Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

log HijackThis

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

log HijackThis

Messaggioda thomas » mar mar 06, 2007 1:38 pm

Come odio i pc con windows... come odio chi mi chiama quando c'è qualcosa che non va...

Ho già tirato via l'evidente, ma controllatemi per favore se manca qualcosa

Logfile of HijackThis v1.99.1
Scan saved at 12.32.57, on 06/03/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\llssrv.exe
C:\WINNT\system32\ntfrs.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\system32\stisvc.exe
C:\Programmi\TapeWare\TWWINSDR.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wins.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\tcpsvcs.exe
C:\WINNT\System32\dns.exe
C:\WINNT\system32\msdtc.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Exif Launcher\QuickDCF.exe
C:\Programmi\CASIO\Photo Loader\Plauto.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINNT\system32\wuauclt.exe
C:\Programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\Java\jre1.5.0_10\bin\jucheck.exe
C:\WINNT\system32\svchost.exe
C:\Documents and Settings\prova\Impostazioni locali\Temp\IOControl.exe
C:\Documents and Settings\prova\Impostazioni locali\Temporary Internet Files\Content.IE5\ATA5UTG7\porno[1].exe
C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE
C:\ACUCBL31\bin\wrun32.exe
C:\Documents and Settings\prova\Dati applicazioni\faretoraci\sysvmtrs.exe
C:\Documents and Settings\prova\Desktop\Thomas\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar4.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Systems] C:\WINNT\system32\sysmon.exe
O4 - HKLM\..\Run: [euoai] C:\Documents and Settings\prova\Dati applicazioni\faretoraci\sysvmtrs.exe
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe
O4 - Global Startup: Photo Loader residente.lnk = C:\Programmi\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O15 - Trusted Zone: www.adslconnection.name
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.contentdiscount.info
O15 - Trusted Zone: www.extremeaccess.info
O15 - Trusted Zone: www.softlab.name
O15 - Trusted Zone: www.xxx-content.name
O15 - Trusted Zone: *.“›‚Ÿ”‚ÿÕ‹÷“‰„‚¢ó◊‘’À”ÓÓÙ
O15 - Trusted Zone: *.›ÏÊ◊““∆ƒ∆»ÿʰó◊‘’À”ÓÓÙ
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8245052468
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.hotbar.com/installs/hbt ... btools.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {CEF3AA94-1B8A-4FDC-91A6-77CBE2981BD2} (diAuthClientWC.AuthClient) - http://www.servizi.comune.parma.it/sso/ ... ientWC.CAB
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://www.softlab.name/rnd_soft.php
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pifonet.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{268CEC31-5518-445C-B20A-2AB7B336C9D2}: NameServer = 212.216.112.112
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pifonet.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = pifonet.local
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Commander Service - Seagull Scientific, Inc - C:\Programmi\Seagull\BarTender\7.72\CmdrSrv.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TapeWare - Unknown owner - C:\Programmi\TapeWare\TWWINSDR.EXE


[cry]
"Am too late to get too high to get, too late to wash my face and hands "
Mr Hudson and the Library - Too Late Too Late
Avatar utente
thomas
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 6858
Iscritto il: mer lug 09, 2003 6:30 pm
Località: Parma

Re: log HijackThis

Messaggioda crazy.cat » mar mar 06, 2007 2:11 pm

Questo lo conosci?
C:\ACUCBL31\bin\wrun32.exe

Da quanto non vedevo il winmovie plugin dialer.
Cancella righe e file indicati.
Vedo anche un Hotbar, se in Ie ha barre e icone strane lo puoi ripulire con una scansione di A2 squared, che è meglio se la fai perché ha scaricato anche vari dialer.
Pulisci i temp e i temporanei di internet con ccleaner

C:\Documents and Settings\prova\Impostazioni locali\Temp\IOControl.exe
C:\Documents and Settings\prova\Impostazioni locali\Temporary Internet Files\Content.IE5\ATA5UTG7\porno[1].exe
C:\Documents and Settings\prova\Dati applicazioni\faretoraci\sysvmtrs.exe
O4 - HKLM\..\Run: [Systems] C:\WINNT\system32\sysmon.exe
O4 - HKLM\..\Run: [euoai] C:\Documents and Settings\prova\Dati applicazioni\faretoraci\sysvmtrs.exe
O15 - Trusted Zone: www.adslconnection.name
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.contentdiscount.info
O15 - Trusted Zone: www.extremeaccess.info
O15 - Trusted Zone: www.softlab.name
O15 - Trusted Zone: www.xxx-content.name
O15 - Trusted Zone: *.“›‚Ÿ”‚ÿÕ‹÷“‰„‚¢ó◊‘’À”ÓÓÙ
O15 - Trusted Zone: *.›ÏÊ◊““∆ƒ∆»ÿʰó◊‘’À”ÓÓÙ
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.hotbar.com/installs/hbt ... btools.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://www.softlab.name/rnd_soft.php
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: log HijackThis

Messaggioda thomas » mar mar 06, 2007 2:16 pm

crazy.cat ha scritto:Questo lo conosci?
C:\ACUCBL31\bin\wrun32.exe
si si

crazy.cat ha scritto:Cancella righe e file indicati.


ok, me ne erano scappate solo due.

grazie mille marco
"Am too late to get too high to get, too late to wash my face and hands "
Mr Hudson and the Library - Too Late Too Late
Avatar utente
thomas
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 6858
Iscritto il: mer lug 09, 2003 6:30 pm
Località: Parma


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 11 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising