Log Hijack This!

olaffio · 10-10-2005, 15:46

Salve a tutti
Dato che ultimamente mi sembra di avere un pò di problemi col pc, forse dovuti ad un Trojan avuto di recente, volevo chiedere se voi esperti potevate dare una occhiata al mio log di Hijack This! e dirmi se secondo voi c'è qualcosa che non va.
Uso WIN 98 SE, non ho il virus My Doom, e non ho installato gli spyware di Messenger Plus.

Logfile of HijackThis v1.97.7
Scan saved at 15.28.55, on 10/10/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAMMI\MESSENGERPLUS! 3\MSGPLUS.EXE
C:\PROGRAMMI\FILE COMUNI\SOFTWIN\BITDEFENDER COMMUNICATOR\XCOMMSVR.EXE
C:\PROGRAMMI\FILE COMUNI\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\ANVSHELL.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAMMI\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMMI\SYGATE\SPF\SMC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMMI\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\PROGRAMMI\DAP\DAPIEBAR.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [CnxDslTaskBar] ; "C:\WINDOWS\SYSTEM\CnxDslTb.exe"
O4 - HKLM\..\Run: [BDNewsAgent] ; "C:\PROGRAMMI\SOFTWIN\BITDEFENDER8\bdnagent.exe"
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Programmi\File comuni\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\RunServices: [BitDefender Communicator] "C:\Programmi\File comuni\Softwin\BitDefender Communicator\\xcommsvr.exe"
O4 - HKLM\..\RunServices: [BitDefender Scan Server] "C:\Programmi\File comuni\Softwin\BitDefender Scan Server\\bdss.exe"
O4 - HKLM\..\RunServices: [BitDefender Live! Init] "C:\Programmi\Softwin\BitDefender8\bdinit.exe"
O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Run DAP (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .png: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab32846.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab30149.cab
O16 - DPF: {1EDF25DE-DFB2-40CA-AA83-30AE7DA8C203} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...262.4979976852
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/def...ploader_v6.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab

nV 25 · 10-10-2005, 15:51

dai prima un'occhiata quà: http://www.hwupgrade.it/forum/showpo...55&postcount=1

Chiedi altrimenti nel solito Thread in rilevo: http://www.hwupgrade.it/forum/showthread.php?t=937676

EDIT: incollando nell'analizzatore (automatico) il tuo log, è emerso che l'unico elemento sospetto è questo: O9 - Extra button: Run DAP (HKLM)
Fixalo se non lo conosci.

BravoGT83 · 10-10-2005, 15:54

esatto si prega di usare il 3d ufficiale per non intasare la prima pagina della sezione con le stesse 3d

BravoGT83 · 10-10-2005, 15:55

msgplus ce l'hai eccome

cmq del log manca un pezzo mi sa

olaffio · 10-10-2005, 15:58

Messo nel topic ufficiale

Msgplus l'ho isntallato ma senza spyware

BravoGT83 · 10-10-2005, 16:15

Quote:

Originariamente inviato da olaffio

Messo nel topic ufficiale

Msgplus l'ho isntallato ma senza spyware

quindi senza gli sponsor allora bene...continuamo là la discussione

wgator · 10-10-2005, 17:02

Ciao,

chiuso perchè trasferito QUI

Per controllo log Hijackthis si prega di avvalersi del thread ufficiale

10-10-2005, 15:46	#1
olaffio Member Iscritto dal: Aug 2004 Messaggi: 102	Log Hijack This! Salve a tutti Dato che ultimamente mi sembra di avere un pò di problemi col pc, forse dovuti ad un Trojan avuto di recente, volevo chiedere se voi esperti potevate dare una occhiata al mio log di Hijack This! e dirmi se secondo voi c'è qualcosa che non va. Uso WIN 98 SE, non ho il virus My Doom, e non ho installato gli spyware di Messenger Plus. Logfile of HijackThis v1.97.7 Scan saved at 15.28.55, on 10/10/05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\HIDSERV.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE C:\PROGRAMMI\MESSENGERPLUS! 3\MSGPLUS.EXE C:\PROGRAMMI\FILE COMUNI\SOFTWIN\BITDEFENDER COMMUNICATOR\XCOMMSVR.EXE C:\PROGRAMMI\FILE COMUNI\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\LOADQM.EXE C:\WINDOWS\ANVSHELL.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\PROGRAMMI\NORTON ANTIVIRUS\NAVAPW32.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\PROGRAMMI\SYGATE\SPF\SMC.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAMMI\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\PROGRAMMI\DAP\DAPIEBAR.DLL O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [anvshell] anvshell.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui O4 - HKLM\..\Run: [CnxDslTaskBar] ; "C:\WINDOWS\SYSTEM\CnxDslTb.exe" O4 - HKLM\..\Run: [BDNewsAgent] ; "C:\PROGRAMMI\SOFTWIN\BITDEFENDER8\bdnagent.exe" O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Programmi\File comuni\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\RunServices: [BitDefender Communicator] "C:\Programmi\File comuni\Softwin\BitDefender Communicator\\xcommsvr.exe" O4 - HKLM\..\RunServices: [BitDefender Scan Server] "C:\Programmi\File comuni\Softwin\BitDefender Scan Server\\bdss.exe" O4 - HKLM\..\RunServices: [BitDefender Live! Init] "C:\Programmi\Softwin\BitDefender8\bdinit.exe" O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O9 - Extra button: Run DAP (HKLM) O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll O12 - Plugin for .png: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab32846.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab30149.cab O16 - DPF: {1EDF25DE-DFB2-40CA-AA83-30AE7DA8C203} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...262.4979976852 O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/def...ploader_v6.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab

10-10-2005, 15:51	#2
nV 25 Bannato Iscritto dal: Jan 2003 Città: Lucca Messaggi: 9119	dai prima un'occhiata quà: http://www.hwupgrade.it/forum/showpo...55&postcount=1 Chiedi altrimenti nel solito Thread in rilevo: http://www.hwupgrade.it/forum/showthread.php?t=937676 EDIT: incollando nell'analizzatore (automatico) il tuo log, è emerso che l'unico elemento sospetto è questo: O9 - Extra button: Run DAP (HKLM) Fixalo se non lo conosci. Ultima modifica di nV 25 : 10-10-2005 alle 15:55.

10-10-2005, 17:02	#7
wgator Senior Member Iscritto dal: Mar 2004 Città: Rimini Messaggi: 10296	Ciao, chiuso perchè trasferito QUI Per controllo log Hijackthis si prega di avvalersi del thread ufficiale __________________ sometimes they come back * Life Happens! - (Professionista I.T. - Tecnico Telecomunicazioni) Latitude E6420 I7 2760QM SSD Crucial M4-512GB --- Tecra R840 I5 2520M SSD Samsung 830-256GB --- Macbook Pro 13,3"** I5 2435M SSD Samsung 830-256GB

10-10-2005, 15:54	#3
BravoGT83 Senior Member Iscritto dal: Sep 2004 Messaggi: 6387	esatto si prega di usare il 3d ufficiale per non intasare la prima pagina della sezione con le stesse 3d

10-10-2005, 15:55	#4
BravoGT83 Senior Member Iscritto dal: Sep 2004 Messaggi: 6387	msgplus ce l'hai eccome cmq del log manca un pezzo mi sa

10-10-2005, 15:58	#5
olaffio Member Iscritto dal: Aug 2004 Messaggi: 102	Messo nel topic ufficiale Msgplus l'ho isntallato ma senza spyware

Strumenti
Mostra una versione stampabile Invia questa pagina per email