Condividi:        

Problema con virus - trojan (log hijackthis)

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Problema con virus - trojan (log hijackthis)

Postdi Bacillo » 29/05/07 09:21

Ciao, ho bisogno di un aiuto.
Non riesco a debellare sta rogna...potete darmi un aiuto?
Posto qua il log completo di hijackthis ;)

Ci siono delle dll che mi lasciano perplesso, ma ditemi voi.....

ciao e grazie!
Luca

***

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10.08.28, on 29/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\XPinstAGENT.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\logonuser.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\OfficeScan NT\ntrtscan.exe
C:\WINDOWS\system32\RKillSrv.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\OfficeScan NT\tmlisten.exe
C:\WINDOWS\System32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\System32\CCM\CcmExec.exe
C:\Program Files\OfficeScan NT\OfcPfwSvc.exe
D:\TEMP\TL85DB.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\OfficeScan NT\pccntmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\PowerCheck\powerchk.exe
C:\Program Files\Siemens\Card API\bin\siecacst.exe
C:\Program Files\CryptoEx\Common\CexTray.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\CryptoEx\Common\EASServer.exe
D:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
D:\PROGRA~1\MICROS~2\rapimgr.exe
D:\Documents and Settings\ITL37900\Start Menu\Programs\Startup\MSOFFICE.EXE
D:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
D:\HiJackThis_v2.exe
C:\WINDOWS\system32\taskmgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://cms.portal.icn.siemens.it/IT/Ho ... iaHomePage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ep.icn.siemens.it
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Siemens SMC
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.icn.siemens.it
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {27784E9B-66F4-47EE-A7BF-F80994BF4CDB} - C:\WINDOWS\system32\ssqrppq.dll
O2 - BHO: (no name) - {3D10A321-6B7D-48D4-83E2-AC218CAB2464} - C:\WINDOWS\system32\xxyyx.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\kwfjljdn.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [DirXconnect settings] C:\PROGRA~1\SIEMENS\DIRXDI~1\dxdSetup.exe -silent -dxcsettings
O4 - HKLM\..\Run: [CA-Management Monitor] C:\WINDOWS\SYSTEM32\XPinvMON.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [PowerCheck2K] C:\WINNT\PowerCheck\powerchk.exe
O4 - HKLM\..\Run: [PowerCheckXP] C:\WINDOWS\PowerCheck\powerchk.exe
O4 - HKLM\..\Run: [PowerCheck] C:\WINDOWS\PowerCheck\powerchk.exe
O4 - HKLM\..\Run: [SIECACST] C:\Program Files\Siemens\Card API\bin\siecacst.exe
O4 - HKLM\..\Run: [Migrator] "C:\Program Files\CryptoEx\Migrator\Migrator.exe" -StartUp
O4 - HKLM\..\Run: [CryptoExTrayV3] "C:\Program Files\CryptoEx\Common\CexTray.exe" /ShowTrayIcon
O4 - HKLM\..\Run: [REMCON PC-Duo System Snapshot] C:\REMCON\CLBOOT32.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "D:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\qqjosllx.dll",realset
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: MSOFFICE.EXE
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: VPN Client.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferito portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O14 - IERESET.INF: START_PAGE_URL=http://ep.icn.siemens.it
O15 - Trusted Zone: http://cingl0sx.icn.siemens.it
O15 - Trusted Zone: http://dimensions80.icn.siemens.it
O15 - Trusted Zone: http://testdirector.icn.siemens.it
O15 - Trusted Zone: *.siemens.it
O15 - Trusted Zone: http://*.siemens.it
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: *.siemens.it (HKLM)
O15 - Trusted Zone: http://*.siemens.it (HKLM)
O15 - Trusted Zone: http://*.windowsupdate.com (HKLM)
O16 - DPF: {36C0B01C-8031-11D4-A527-00C04F794627} (Merant Dimensions Client for MSIE) - http://dimensions80.icn.siemens.it:8125 ... t700ie.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = icn.siemens.it
O17 - HKLM\Software\..\Telephony: DomainName = icn.siemens.it
O17 - HKLM\System\CCS\Services\Tcpip\..\{020D803F-647D-4A69-ADFF-895CE90DB014}: Domain = icn.siemens.it
O17 - HKLM\System\CCS\Services\Tcpip\..\{302B627A-4988-438B-B39A-B5D5404F5CC8}: Domain = icn.siemens.it
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B7FF829-0D7F-46FA-9B0D-799927FCF904}: Domain = icn.siemens.it
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0A0EBA8-71DD-416D-9D64-08427CD1FF35}: Domain = icn.siemens.it
O17 - HKLM\System\CCS\Services\Tcpip\..\{F706354B-497B-4BBE-9744-B5DC05F0B3B0}: Domain = icn.siemens.it
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBDAACDC-BAB9-4FB2-A6E8-906868D4169D}: Domain = icn.siemens.it
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = icn.siemens.it
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = icn.siemens.it,lab.icnlab.it,it001.siemens.net,siemens.it
O17 - HKLM\System\CS1\Services\Tcpip\..\{020D803F-647D-4A69-ADFF-895CE90DB014}: Domain = icn.siemens.it
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = icn.siemens.it
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = icn.siemens.it,lab.icnlab.it,it001.siemens.net,siemens.it
O17 - HKLM\System\CS2\Services\Tcpip\..\{020D803F-647D-4A69-ADFF-895CE90DB014}: Domain = icn.siemens.it
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = icn.siemens.it,lab.icnlab.it,it001.siemens.net,siemens.it
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: CexTrayWinLogon - C:\Program Files\CryptoEx\Common\CexTrayWinLogon.dll
O20 - Winlogon Notify: ssqrppq - C:\WINDOWS\SYSTEM32\ssqrppq.dll
O20 - Winlogon Notify: winlnu32 - C:\WINDOWS\SYSTEM32\winlnu32.dll
O20 - Winlogon Notify: xxyyx - C:\WINDOWS\system32\xxyyx.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automated Services (AutoExNT) - Unknown owner - C:\WINDOWS\System32\AutoExNT.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CA-Management INSTALLER - Siemens ICM - C:\WINDOWS\System32\XPinstAGENT.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Local Automated Services (LAutoExNT) - Unknown owner - C:\WINDOWS\System32\AutoExNT.exe
O23 - Service: Logon User Service (LogonUserService) - Guardeonic Solutions AG - C:\WINDOWS\system32\logonuser.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\OfcPfwSvc.exe
O23 - Service: Remote Process Killer - Unknown owner - C:\WINDOWS\system32\RKillSrv.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\tmlisten.exe
Bacillo
Newbie
 
