniziare, fixa tutta questa roba: C:\WINDOWS\TEMP\YO4B3F.EXE O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [RUN_PWR_SETTINGS] %windir%\system32\RunUnset.vbs O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\bak\qttask.exe" –atboottime O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: MapiProfileTI.lnk = C:\WINDOWS\MapiProfileTI.vbs O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O15 - Trusted Zone: *.griffon.local O15 - Trusted Zone: http://atomwfe1.telecomitalia.it O15 - Trusted Zone: http://atomwfe2.telecomitalia.it O15 - Trusted Zone: http://griffon.ittelecom.open.telecomitalia.it O15 - Trusted Zone: http://griffon.open.telecomitalia.it O15 - Trusted Zone: http://hr.open.telecomitalia.it O15 - Trusted Zone: http://paperless.open.telecomitalia.it O15 - Trusted Zone: http://tils.open.telecomitalia.it O15 - Trusted Zone: http://dwh-o2c.telecomitalia.local O15 - Trusted Zone: http://soa404.telecomitalia.local O15 - Trusted Zone: *.whataboutadog.com O15 - Trusted Zone: http://organigramma.griffon.local (HKLM) O15 - Trusted Zone: *.griffon.local (HKLM) O15 - Trusted Zone: http://atomwfe1.telecomitalia.it (HKLM) O15 - Trusted Zone: http://atomwfe2.telecomitalia.it (HKLM) O15 - Trusted Zone: http://griffon.ittelecom.open.telecomitalia.it (HKLM) O15 - Trusted Zone: http://griffon.open.telecomitalia.it (HKLM) O15 - Trusted Zone: http://hr.open.telecomitalia.it (HKLM) O15 - Trusted Zone: http://paperless.open.telecomitalia.it (HKLM) O15 - Trusted Zone: http://tils.open.telecomitalia.it (HKLM) O15 - Trusted Zone: http://dwh-o2c.telecomitalia.local (HKLM) O15 - Trusted Zone: http://soa404.telecomitalia.local (HKLM) Scarica questi software e tool per eseguire una pulizia: CCLEANER: clicca qui per il download una volta installato, lancia il programma, nel menu di sinistra portati alla voce Opzioni e nella finestra successiva clicca su: ● Impostazioni, e spunta la voce Cancellazione sicura (lenta) poi su: ● Avanzate, togli la spunta alla voce Cancella solo file più vecchi di 48 ore ● alla voce Pulizia, spunta tutte le quelle comprese nella sezione Avanzate ● nel menu a sinistra, clicca sulla voce Pulizia, clicca su tasto Avvia Pulizia per eseguire la scansione ● sempre nel menu a sinistra, clicca sulla voce Problemi, clicca sul tasto Trova problemi ed avvia una scansione; al termine della scansione clicca sulla voce Ripara selezionati e prosegui ASQUARED FREE: clicca qui per il download una volta installato, scarica gli aggiornamenti e poi, esegui una scansione del sistema in modalità Deep Scan e rimuovi tutto ciò che viene rilevato con esclusione dei riferimenti a Software, MIrc, fotocamere digitali e/o scanner eventualmente installati. PANDA ANTIROOTKIT: clicca qui per il download Non è necessaria l'installazione (è un tool stand-alone); una volta lanciato, si aggiorna in automatico ed esegue la scansione (ovviamente rimuove tutti gli eventuali rootkit che rileva) ELISTARTA TOOL: clicca qui per il download scorri, fino in fondo, la pagina Web che si aprirà e clicca su Descargar ELISTARTA per scaricare il Tool (per comodità, posizionalo su Desktop) Esegui ELISTARTA TOOL: ● alla prima domanda, rispondi SI ● alla seconda, rispondi SI ● alla terza rispondi NO ● si apre la finestra di scansione, clicca su Explorar ● terminata la scansione, chiudi il Tool e provvedi a riavviare il sistema ● verrà rilasciato un log dal nome infosat.txt in C: (clicca su Risorse del Computer, poi su Disco Locale C: e trovi il log e lo alleghi alla discussione) Annotazione dopo aver rilanciato Internet Explorer, potrebbe rendersi necessario reimpostare la propria pagina Web predefinita aggiorna INTERNET EXPLORER: clicca qui per il download scorri fino in fondo la pagina web, a sinistra devi selezionare il tuo sistema operativo (nel tuo caso sarà Windows XP ServicePack2 e avvii il download aggiorna JAVASUN: ● Start ● Panello di Controllo (se non viene visualizzato in modalità classica, in alto a sinistra clicca sulla voce passa alla visualizzazione classica) ● clicca sulla icona Java per accedere al suo Pannello di controllo ● clicca sulla scheda Aggiornamento e poi sul pulsante Aggiorna adesso Al termine ripubblica un nuovo log di Hthis, perchè non sarà ancora finita. |
|
|
|
|
|
15-10-2007, 07:54
|
#3 |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Dopo aver eseguito la procedura indicata sopra, fai girare questo tool: http://noahdfear.geekstogo.com/FindAWF.exe
copia e incolla qui il log
__________________
Try again and you will be luckier.
|
|
|
|
|
17-10-2007, 00:39
|
#4 |
|
Junior Member
Iscritto dal: Oct 2007
Città: roma
Messaggi: 27
|
primo log
Wed Oct 17 01:19:12 2007 EliStartPage v14.84 (c)2007 S.G.H. / Satinfo S.L. -------------------------------------------------- Lista de Acciones (por Acción Directa): Eliminada Carpeta "%Favoritos%\Software" Wed Oct 17 01:19:46 2007 EliStartPage v14.84 (c)2007 S.G.H. / Satinfo S.L. -------------------------------------------------- Lista de Acciones (por Acción Directa): Restaurado fichero de Configuración del IE, (IERESET.INF) Eliminadas las Paginas de Inicio y de Busqueda del IE Wed Oct 17 01:20:06 2007 EliStartPage v14.84 (c)2007 S.G.H. / Satinfo S.L. -------------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ C:\Program Files\Common Files\Microsoft Shared\Database Replication\WZCNFLCT.EXE --> Eliminado, AutoRun.IZ C:\Program Files\SAP\FrontEnd\Bw\WBKLNCH.EXE --> Eliminado, DollarRevenue (dldr) C:\Program Files\SAP\FrontEnd\SAPgui\SAPSLIDE.OCX --> Eliminado, DollarRevenue (dldr) C:\Program Files\SAP\FrontEnd\SAPgui\VISCARRI.OCX --> Eliminado, DollarRevenue (dldr) Nº Total de Directorios: 6459 Nº Total de Ficheros: 52825 Nº de Ficheros Analizados: 15100 Nº de Ficheros Infectados: 4 Nº de Ficheros Limpiados: 4 log hijackthis Logfile of HijackThis v1.99.1 Scan saved at 1.29.43, on 17/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Officescan NT\ntrtscan.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\Officescan NT\tmlisten.exe C:\WINDOWS\system32\CCM\CcmExec.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Officescan NT\OfcPfwSvc.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\TEMP\RVE266.EXE C:\WINDOWS\Explorer.EXE C:\Officescan NT\pccntmon.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\AGRSMMSG.exe C:\Officescan NT\Pop3Trap.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft Office Communicator\Communicator.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Alice ti aiuta\bin\mpbtn.exe C:\Program Files\Trend Micro\Tmasy\Tmasy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\userinit.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\00215629\My Documents\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Telecom Italia s.p.a. O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Officescan NT\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [PDUiP6220DMon] C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe O4 - HKLM\..\Run: [RUN_PWR_SETTINGS] %windir%\system32\RunUnset.vbs O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe O4 - Global Startup: Alice ti aiuta.lnk = C:\Program Files\Alice ti aiuta\bin\matcli.exe O4 - Global Startup: Bluetooth Manager.lnk.disabled O4 - Global Startup: Kodak EasyShare software.lnk.disabled O4 - Global Startup: MapiProfileTI.lnk = C:\WINDOWS\MapiProfileTI.vbs O4 - Global Startup: WinZip Quick Pick.lnk.disabled O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://noiportal.telecomitalia.it O15 - Trusted Zone: http://organigramma.griffon.local (HKLM) O15 - Trusted Zone: *.griffon.local (HKLM) O15 - Trusted Zone: http://atomwfe1.telecomitalia.it (HKLM) O15 - Trusted Zone: http://atomwfe2.telecomitalia.it (HKLM) O15 - Trusted Zone: http://griffon.ittelecom.open.telecomitalia.it (HKLM) O15 - Trusted Zone: http://griffon.open.telecomitalia.it (HKLM) O15 - Trusted Zone: http://hr.open.telecomitalia.it (HKLM) O15 - Trusted Zone: http://mpa.dg.telecomitalia.it (HKLM) O15 - Trusted Zone: http://paperless.open.telecomitalia.it (HKLM) O15 - Trusted Zone: http://tils.open.telecomitalia.it (HKLM) O15 - Trusted Zone: http://dwh-o2c.telecomitalia.local (HKLM) O15 - Trusted Zone: http://soa404.telecomitalia.local (HKLM) O15 - Trusted IP range: 10.74.27.45 (HKLM) O15 - Trusted IP range: http://10.173.215.15 (HKLM) O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = telecomitalia.local O17 - HKLM\Software\..\Telephony: DomainName = telecomitalia.local O17 - HKLM\System\CCS\Services\Tcpip\..\{04B7E05C-ECA4-4393-BC1B-FC1B635BA7C4}: NameServer = 156.54.205.68,156.54.17.166 O17 - HKLM\System\CCS\Services\Tcpip\..\{A9FA1FB0-D522-4225-95FD-95A29CD25D01}: NameServer = 85.37.17.16 85.38.28.68 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = telecomitalia.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = telecomitalia.local O17 - HKLM\System\CS1\Services\Tcpip\..\{04B7E05C-ECA4-4393-BC1B-FC1B635BA7C4}: NameServer = 156.54.205.68,156.54.17.166 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = telecomitalia.local O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Officescan NT\ntrtscan.exe O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Officescan NT\OfcPfwSvc.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Officescan NT\tmlisten.exe |
|
|
|
|
17-10-2007, 01:15
|
#5 | |
|
Senior Member
Iscritto dal: Feb 2007
Città: Salerno......
Messaggi: 3259
|
Vorrei capire una cosa....questo pc è principalmente per uso aziendale?Poichè dai log vedo portali di telecom italia
ad ogni modo queste sono da fixare Quote:
Importante anche il log di FindAWF Fixa la voce 06 e vedi se ti fà cancellare whataboutadog con relativo temp.
__________________
Opera disabilitazione script ed iframe  Recuperare le proprie password on line. Messenger: massima attenzione ai SITI TRUFFA | GUIDA:ShutdownTimer (Spegnimento auto pc) | Quando il centro sicurezza non riconosce i soft. Guida a Malwarebytes' Anti-Malware = tiemp bell e na volta...
|
|
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 00:33.
