Pagina 1 di 1

Scansione con HijackThis S.o.S

MessaggioInviato: lun giu 13, 2005 7:29 pm
da ^GaNdAlF^
Salve a tutti ho fatto una scansione con HijackThis è ho salvato il .log sapreste dirmi che devo eliminare..oppure butto il pc dalla finestra? [:-D]

Logfile of HijackThis v1.99.0
Scan saved at 20.16.38, on 13/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
F:\PROGRAMMI\Norton Antivirus 2005\navapsvc.exe
F:\PROGRAMMI\Norton Antivirus 2005\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Programmi\IPM\Adsl\DataWay\dslstat.exe
C:\WINDOWS\system32\dslagent.exe
C:\Programmi\Mouse\Amoumain.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Programmi\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Programmi\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\ffupvuau.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Programmi\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
F:\PROGRA~1\INCRED~1\INCRED~1\bin\IMApp.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
F:\PROGRAMMI\eMule 0.4\eMule\emule.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Programmi\Messenger\msmsgs.exe
F:\MASTERIZZARE\VARIE\UTILITà\In caso di Hijack\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.aliceadsl.it/home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {4A6ED169-8709-DDCF-7224-AC68AD20EF3E} - (no file)
O2 - BHO: SafeGuard Protect PCShield - {564FFB73-9EEF-4969-92FA-5FC4A92E2C2A} - C:\WINDOWS\System32\sfg_092e.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\PROGRAMMI\Norton Antivirus 2005\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\PROGRAMMI\Norton Antivirus 2005\NavShExt.dll
O4 - HKLM\..\Run: [SBDrvDet] C:\Programmi\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [CTSysVol] C:\Programmi\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Programmi\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [Kazaa Download Accelerator Updater] regsvr32 /s C:\WINDOWS\System32\kdpupd.dll
O4 - HKLM\..\Run: [gqwxqsnpxnybl] C:\WINDOWS\System32\ffupvuau.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_092e.dll"
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\Fanzecco\Dati applicazioni\sgrunt\IE4321.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [IncrediMail] F:\PROGRA~1\INCRED~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ProBassFishing2003.exe] F:\GIOCHI\NUOVAC~1\PROBAS~1.EXE /r
O4 - HKCU\..\Run: [RemoteCenter] C:\Programmi\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_092e.dll"
O4 - HKCU\..\Run: [Skype] "F:\PROGRAMMI\SkypeSetup\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: LG SyncManager.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - F:\PROGRA~1\INCRED~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Alice - {D9108F15-93BA-4BA3-91F0-5E4F913D393F} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O17 - HKLM\System\CCS\Services\Tcpip\..\{632D4E15-3400-4D2C-86E5-F8801379174E}: NameServer = 217.141.249.205 151.99.125.1
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus - Symantec Corporation - F:\PROGRAMMI\Norton Antivirus 2005\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - F:\PROGRAMMI\Norton Antivirus 2005\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - F:\PROGRAMMI\Norton Antivirus 2005\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe



Attendo con tanta ansia...in attesa saluto e ringrazio anticipatamente.. [brindisi]

MessaggioInviato: lun giu 13, 2005 7:56 pm
da blind
elimina questi:

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {4A6ED169-8709-DDCF-7224-AC68AD20EF3E} - (no file)

O2 - BHO: SafeGuard Protect PCShield - {564FFB73-9EEF-4969-92FA-5FC4A92E2C2A} - C:\WINDOWS\System32\sfg_092e.dll

O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe

O4 - HKLM\..\Run: [Kazaa Download Accelerator Updater] regsvr32 /s C:\WINDOWS\System32\kdpupd.dll

O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe

O9 - Extra button: Alice - {D9108F15-93BA-4BA3-91F0-5E4F913D393F} - http://gw.aliceadsl.it/alice (file missing) (HKCU)

poi ci sono altre voci sconoscite.. attendi qualcuno piu esperto..

MessaggioInviato: lun giu 13, 2005 8:03 pm
da ^GaNdAlF^
Grazie 1000 blind...intanto elimino queste...aspetto magari Crazycat che è l'esperto nel campo...speriamo risponda...CARZYYYYYY!!!!! [cry+]

MessaggioInviato: mar giu 14, 2005 11:37 am
da crazy.cat
Crazy la notte dorme (o almeno ci prova...)

Se dicevi anche che problemi hai al pc, almeno non devo tirare a indovinare.

Elimina anche queste il tutto dalla modalità provvisoria.
O2 - BHO: (no name) - {4A6ED169-8709-DDCF-7224-AC68AD20EF3E} - (no file)
O4 - HKLM\..\Run: [gqwxqsnpxnybl] C:\WINDOWS\System32\ffupvuau.exe
O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\Fanzecco\Dati applicazioni\sgrunt\IE4321.exe
O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_092e.dll"
O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_092e.dll"

Questa è strana che sia in esecuzione automatica.
O4 - HKCU\..\Run: [ProBassFishing2003.exe] F:\GIOCHI\NUOVAC~1\PROBAS~1.EXE /r

MessaggioInviato: mar giu 14, 2005 12:43 pm
da ^GaNdAlF^
Hai ragione crazy [:-D] .....xò nn ho problemi di vitale importanza al pc...volevo solo sapere quali file erano strani o a rischio...per eliminarli..
Thanks...gentilissimo come sempre..
Ps: per entrare nella modalità provvisoria che devo dgt all'avvio? [sbigot] [afro]

MessaggioInviato: mar giu 14, 2005 12:52 pm
da crazy.cat
Premi F8 all'avvio fino ad arrivare al menuù dove trovi la modalità provvisoria.
Fatti una scansione con qualche programma antispyware, ci sono alcuni ospiti da eliminare.

MessaggioInviato: mar giu 14, 2005 5:57 pm
da ^GaNdAlF^
Ancora grazie crazy...provo a fare così.
ciao un saluto e a presto. [book]