Post: 6
Iscritto il: 04/09/06 16:41

Sponsor
 

Postdi Luke57 » 29/05/07 09:59

Ciao, scarica vundofix:
http://www.atribune.org/ccount/click.php?id=4
scaricalo sul desktop

Poi vai qui, scarica avg antispyware:
http://www.ilsoftware.it/querydl.asp?ID=956
installalo e aggiornalo alle ultime definizioni.

fai doppio click su vundofix.exe e clicca su scan for vundo
quando ha finito lo scan clicca su remove vundo
quando ti chiede di rimuovere i file digli di sì
dopo che hai cliccato sì il desktop diventerà bianco e inizierà a rimuovere i file infetti
appena finito ti dirà che riavvierà il pc clicca OK.

Riavvia il PC in modalità provvisoria (premi F8 al boot, prima che si carichi windows, nella schermata grigia che appare scegli modalità provvisoria spostandoti con le freccette e confermando con invio)

Apri hijackthis, premi “do a system scan only”, cerchi e spunti le suddette voci, se sempre presenti:
O2 - BHO: (no name) - {27784E9B-66F4-47EE-A7BF-F80994BF4CDB} - C:\WINDOWS\system32\ssqrppq.dll
O2 - BHO: (no name) - {3D10A321-6B7D-48D4-83E2-AC218CAB2464} - C:\WINDOWS\system32\xxyyx.dll
O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\kwfjljdn.dll
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\qqjosllx.dll",realset
O20 - Winlogon Notify: ssqrppq - C:\WINDOWS\SYSTEM32\ssqrppq.dll
O20 - Winlogon Notify: winlnu32 - C:\WINDOWS\SYSTEM32\winlnu32.dll
O20 - Winlogon Notify: xxyyx - C:\WINDOWS\system32\xxyyx.dll

Premi fix checked.

Cerchi ed limini, se presenti, i seguenti file:
D:\TEMP\TL85DB.EXE
C:\WINDOWS\system32\ssqrppq.dll
C:\WINDOWS\system32\xxyyx.dll
C:\WINDOWS\system32\kwfjljdn.dll
C:\WINDOWS\system32\qqjosllx.dll
C:\WINDOWS\SYSTEM32\winlnu32.dll

Svuota il cestino

Avvia Avg anispyware e fai una scansione completa del computer.

Riavvia in mod. normale e pota nuovo log di controllo.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Postdi Bacillo » 29/05/07 10:56

Luke57 ha scritto:Riavvia in mod. normale e pota nuovo log di controllo.


Intanto ti ringrazio per i consigli.
Avrei un solo problemino, il pc in soggetto è aziendale e so per certo che l'aggiornamento dell'avg me lo rifiuterà...in caso posso usare anche lo spybot che mi fa scaricare l'aggiornamento dal sito?
Bacillo
Newbie
 
Post: 6
Iscritto il: 04/09/06 16:41

Postdi Bacillo » 30/05/07 11:02

Luke57 ha scritto:Riavvia in mod. normale e pota nuovo log di controllo.


Hodovuto fare diverse passate di VundoFix per eliminare tutti i problemi...
Ora sembra esere pulito.....qua il log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12.00.12, on 30/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\System32\XPinstAGENT.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\logonuser.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\OfficeScan NT\ntrtscan.exe
C:\WINDOWS\system32\RKillSrv.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\OfficeScan NT\tmlisten.exe
C:\WINDOWS\System32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\System32\CCM\CcmExec.exe
C:\WINDOWS\System32\AutoExNT.exe
C:\Program Files\OfficeScan NT\OfcPfwSvc.exe
D:\TEMP\FG8A7.EXE
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\OfficeScan NT\pccntmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\PowerCheck\powerchk.exe
C:\Program Files\Siemens\Card API\bin\siecacst.exe
C:\Program Files\CryptoEx\Common\CexTray.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
D:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\CryptoEx\Common\EASServer.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
D:\HiJackThis\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ep.icn.siemens.it
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.icn.siemens.it/
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [DirXconnect settings] C:\PROGRA~1\SIEMENS\DIRXDI~1\dxdSetup.exe -silent -dxcsettings
O4 - HKLM\..\Run: [CA-Management Monitor] C:\WINDOWS\SYSTEM32\XPinvMON.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [PowerCheck2K] C:\WINNT\PowerCheck\powerchk.exe
O4 - HKLM\..\Run: [PowerCheckXP] C:\WINDOWS\PowerCheck\powerchk.exe
O4 - HKLM\..\Run: [PowerCheck] C:\WINDOWS\PowerCheck\powerchk.exe
O4 - HKLM\..\Run: [SIECACST] C:\Program Files\Siemens\Card API\bin\siecacst.exe
O4 - HKLM\..\Run: [Migrator] "C:\Program Files\CryptoEx\Migrator\Migrator.exe" -StartUp
O4 - HKLM\..\Run: [CryptoExTrayV3] "C:\Program Files\CryptoEx\Common\CexTray.exe" /ShowTrayIcon
O4 - HKLM\..\Run: [REMCON PC-Duo System Snapshot] C:\REMCON\CLBOOT32.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "D:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferito portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O15 - Trusted Zone: http://cingl0sx.icn.siemens.it
O15 - Trusted Zone: http://dimensions80.icn.siemens.it
O15 - Trusted Zone: http://ik2sw002.icn.siemens.it
O15 - Trusted Zone: http://testdirector.icn.siemens.it
