Discussione: Analizzare un log di hijackthis da soli
View Single Post
Old 27-08-2004, 23:22   #17
iron84
Senior Member
 
L'Avatar di iron84
 
Iscritto dal: Feb 2004
Cittā: /media/ValSusa
Messaggi: 3601
So di aver letto in un tread che si diceva che se non si hanno problemi con il computer di non

postare log di hijackthis. Io a perte che qualche volta crasha Explorer o si blocca wmplayer non ho

grossi problemi, ma penso che si tratti per il fatto che devo formattare e quindi non mi preoccupo.
Il fatto č che adesso, appunto prima di formattare, stavo sperimentando un po di cose tra le quali

questa della sicurezza.
Ho usato poi spybot.
Ora vi posto il log prima e poi, di seguito ci metto quello "pulito da me". (Devo ancora eliminare

DAP) per vedere se ho fatto un buon lavoro e quindi, se tutto va bene dovrei riuscire a cavarmela da

solo senza abusare del vostro tempo.

Le mie domande sono:
1) Come mai DAP e Statbar vengono considerati spyware?
2) Cos'č secondo voi quel processo attivo rundll32.exe? Non mi sembra sia zozzeria di win.
3) Non so cosa corrisponde questa riga => F:\WINDOWS\downlo~1\f4bwd1g\jvxtf2.exe





Logfile of HijackThis v1.98.2
Scan saved at 18.49.00, on 15/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Programmi\Sygate\SPF\smc.exe
F:\WINDOWS\Explorer.EXE
F:\Documents and Settings\Diego\Desktop\RedLine\Taskbar.exe
F:\programmi\ASUS\AsusProb.exe
F:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
F:\SCANJET\PrecisionScanLT\hppwrsav.exe
F:\Programmi\File comuni\Real\Update_OB\realsched.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
F:\Programmi\QuickTime\qttask.exe
F:\PROGRA~1\NORTON~1\navapw32.exe
F:\Programmi\Elaborate Bytes\CloneCD\CloneCDTray.exe
F:\Programmi\D-Tools\daemon.exe
F:\PROGRAMMI\EASY FILE PROTECTOR\EFPA.exe
F:\WINDOWS\System32\rundll32.exe
F:\Programmi\File comuni\Nokia\NCLTools\NclTray.exe
F:\Programmi\Nokia\Nokia PC Suite 5\DataLayer.exe
C:\sj652\hpupdate.exe
F:\Programmi\Messenger\msmsgs.exe
F:\Programmi\ATI Multimedia\RemCtrl\ATIX10.exe
F:\Programmi\ATI Multimedia\main\ATISched.EXE
F:\Programmi\vmtu\VMTU.Exe
F:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
F:\Programmi\File comuni\Nokia\Services\ServiceLayer.exe
F:\WINDOWS\System32\Ati2evxx.exe
F:\WINDOWS\System32\rundll32.exe
F:\Programmi\Digisoft AntiDialer\AntiDialer.exe
F:\WINDOWS\downlo~1\f4bwd1g\jvxtf2.exe
F:\Documents and Settings\Diego\Desktop\redline\gameutil.exe
F:\Programmi\SEC\Natural Color\NaturalColorLoad.exe
F:\Programmi\Norton AntiVirus\navapsvc.exe
F:\Programmi\Palick Soft\SIGuardian\SIGuardian.exe
F:\Programmi\Globe Software\StatBar\StatBar.exe
F:\Programmi\File comuni\Real\Update_OB\rnathchk.exe
F:\Documents and Settings\Diego\Impostazioni locali\Temp\HijackThis.exe
F:\Programmi\Expert System\PlanetGate Trio\Point&Go.exe
F:\Programmi\Expert System\PlanetGate Trio\txtuser.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - F:\Programmi\DAP\DAPBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programmi\Adobe\Acrobat

5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -

F:\Programmi\NewDotNet\newdotnet6_22.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Programmi\Norton

AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Programmi\Norton

AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - F:\Programmi\DAP\DAPIEBar.dll
O3 - Toolbar: (no name) - {31D1CA78-F919-4198-8DA5-AB6F44E4AB28} - (no file)
O3 - Toolbar: UCmore - The Search Accelerator Toolbar - {44BE0690-5429-47f0-85BB-3FFD8020233E} -

F:\Programmi\TheSearchAccelerator\UCMTSAIE.dll
O4 - HKLM\..\Run: [RedLine Taskbar] F:\Documents and Settings\Diego\Desktop\RedLine\Taskbar.exe
O4 - HKLM\..\Run: [ASUS Probe] f:\programmi\ASUS\AsusProb.exe
O4 - HKLM\..\Run: [EM_EXEC] F:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [hppwrsav] F:\SCANJET\PrecisionScanLT\hppwrsav.exe
O4 - HKLM\..\Run: [TkBellExe] F:\Programmi\File comuni\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [ATIPTA] F:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "F:\Programmi\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [NAV Agent] F:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "F:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "F:\Programmi\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [Prozrachnaya2.exe] F:\Programmi\DBSOFT\PYE.exe
O4 - HKLM\..\Run: [mspwr] F:\WINDOWS\System32\pwrupst.exe
O4 - HKLM\..\Run: [PCXLSE] F:\Programmi\PCAccel6000\pcaccel.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 F:\PROGRA~1\NewDotNet\newdotnet6_22.dll,NewDotNetStartup
O4 - HKLM\..\Run: [RVP] "F:\Programmi\RVP\bpc.e*e"
O4 - HKLM\..\Run: [webHancer Survey Companion] "F:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [SmcService] F:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Nokia Tray Application] F:\Programmi\File comuni\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [DataLayer] F:\Programmi\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [HP Update 3400C] C:\sj652\hpupdate.exe 3400C
O4 - HKCU\..\Run: [MSMSGS] "F:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ATI Remote Control] F:\Programmi\ATI Multimedia\RemCtrl\ATIX10.exe
O4 - HKCU\..\Run: [ATI Scheduler] F:\Programmi\ATI Multimedia\main\ATISched.EXE
O4 - HKCU\..\Run: [WashAndGo - Cleanup of old Backupfiles] "F:\Programmi\WashAndGo\checker.exe

/check"
O4 - HKCU\..\Run: [VMTU] F:\Programmi\vmtu\VMTU.Exe
O4 - Startup: SIGuardian.lnk = F:\Programmi\Palick Soft\SIGuardian\SIGuardian.exe
O4 - Startup: StatBarr.lnk = F:\Programmi\Globe Software\StatBar\StatBar.exe
O4 - Global Startup: Acrobat Assistant.lnk = F:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = F:\Programmi\File comuni\Adobe\Calibration\Adobe

Gamma Loader.exe
O4 - Global Startup: Digisoft AntiDialer.lnk = F:\Programmi\Digisoft AntiDialer\AntiDialer.exe
O4 - Global Startup: gameutil.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = F:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: &Download with &DAP - F:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - F:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - F:\Programmi\ATI

Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - F:\PROGRA~1\DAP\DAP.EXE
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: F:\Programmi\Internet Explorer\Plugins\NPDocBox.dll


=====================================================================================
Dopo la pulizia

