Ciao a tutti
vorrei sapere una volta analizzato il log come devo procedere per eliminare i files infetti grazie.
Questo č il risultato dell'analisi del log.
Entry Kind
(Safe, Nasty, Unknown) Description Tip
Logfile of HijackThis v1.99.1
Safe. Shows the version of HijackThis an. The newest version is: v1.99.1!
This should be the newest version. (v1.99.1)
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Safe. Shows the version of your Internet Explorer. Newest Version is: 6.00.2900.2180!
This should be the newest version. (6.00.2900.2180)
C:\WINDOWS\System32\smss.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
C:\WINDOWS\system32\winlogon.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
C:\WINDOWS\system32\services.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
C:\WINDOWS\system32\lsass.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
C:\WINDOWS\system32\Ati2evxx.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
C:\WINDOWS\system32\svchost.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
C:\WINDOWS\System32\svchost.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
C:\WINDOWS\system32\spoolsv.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
C:\Programmi\ewido anti-spyware 4.0\guard.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
Safe. running process. (MDM.EXE)
Machine Debug Manager. Used by developers.
C:\Programmi\Eset\nod32krn.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
C:\WINDOWS\system32\slmdmsr.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
C:\WINDOWS\system32\svchost.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
C:\WINDOWS\system32\Ati2evxx.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
C:\WINDOWS\Explorer.EXE
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
C:\WINDOWS\SOUNDMAN.EXE
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
Safe. running process. (HPWuSchd2.exe)
Part of Hewlett-Packard
Possibly nasty! According to our database this process runs normally in c:\programme\hewlett-packard\hp software update\! Check if you know this process and arrange a viruscheck where required.
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
Safe. running process. (DataLayer.exe)
Nokia DataLayer
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
Safe. running process. (LaunchApplication.exe)
Nokia PC Suite 6
C:\Programmi\Eset\nod32kui.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
Safe. running process. (SERVIC~1.EXE)
Nokia PC Suite, F-Secure Backweb Client
C:\Programmi\ewido anti-spyware 4.0\ewido.exe
Safe. running process. (ewido.exe)
ewido anti-malware
Possibly nasty! According to our database this process runs normally in c:\programme\ewido anti-malware 4.0\! Check if you know this process and arrange a viruscheck where required.
C:\WINDOWS\system32\ctfmon.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
C:\Programmi\Messenger\msmsgs.exe
Safe. running process. (msmsgs.exe)
MSN Messenger
C:\Programmi\Phone\Skype.exe
Safe. running process. (Skype.exe)
Possibly nasty! According to our database this process runs normally in c:\programme\skype\phone\! Check if you know this process and arrange a viruscheck where required.
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
Safe. running process. (PcSync2.exe)
Nokia PC Suite 6
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
Safe. running process. (mpbtn.exe)
System tray icon for the Virtual Assistant from AT&T Broadband, used to communicate internet problems via the network rather than telephone. Available via desktop shortcut or Start -> Programs - not required
Not dangerous, but unnecessary.
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
Safe. running process. (hpqimzone.exe)
Hewlett-Packard
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
Safe. running process. (hpqtra08.exe)
HP Digital Imaging
C:\Programmi\Kodak\Kodak EasyShare software\bin\EasyShare.exe
Safe. running process. (EasyShare.exe)
C:\Programmi\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
Unknown running process. (KodakSoftwareUpdater.exe)
This is a unknown process.
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
Safe. running process. (hpqSTE08.exe)
Hewlett-Packard Digital Imaging
C:\Programmi\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
Safe. running process. (hprblog.exe)
Hewlett-Packard Digital Imaging
C:\Programmi\Internet Explorer\iexplore.exe
Safe. running process. (iexplore.exe)
Internet Explorer - Wir empfehlen einen sichereren alternativen Browser zu verwenden. (z.B. Firefox)
C:\Documents and Settings\Stefano Pacini\Documenti\My Skype Received Files\hijackthis_199\HijackThis.exe
Safe. running process. (HijackThis.exe)
Tool, mit dem sie dieses Logfile erzeugt haben. Das Programm sollte so angelegt sein ! C:\Programme\HijackThis\HijackThis.exe
Remember that Hijackthis must be run in an own folder. Only if Hijackthis run in an own folder it will create backups!
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.it/
Safe. This page has been identified as safe.
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
Safe. Entries found in this registry zone are potentially nasty. This application ([06849E9F-C8D7-4D59-B87D-784B7D6BE0B3] - Result: 06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) has been checked. Hit rate: 100,00%
O2 - BHO: (no name) - {18701B47-164D-48C2-89E7-D24D0F385585} - (no file)
Unnecessarily Entries found in this registry zone are potentially nasty. This application ([18701B47-164D-48C2-89E7-D24D0F385585] - Result: ) has been checked. Hit rate: 0,00%
Unknown application.
Unnecessary (deactivated) entry that can be fixed.
