Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

hijackthis.log

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

hijackthis.log

Messaggioda LOG » lun ott 30, 2006 12:33 am

vi allego il mio hijackthis.log se qualcuno volenteroso è disposto a darci un occhiata gli sarei davevro grato. grazie in anticipo

Logfile of HijackThis v1.99.1
Scan saved at 0.30.39, on 30/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
L:\APPLZ OS-SECURITY\ANTIVIRUS\Avast 4\aswUpdSv.exe
L:\APPLZ OS-SECURITY\ANTIVIRUS\Avast 4\ashServ.exe
C:\WINDOWS\system32\hfp.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
L:\APPLZ OS-SECURITY\FILESMANAGER\WatchDog\wdserver.exe
L:\APPLZ OS-SECURITY\ANTIVIRUS\Avast 4\ashMaiSv.exe
L:\APPLZ OS-SECURITY\ANTIVIRUS\Avast 4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
L:\APPLZ OS-SECURITY\NOSPAM\Spamihilator\spamihilator.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
L:\DOWNLOAD MANAGER\Star Downloader\stardown.exe
C:\WINDOWS\Explorer.EXE
L:\APPLZ OS-SECURITY\REGISTRY AND OS UTILITY\HijackThis Registry Doubt Monitoring\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://arianna.libero.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp.rossoalice.alice.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.libero.it
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - L:\ALTRI\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Programmi\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - L:\DOWNLO~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Programmi\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [avast!] "L:\APPLZ OS-SECURITY\ANTIVIRUS\Avast 4\ashDisp.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [Spamihilator] "L:\APPLZ OS-SECURITY\NOSPAM\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [BrowserSentinel2] "L:\APPLZ OS-SECURITY\REGISTRY AND OS UTILITY\Browser Sentinel 2, hijack, spyware, adware, trojan, viruses, keyloggers protection for IT professionals\BrowserSentinel.exe" -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Accoda in Star Downloader - L:\DOWNLOAD MANAGER\Star Downloader\sdieenq.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link to &MidpX - C:\Programmi\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
O8 - Extra context menu item: Salva oggetto con Star Downloader - L:\DOWNLOAD MANAGER\Star Downloader\sdie.htm
O8 - Extra context menu item: Salva tutti gli oggetti con Star Downloader - L:\DOWNLOAD MANAGER\Star Downloader\leechie.htm
O8 - Extra context menu item: Save Flash - res://L:\ALTRI\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: Sothink SWF Catcher - C:\Programmi\File comuni\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - L:\GAMES\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - L:\GAMES\Titan Poker\casino.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programmi\File comuni\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programmi\File comuni\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - L:\ALTRI\Flash Saving Plugin\FlashSButton.dll (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.libero.it
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0847B5C0-83AB-4DAD-94DD-01D777C1FB3A}: NameServer = 85.37.17.9 85.38.28.75
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0812.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0812.00.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - L:\APPLZ OS-SECURITY\ANTIVIRUS\Avast 4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - L:\APPLZ OS-SECURITY\ANTIVIRUS\Avast 4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - L:\APPLZ OS-SECURITY\ANTIVIRUS\Avast 4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - L:\APPLZ OS-SECURITY\ANTIVIRUS\Avast 4\ashWebSv.exe" /service (file missing)
O23 - Service: HFP Service (hfprog) - Unknown owner - C:\WINDOWS\system32\hfp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - L:\APPLZ 3D\3D STUDIO MAX\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: WatchDog Network Server (wdserver) - None - L:\APPLZ OS-SECURITY\FILESMANAGER\WatchDog\wdserver.exe
Avatar utente
LOG
Senior Member
Senior Member
 
Messaggi: 391
Iscritto il: gio giu 22, 2006 5:45 pm

Messaggioda crazy.cat » lun ott 30, 2006 8:22 am

Tranne qualche programma non molto chiaro, ma forse buono, non si vede niente di pericoloso.
Li conosci questi?
O2 - BHO: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Programmi\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Programmi\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - L:\GAMES\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - L:\GAMES\Titan Poker\casino.exe