O16 - DPF: {36C0B01C-8031-11D4-A527-00C04F794627} (Merant Dimensions Client for MSIE) - http://dimensions80.icn.siemens.it:8125 ... t700ie.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = icn.siemens.it
O17 - HKLM\Software\..\Telephony: DomainName = icn.siemens.it
O17 - HKLM\System\CCS\Services\Tcpip\..\{020D803F-647D-4A69-ADFF-895CE90DB014}: Domain = icn.siemens.it
O17 - HKLM\System\CCS\Services\Tcpip\..\{302B627A-4988-438B-B39A-B5D5404F5CC8}: Domain = icn.siemens.it
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B7FF829-0D7F-46FA-9B0D-799927FCF904}: Domain = icn.siemens.it
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0A0EBA8-71DD-416D-9D64-08427CD1FF35}: Domain = icn.siemens.it
O17 - HKLM\System\CCS\Services\Tcpip\..\{F706354B-497B-4BBE-9744-B5DC05F0B3B0}: Domain = icn.siemens.it
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBDAACDC-BAB9-4FB2-A6E8-906868D4169D}: Domain = icn.siemens.it
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = icn.siemens.it
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = icn.siemens.it,lab.icnlab.it,it001.siemens.net,siemens.it
O17 - HKLM\System\CS1\Services\Tcpip\..\{020D803F-647D-4A69-ADFF-895CE90DB014}: Domain = icn.siemens.it
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = icn.siemens.it
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = icn.siemens.it,lab.icnlab.it,it001.siemens.net,siemens.it
O17 - HKLM\System\CS2\Services\Tcpip\..\{020D803F-647D-4A69-ADFF-895CE90DB014}: Domain = icn.siemens.it
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = icn.siemens.it,lab.icnlab.it,it001.siemens.net,siemens.it
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: CexTrayWinLogon - C:\Program Files\CryptoEx\Common\CexTrayWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automated Services (AutoExNT) - Unknown owner - C:\WINDOWS\System32\AutoExNT.exe
O23 - Service: CA-Management INSTALLER - Siemens ICM - C:\WINDOWS\System32\XPinstAGENT.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Local Automated Services (LAutoExNT) - Unknown owner - C:\WINDOWS\System32\AutoExNT.exe
O23 - Service: Logon User Service (LogonUserService) - Guardeonic Solutions AG - C:\WINDOWS\system32\logonuser.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\OfcPfwSvc.exe
O23 - Service: Remote Process Killer - Unknown owner - C:\WINDOWS\system32\RKillSrv.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - d:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - d:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\tmlisten.exe
Bacillo
Newbie
 
Post: 6
Iscritto il: 04/09/06 16:41

Postdi Luke57 » 30/05/07 11:31

Ciao, è vero, semmai questo file:
D:\TEMP\TL85DB.EXE
per caso ha il simbolo di un cagnolino? In tal caso dovrenbbe essere riferito a Trendmicro.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Postdi Bacillo » 07/06/07 15:00

Luke57 ha scritto:Ciao, è vero, semmai questo file:
D:\TEMP\TL85DB.EXE
per caso ha il simbolo di un cagnolino? In tal caso dovrenbbe essere riferito a Trendmicro.


Sisi, quello è il file del trend micro..... :D
Lo abbiamo su tutti i pc in ufficio....personalmente non lo trovo un granchè, ma magari sbaglio io ;)

grazie mille per l'aiuto!
Bacillo
Newbie
 
Post: 6
Iscritto il: 04/09/06 16:41


Torna a Sicurezza e Privacy


Topic correlati a "Problema con virus - trojan (log hijackthis)":

Problema con il mouse
Autore: crisge73
Forum: Discussioni
Risposte: 9

Chi c’è in linea

Visitano il forum: Nessuno e 43 ospiti