Logfile of HijackThis v1.98.2
Scan saved at 23.51.49, on 27/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Programmi\Sygate\SPF\smc.exe
F:\WINDOWS\Explorer.EXE
F:\Documents and Settings\Diego\Desktop\RedLine\Taskbar.exe
F:\programmi\ASUS\AsusProb.exe
F:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
F:\SCANJET\PrecisionScanLT\hppwrsav.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Programmi\File comuni\Real\Update_OB\realsched.exe
F:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
F:\Programmi\QuickTime\qttask.exe
F:\PROGRA~1\NORTON~1\navapw32.exe
F:\Programmi\Elaborate Bytes\CloneCD\CloneCDTray.exe
F:\PROGRAMMI\EASY FILE PROTECTOR\EFPA.exe
F:\Programmi\D-Tools\daemon.exe
F:\Programmi\File comuni\Nokia\NCLTools\NclTray.exe
F:\Programmi\Nokia\Nokia PC Suite 5\DataLayer.exe
F:\Programmi\Messenger\msmsgs.exe
F:\Programmi\ATI Multimedia\RemCtrl\ATIX10.exe
F:\Programmi\ATI Multimedia\main\ATISched.EXE
F:\WINDOWS\System32\Ati2evxx.exe
F:\Programmi\File comuni\Nokia\Services\ServiceLayer.exe
F:\Programmi\vmtu\VMTU.Exe
F:\WINDOWS\downlo~1\f4bwd1g\jvxtf2.exe
F:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
F:\Programmi\Digisoft AntiDialer\AntiDialer.exe
F:\Documents and Settings\Diego\Desktop\redline\gameutil.exe
F:\WINDOWS\System32\rundll32.exe
F:\Programmi\SEC\Natural Color\NaturalColorLoad.exe
F:\Programmi\Norton AntiVirus\navapsvc.exe
F:\Programmi\Palick Soft\SIGuardian\SIGuardian.exe
F:\Programmi\Globe Software\StatBar\StatBar.exe
F:\Documents and Settings\Diego\Impostazioni locali\Temp\HijackThis.exe

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - F:\Programmi\DAP\DAPBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programmi\Adobe\Acrobat

5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\Spybot - Search &

Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Programmi\Norton

AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Programmi\Norton

AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - F:\Programmi\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [RedLine Taskbar] F:\Documents and Settings\Diego\Desktop\RedLine\Taskbar.exe
O4 - HKLM\..\Run: [ASUS Probe] f:\programmi\ASUS\AsusProb.exe
O4 - HKLM\..\Run: [EM_EXEC] F:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [hppwrsav] F:\SCANJET\PrecisionScanLT\hppwrsav.exe
O4 - HKLM\..\Run: [TkBellExe] F:\Programmi\File comuni\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [ATIPTA] F:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "F:\Programmi\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [NAV Agent] F:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "F:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "F:\Programmi\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [mspwr] F:\WINDOWS\System32\pwrupst.exe
O4 - HKLM\..\Run: [PCXLSE] F:\Programmi\PCAccel6000\pcaccel.exe
O4 - HKLM\..\Run: [SmcService] F:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Nokia Tray Application] F:\Programmi\File comuni\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [DataLayer] F:\Programmi\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKCU\..\Run: [MSMSGS] "F:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ATI Remote Control] F:\Programmi\ATI Multimedia\RemCtrl\ATIX10.exe
O4 - HKCU\..\Run: [ATI Scheduler] F:\Programmi\ATI Multimedia\main\ATISched.EXE
O4 - HKCU\..\Run: [WashAndGo - Cleanup of old Backupfiles] "F:\Programmi\WashAndGo\checker.exe

/check"
O4 - HKCU\..\Run: [VMTU] F:\Programmi\vmtu\VMTU.Exe
O4 - Startup: SIGuardian.lnk = F:\Programmi\Palick Soft\SIGuardian\SIGuardian.exe
O4 - Startup: StatBarr.lnk = F:\Programmi\Globe Software\StatBar\StatBar.exe
O4 - Global Startup: Acrobat Assistant.lnk = F:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = F:\Programmi\File comuni\Adobe\Calibration\Adobe

Gamma Loader.exe
O4 - Global Startup: Digisoft AntiDialer.lnk = F:\Programmi\Digisoft AntiDialer\AntiDialer.exe
O4 - Global Startup: gameutil.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = F:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: &Download with &DAP - F:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - F:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - F:\Programmi\ATI

Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - F:\PROGRA~1\DAP\DAP.EXE
O12 - Plugin for .spop: F:\Programmi\Internet Explorer\Plugins\NPDocBox.dll





Ringrazio molto e scusate la lunghezza.
P.S. Molto utile la guida per hijackthis
iron84 č offline   Rispondi citando il messaggio o parte di esso