Che problemi hai?
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda LOG » mar ott 31, 2006 7:56 pm

ora dovrebbero esser andati via..
dacci un occhiata per favore, crazy..
grazie ancora. [:-D]

Logfile of HijackThis v1.99.1
Scan saved at 19.55.10, on 31/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
L:\APPLZ OS-SECURITY\ANTIVIRUS\Avast 4\aswUpdSv.exe
L:\APPLZ OS-SECURITY\ANTIVIRUS\Avast 4\ashServ.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
L:\APPLZ OS-SECURITY\ANTIVIRUS\Avast 4\ashMaiSv.exe
L:\APPLZ OS-SECURITY\ANTIVIRUS\Avast 4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
L:\APPLZ OS-SECURITY\ANTIVIRUS\Avast 4\ashDisp.exe
L:\APPLZ OS-SECURITY\NOSPAM\Spamihilator\spamihilator.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
L:\BROWSERS\Firefox\firefox.exe
C:\Programmi\Outlook Express\msimn.exe
L:\APPLZ OS-SECURITY\REGISTRY AND OS UTILITY\HijackThis Registry Doubt Monitoring\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://arianna.libero.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp.rossoalice.alice.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.libero.it
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - L:\ALTRI\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - L:\DOWNLO~1\STARDO~1\SDIEInt.dll
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [avast!] "L:\APPLZ OS-SECURITY\ANTIVIRUS\Avast 4\ashDisp.exe"
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [Spamihilator] "L:\APPLZ OS-SECURITY\NOSPAM\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [BrowserSentinel2] "L:\APPLZ OS-SECURITY\REGISTRY AND OS UTILITY\Browser Sentinel 2, hijack, spyware, adware, trojan, viruses, keyloggers protection for IT professionals\BrowserSentinel.exe" -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Accoda in Star Downloader - L:\DOWNLOAD MANAGER\Star Downloader\sdieenq.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link to &MidpX - C:\Programmi\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
O8 - Extra context menu item: Salva oggetto con Star Downloader - L:\DOWNLOAD MANAGER\Star Downloader\sdie.htm
O8 - Extra context menu item: Salva tutti gli oggetti con Star Downloader - L:\DOWNLOAD MANAGER\Star Downloader\leechie.htm
O8 - Extra context menu item: Save Flash - res://L:\ALTRI\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: Sothink SWF Catcher - C:\Programmi\File comuni\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - L:\ALTRI\Flash Saving Plugin\FlashSButton.dll (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.libero.it
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0847B5C0-83AB-4DAD-94DD-01D777C1FB3A}: NameServer = 85.37.17.9 85.38.28.75
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0812.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0812.00.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - L:\APPLZ OS-SECURITY\ANTIVIRUS\Avast 4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - L:\APPLZ OS-SECURITY\ANTIVIRUS\Avast 4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - L:\APPLZ OS-SECURITY\ANTIVIRUS\Avast 4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - L:\APPLZ OS-SECURITY\ANTIVIRUS\Avast 4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
Avatar utente
LOG
Senior Member
Senior Member
 
Messaggi: 391
Iscritto il: gio giu 22, 2006 5:45 pm

Messaggioda crazy.cat » mer nov 01, 2006 12:51 pm

Il log basta che lo incolli nella discussione, non serve che lo rinomini e poi lo alleghi.

Adesso è pulito, visto che hai eliminato tutto suppongo non sapessi cosa fossero quelle cose che ti ho segnalato.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Messaggioda LOG » mer nov 01, 2006 4:11 pm

[:-D] qualcosa si qualcosa no..
Avatar utente
LOG
Senior Member
Senior Member
 
Messaggi: 391
Iscritto il: gio giu 22, 2006 5:45 pm


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Majestic-12 [Bot] e 3 ospiti

cron
Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising