Condividi:        

Trojan che non si elimina

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Trojan che non si elimina

Postdi mary77 » 02/12/08 18:47

Salve, da una scansione on line è emerso che il mio pc ha un trojan (tra l'altro è lentissimo), ma non so come eliminarlo.
Posto il file log di hijack e attendo vostri consigli, grazie!

Logfile of HijackThis v1.99.1
Scan saved at 18.46.26, on 02/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Officescan NT\ntrtscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Officescan NT\tmlisten.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Officescan NT\CNTAoSMgr.exe
C:\WINDOWS\TEMP\HQ1D84.EXE
C:\WINDOWS\Explorer.EXE
C:\Officescan NT\pccntmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\SealedMedia\sealmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\07029536\My Documents\TomTom\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\07029536\Local Settings\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61005
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=61005
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=61005
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Telecom Italia s.p.a.
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Officescan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [sealmon] C:\Program Files\SealedMedia\sealmon.exe
O4 - HKLM\..\Run: [RUN_PWR_SETTINGS] %windir%\system32\RunSet-1.2.vbs
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [RUN_FIRMA_TEMPLATE] %windir%\system32\firma_templates.vbs
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Documents and Settings\07029536\My Documents\TomTom\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: MapiProfileTI.lnk = C:\WINDOWS\MapiProfileTI.vbs
O4 - Global Startup: SecurityBar2003.vbs
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://noiportal.telecomitalia.it
O15 - Trusted Zone: http://organigramma.griffon.local
O15 - Trusted Zone: *.griffon.local
O15 - Trusted Zone: http://atomwfe1.telecomitalia.it
O15 - Trusted Zone: http://atomwfe2.telecomitalia.it
O15 - Trusted Zone: http://griffon.ittelecom.open.telecomitalia.it
O15 - Trusted Zone: http://griffon.open.telecomitalia.it
O15 - Trusted Zone: http://hr.open.telecomitalia.it
O15 - Trusted Zone: http://mpa.dg.telecomitalia.it
O15 - Trusted Zone: http://mpad.dg.telecomitalia.it
O15 - Trusted Zone: http://mpaf.dg.telecomitalia.it
O15 - Trusted Zone: http://paperless.open.telecomitalia.it
O15 - Trusted Zone: http://tils.open.telecomitalia.it
O15 - Trusted Zone: http://dwh-o2c.telecomitalia.local
O15 - Trusted Zone: http://soa404.telecomitalia.local
O15 - Trusted Zone: http://organigramma.griffon.local (HKLM)
O15 - Trusted Zone: *.griffon.local (HKLM)
O15 - Trusted Zone: http://atomwfe1.telecomitalia.it (HKLM)
O15 - Trusted Zone: http://atomwfe2.telecomitalia.it (HKLM)
O15 - Trusted Zone: http://griffon.ittelecom.open.telecomitalia.it (HKLM)
O15 - Trusted Zone: http://griffon.open.telecomitalia.it (HKLM)
O15 - Trusted Zone: http://hr.open.telecomitalia.it (HKLM)
O15 - Trusted Zone: http://paperless.open.telecomitalia.it (HKLM)
O15 - Trusted Zone: http://tils.open.telecomitalia.it (HKLM)
O15 - Trusted Zone: http://dwh-o2c.telecomitalia.local (HKLM)
O15 - Trusted Zone: http://soa404.telecomitalia.local (HKLM)
O15 - Trusted IP range: 10.74.27.45
O15 - Trusted IP range: http://10.74.27.45
O15 - Trusted IP range: http://10.173.215.15
O15 - Trusted IP range: http://10.173.50.7
O15 - Trusted IP range: 10.74.27.45 (HKLM)
O15 - Trusted IP range: http://10.74.27.45 (HKLM)
O15 - Trusted IP range: http://10.173.215.15 (HKLM)
O15 - Trusted IP range: http://10.173.50.7 (HKLM)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = telecomitalia.local
O17 - HKLM\Software\..\Telephony: DomainName = telecomitalia.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{166468D2-0542-4C0B-AFB2-FD9011E5AD42}: Domain = telecomitalia.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CC74C13-DBE6-491B-9B23-D9EF55783752}: NameServer = 85.37.17.10 85.38.28.86
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = telecomitalia.local
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Servizio di configurazione Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Officescan NT\ntrtscan.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Officescan NT\tmlisten.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Officescan NT\TmProxy.exe
mary77
Newbie
 
Post: 5
Iscritto il: 03/09/07 15:13

Sponsor
 

Re: Trojan che non si elimina

Postdi MIKI68 » 03/12/08 16:12

Ciao fixia queste voci:
O4 - HKLM\..\Run: [RUN_PWR_SETTINGS] %windir%\system32\RunSet-1.2.vbs
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RUN_FIRMA_TEMPLATE] %windir%\system32\firma_templates.vbs
O4 - Global Startup: MapiProfileTI.lnk = C:\WINDOWS\MapiProfileTI.vbs
O4 - Global Startup: SecurityBar2003.vbs
015 - Trusted Zone: http://organigramma.griffon.local
O15 - Trusted Zone: *.griffon.local
O15 - Trusted Zone: http://organigramma.griffon.local (HKLM)
O15 - Trusted Zone: *.griffon.local (HKLM)
O15 - Trusted IP range: 10.74.27.45
Togli tutti quelli che hanno questo ip specie se non li conosci
O15 - Trusted IP range: 10.74.27.45 (HKLM)
poi fai una pulizia con cclaner e riavvia e vedi se va meglio il pc
Trucchi e impostazioni per un computer sempre efficiente http://miki68news.blogspot.com/
Avatar utente
MIKI68
Utente Senior
 
Post: 1732
Iscritto il: 17/10/08 15:26
Località: Bari


Torna a Sicurezza e Privacy


Topic correlati a "Trojan che non si elimina":


Chi c’è in linea

Visitano il forum: Nessuno e 87 ospiti

cron