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
Safe. Entries found in this registry zone are potentially nasty. This application ([AA58ED58-01DD-4d91-8333-CF10577473F7] - Result: AA58ED58-01DD-4d91-8333-CF10577473F7) has been checked. Hit rate: 100,00%
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
Safe. Entries found in this registry zone are potentially nasty. This application ([EF99BD32-C1FB-11D2-892F-0090271D4F88] - Result: EF99BD32-C1FB-11D2-892F-0090271D4F88) has been checked. Hit rate: 100,00%
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
Safe. Entries found in this registry zone are potentially nasty. This application ([2318C2B1-4965-11d4-9B18-009027A5CD4F] - Result: 2318C2B1-4965-11D4-9B18-009027A5CD4F) has been checked. Hit rate: 97,22%
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
Safe. HP software updates. If a shortcut doesn\'t exist create your own and run it manually
Hit rate: 94,44 % (result)
Not dangerous, but unnecessary.
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
Safe. Nokia PC Suite 5 - "A collection of powerful tools that you can use to manage your phone features and data." Synchronize the phone with, for example Outlook. You can also use it to browse your phone, edit the phone list and so on
Hit rate: 100,00 % (result)
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
Safe. Nokia PC Suite 6
Hit rate: 100,00 % (result)
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
O4 - HKLM\..\Run: [!ewido] "C:\Programmi\ewido anti-spyware 4.0\ewido.exe" /minimized
Safe. Ewido Anti-Malware
Hit rate: 100,00 % (result)
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
Safe. CTFMon is involved with the language/alternative input services in Office XP. CTFMON.exe will continue to put itself back into MSConfig when you run the Office XP apps as long as the Text Services and Speech applets in the Control Panel are enabled. Not required if you don\'t need these features. For more info on ctfmon see here. CTFMON can be disabled from Control Panel, Text & Speech Services
Hit rate: 55,00 % (result)
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
Safe. Windows Messenger utility. If you don\'t use Windows Messenger, this can be annoying. Available via Start -> Programs. Go to Windows Messenger > Tools > Options > Preferences and uncheck "Run this program when Windows starts"
Hit rate: 100,00 % (result)
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Phone\Skype.exe" /nosplash /minimized
Safe. "Skype is free and simple software that will enable you to make free calls anywhere in the world in minutes"
Hit rate: 100,00 % (result)
Not dangerous, but unnecessary.
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
Safe. Nokia PC Suite 6
Hit rate: 100,00 % (result)
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Safe. Part of Acrobat Reader 7
Hit rate: 72,03 % (result)
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
Safe. HP digital imaging monitor; can apparently be launched manually.
Hit rate: 96,43 % (result)
Not dangerous, but unnecessary.
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Programmi\Kodak\Kodak EasyShare software\bin\EasyShare.exe
Safe. Software bundled with Kodak digital cameras to manage the connection between the PC and the Camera. Can be started manually.
Hit rate: 96,15 % (result)
O4 - Global Startup: Kodak software updater.lnk = C:\Programmi\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
Unknown
Hit rate: 0,00 % (result)
Unknown application.
O4 - Global Startup: LG SyncManager.lnk = ?
Safe.
Hit rate: 66,67 % (result)
The entry is unnecessary and can be fixed.
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Safe. The entry E&sporta in Microsoft Excel has been identified as safe.
If the entry 'E&sporta in Microsoft Excel ' is not needed anymore, it should be fixed.
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
Safe. The entry Ricerche has been identified as safe.
If the entry 'Ricerche ' is not needed anymore, it should be fixed.
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
Safe. The entry Messenger has been identified as safe.
If the entry 'Messenger ' is not needed anymore, it should be fixed.
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
Safe. The entry Windows Messenger has been identified as safe.
If the entry 'Windows Messenger ' is not needed anymore, it should be fixed.
O15 - Trusted Zone:
www.adslconnection.name
Nasty This entry was classified from our visitors as bad.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
O15 - Trusted Zone:
www.archivio.name
Safe. If you did not add these pages to your trusted pages, they should be fixed.
O15 - Trusted Zone:
www.archiviosex.net
Nasty This entry was classified from our visitors as bad.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
O15 - Trusted Zone:
www.hastalavista.it
Safe. If you did not add these pages to your trusted pages, they should be fixed.
O15 - Trusted Zone:
www.otherchance.com
Nasty This entry was classified from our visitors as bad.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
O15 - Trusted Zone:
www.playitalia.com
Safe. If you did not add these pages to your trusted pages, they should be fixed.
O15 - Trusted Zone:
www.pornoaccesso.com
Safe. If you did not add these pages to your trusted pages, they should be fixed.
O15 - Trusted Zone:
www.redfunny.com
Nasty This entry was classified from our visitors as bad.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
O15 - Trusted Zone:
www.sgrunt.biz
Nasty This entry was classified from our visitors as bad.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
O15 - Trusted Zone:
www.skymasters.biz
Nasty This entry was classified from our visitors as bad.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
O15 - Trusted Zone:
www.softlab.name
Safe. If you did not add these pages to your trusted pages, they should be fixed.
O15 - Trusted Zone:
www.xxx-content.name
Nasty This entry was classified from our visitors as bad.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DC0EAE8-D2A4-4A73-8D03-090340EDBFA3}: NameServer = 85.37.17.55 85.38.28.93
Possibly nasty If this Domain does not belong to your ISP, or your firms network, these entries should be fixed. 'SearchList' entries should be fixed too.
Do you know the IP or Domain '85.37.17.55 85.38.28.93'? If not, fix this entry.
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.
This service (guard.exe) was identified as a good one.
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.
This service (KodakCCS.exe) was identified as a good one.
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slmdmsr.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
This log has been checked automatically.
Check your log file automatically at
www.hijackthis.de.