Ho fatto diverse ricerche su file sospetti ma non ho trovato nulla.
E' particolarmente infestato ma alcuni non so se eliminarli.
Chiedo aiuto alla Vs.esperienza e capacità.
- Codice: Seleziona tutto
Logfile of HijackThis v1.99.1
Scan saved at 10:54:09, on 21/03/2005
Platform: Windows NT 4 SP6 (WinNT 4.00.1381)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\spoolss.exe
C:\ATRLS200\ATRLS.EXE
C:\INFORMIX\bin\AdmAgent.exe
C:\INFORMIX\bin\AdmAgent.exe
C:\WINNT\system32\CPQAlert.exe
C:\usr\FGL2C\bin\fglserv.exe
C:\WINNT\System32\mgabg.exe
C:\WINNT\System32\mgasc.exe
C:\WINNT\System32\msgserv.exe
C:\WINNT\System32\mgactrl.exe
C:\ISM\2.20\bin\nsrd.exe
C:\ISM\2.20\bin\nsrexecd.exe
C:\ISM\2.20\bin\portmap.exe
C:\WINNT\system32\RpcSs.exe
C:\WINNT\system32\tapisrv.exe
D:\Programmi\VNC4\WinVNC4.exe
C:\WINNT\system32\rasman.exe
C:\INFORMIX\bin\oninit.exe
C:\INFORMIX\bin\oninit.exe
c:\winnt\system32\pstores.exe
C:\WINNT\system32\MSTask.exe
C:\DMINT40\WIN32\bin\Win32SL.exe
C:\WINNT\System32\esserver.exe
C:\WINNT\System32\nddeagnt.exe
C:\WINNT\System32\SENS.EXE
C:\WINNT\system32\CPQDMI.exe
C:\ISM\2.20\bin\nsrmmdbd.exe
C:\WINNT\Explorer.exe
C:\ISM\2.20\bin\nsrindexd.exe
C:\ISM\2.20\bin\nsrmmd.exe
C:\WINNT\system32\ntvdm.exe
C:\Programmi\PestPatrol\PPMemCheck.exe
C:\Programmi\PestPatrol\PPControl.exe
C:\Programmi\PestPatrol\CookiePatrol.exe
C:\WINNT\System32\SysTray.Exe
C:\BITWARE\NT\bwprnmon.exe
C:\Programmi\File comuni\Microsoft Shared\Works Shared\wkcalrem.exe
D:\WinZip\WZQKPICK.EXE
C:\WINNT\System32\msiexec.exe
C:\WINNT\Profiles\Administrator\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F3 - REG:win.ini: load=
F3 - REG:win.ini: run= lxdboxcp.exe
F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [PPMemCheck] C:\Programmi\PestPatrol\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Programmi\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\Programmi\PestPatrol\CookiePatrol.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - Global Startup: BitWare Print Monitor.lnk = C:\BITWARE\NT\bwprnmon.exe
O4 - Global Startup: Promemoria del Calendario di Microsoft Works.lnk = C:\Programmi\File comuni\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\WinZip\WZQKPICK.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O13 - WWW. Prefix: http://
O23 - Service: IECC Server Agent 3.0 - geconf (agentLoader30-geconf) - Unknown owner - C:\INFORMIX\bin\AgentLoader.exe
O23 - Service: IECC Server Agent 3.0 - geeuro (agentLoader30-geeuro) - Unknown owner - C:\INFORMIX\bin\AgentLoader.exe
O23 - Service: Ataman TCP Remote Logon Services - Unknown owner - C:\ATRLS200\ATRLS.EXE
O23 - Service: pcANYWHERE Host Service (awhost32) - Symantec Corporation - C:\Programmi\pcANYWHERE\awhost32.exe
O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\WINNT\SYSTEM32\CPQAlert.exe
O23 - Service: CPQDMI - Unknown owner - C:\WINNT\SYSTEM32\CPQDMI.exe
O23 - Service: Four J's Licence Service - Unknown owner - C:\usr\FGL2C\bin\fglserv.exe
O23 - Service: Informix Dynamic Server - geconf (geconf) - Unknown owner - C:\INFORMIX\bin\onscpah.exe
O23 - Service: Informix Dynamic Server - geeuro (geeuro) - Unknown owner - C:\INFORMIX\bin\onscpah.exe
O23 - Service: InterbaseGuardian - Unknown owner - C:\Programmi\Interbase Corp\Interbase\Bin\ibguard.exe (file missing)
O23 - Service: InterbaseServer - Unknown owner - C:\Programmi\Interbase Corp\Interbase\Bin\ibserver.exe (file missing)
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\System32\mgabg.exe
O23 - Service: MGACtrl - Martrox Graphics Inc. - C:\WINNT\System32\mgasc.exe
O23 - Service: Informix Dynamic Server Message Service (MsgServ) - Informix Software, Inc. - C:\WINNT\System32\msgserv.exe
O23 - Service: ISM Server (nsrd) - Unknown owner - C:\ISM\2.20\bin\nsrd (file missing)
O23 - Service: ISM Local Execution (nsrexecd) - Unknown owner - C:\ISM\2.20\bin\nsrexecd (file missing)
O23 - Service: IECC VisiBroker 3.0 Osagent (osagent30) - Unknown owner - C:\INFORMIX\bin\osagent.exe
O23 - Service: ISM Portmapper (portmap) - Unknown owner - C:\ISM\2.20\bin\portmap (file missing)
O23 - Service: WIN32SL - Intel - C:\DMINT40\WIN32\bin\Win32SL.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - D:\Programmi\VNC4\WinVNC4.exe" -service (file missing)