HiJackThis - Analisi Log - leggere Regole di Sezione

[andorra24]

Il log e' pulito.

[juninho85]

Quote:

Originariamente inviato da Colin-->IMD®

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

il programma per la securom funziona?

[andorra24]

Quote:

Originariamente inviato da juninho85

il programma per la securom funziona?

Questa voce ho letto che e' meglio non fixarla:
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

sembra che sia un bug di hijackthis che la vede erroneamente come ''file missing'': http://castlecops.com/o18list-83.html

[Colin-->IMD®]

Oh...grazie della delucidazione e grazie per la controllata al log

[Sirius Black]

mi date una controllatina? grazie

Logfile of HijackThis v1.99.1
Scan saved at 18.29.07, on 03/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\ewido\security suite\ewidoctrl.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\eMule\emule.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\DOCUME~1\michele\IMPOST~1\Temp\Adobelm_Cleanup.0001
C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\michele\IMPOST~1\Temp\Adobelm_Cleanup.0001
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\MemTurbo\MemTurbo.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Documents and Settings\michele\Desktop\programmi\hiijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [MigrateMMDrivers] rundll32.exe mmsys.cpl,mmseRunOnce
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: MemTurbo.lnk = C:\Programmi\MemTurbo\MemTurbo.exe
O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
O8 - Extra context menu item: &Cerca con Google - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://C:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Image Converter 2 ??? - C:\Programmi\Sony\Image Converter 2\menu.htm
O8 - Extra context menu item: Link a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~2\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

[juninho85]

pulito

[Sirius Black]

bene grazie

[kan3malato]

ciao è il log di un mio amico sempre pieno di robaccia.....
molta la eliminai 20 giorni fa.......
mica mi faresti la cartesia, SIGNORINAHijackThis
grazie

Logfile of HijackThis v1.99.1
Scan saved at 18.05.03, on 03/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Executive
Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\ATI Technologies\ATI Control
Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Programmi\Ahead\InCD\InCD.exe
C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Opera\Opera.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://www.tele2.it/redirect/dial_up
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://www.tele2.it/redirect/dial_up
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection
Wizard,ShellNext =
http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Window Title = Microsoft Internet
Explorer - TELE2Internet
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Programmi\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) -
{53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) -
{D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file)
O3 - Toolbar: Vista HP -
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} -
c:\Programmi\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv]
c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06]
c:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06]
C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook]
C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI
Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Reminder]
"C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [DiskeeperSystray]
"C:\Programmi\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [InCD]
C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AnyDVD]
C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [SmcService]
C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [QuickTime Task]
"C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KAVPersonal50]
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus
Personal\kav.exe /minimize
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero
BackItUp\NBJ.exe"
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk
= C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft
Excel -
res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Programmi\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Programmi\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF:
START_PAGE_URL=http://www.tele2.it/redirect/dial_up
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
(Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O17 -
HKLM\System\CCS\Services\Tcpip\..\{59447273-86AB-4E1D-B41D-CEC5B8A43C03}:
NameServer = 10.40.0.200
O17 -
HKLM\System\CCS\Services\Tcpip\..\{9BC78CE8-88B6-489C-95D3-CB4563E404D3}:
NameServer = 212.151.136.246 130.244.127.169
O20 - Winlogon Notify: igfxcui -
C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - Unknown owner -
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Diskeeper - Executive Software
International, Inc. - C:\Programmi\Executive
Software\Diskeeper\DkService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG -
C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: Servizio iPod (iPodService) - Apple
Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab -
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus
Personal\kavsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset
- C:\Programmi\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP -
C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall Pro
(SmcService) - Sygate Technologies, Inc. -
C:\Programmi\Sygate\SPF\smc.exe

[andorra24]

Fixa:
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection
Wizard,ShellNext =
http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
O2 - BHO: (no name) -
{D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file)

Bisogna aggiornare java sun mettendo la versione 06.

[kan3malato]

grazie
gli invio la tua risposta x posta...

[Matthia]

Salve, erroneamente ho scaricato questo (virus/trojan/dialer?) activate_crack.exe che non so cosa faccia, io ho un'ADSL 4Mbit di Alice ed anche se so che con un dialer non farebbe nulla senza un modem analogico attaccato, vorrei sbarazzarmene

Ho trovato questo thread mooolto interessante, ho scaricato HijackThis e vi riporto il mio file di log, tengo a precisare che ho già utilizzato la scansione veloce del programma Ewido e mi aveva trovato 3 file infetti dove adesso dice di averli eliminati. Il sistema per adesso (ma non ho ancora riavviato) non presenta niente di cambiato: nella cartella delle connessioni remote vedo sempre i soliti, uso sempre FireFox e non c'è nulla, ho provato a lanciare IE (dove avevo letto che introducesse roba nei preferiti e toolbar, ma soltanto aprendo Google non ho visto niente di nuovo).

BTW, eccovi il mio log (ringrazio in anticipo a tutti voi che siete utilissimi e gentili )

Logfile of HijackThis v1.99.1
Scan saved at 10.31.17, on 04/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Programmi\Executive Software\Diskeeper\DkService.exe
C:\Programmi\Java\j2re1.4.2_04\bin\jusched.exe
C:\Programmi\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programmi\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\ACE Mega CoDecS Pack\SystemS\RealMedia\Update_OB\realsched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TrayMan\ntstart.exe
C:\PROGRA~1\TrayMan\trayman.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\UAService7.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\ARESCOM\Modem Telindus Arescom ND220\dslmon.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\emule\emule.exe
C:\Programmi\DTemp\DTemp.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Babylon\Babylon.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\Programmi\ewido anti-malware\SecuritySuite.exe
C:\Programmi\mIRC\mirc.exe
C:\Documents and Settings\HOMER\Desktop\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [mRouterConfig] C:\Programmi\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe
O4 - HKLM\..\Run: [Outpost Firewall] C:\Programmi\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\ACE Mega CoDecS Pack\SystemS\RealMedia\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [Babylon Client] C:\Programmi\Babylon\Babylon.exe -AutoStart
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: boot ADSL.bat
O4 - Startup: DTemp v1.00 b34 (RC8).lnk = C:\Programmi\DTemp\DTemp.exe
O4 - Startup: NO-IP duct v2.2.1.lnk = C:\Programmi\No-IP\DUC20.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Restore 'layout1.sl'.lnk = C:\Programmi\PACT Save Layout\sl.exe
O4 - Startup: VNC Server v3.3.3 R9.lnk = C:\Programmi\ORL\VNC\WinVNC.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programmi\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programmi\ICQ\ICQ.exe
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093164863156
O17 - HKLM\System\CCS\Services\Tcpip\..\{221F4701-A20B-40DD-92E2-035BECD9AAEF}: NameServer = 85.37.17.9 85.38.28.75
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmi\Executive Software\Diskeeper\DkService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: Groove Games Licensing Service - Groove Games - C:\Programmi\File comuni\Groove Games Shared\Service\ggameslicsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe
O23 - Service: TrayMan - Unknown owner - C:\PROGRA~1\TrayMan\ntstart.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: VisualCronService - - C:\Programmi\VisualCron\VisualCronService.exe

[andorra24]

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k (fixala)
O4 - Startup: boot ADSL.bat (controlla se conosci questa voce)

[Matthia]

Quote:

Originariamente inviato da andorra24

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k (fixala)
O4 - Startup: boot ADSL.bat (controlla se conosci questa voce)

Solo questo?

Cmq, boot ADSL.bat è un file batch fatto da me...

Ma poi sicuro che vada tutto ok? Ewido mi ha trovato diverse cose...

Se s'installa qualche dialer di sorta bisogna che se si attiva lascia qualche connessione remota nell'apposita cartella delle connessioni?

Lascio i PC acceso tutto il giorno e poi vado a lavoro, non vorrei trovarmi qualche ricordino quando torno

[andorra24]

Il log va bene.
Per quanto riguarda i dialer solitamente li puoi trovare in start/connetti a e in opzioni internet/connessioni. Se hai l'adsl non preoccuparti perche' il dialer non puo' effettuare la chiamata e quindi non ci sono rischi con le bollette. Ewido e' molto valido e ti ha ripulito il pc prima che tu postassi il log. Usalo con frequenza per fare delle scansioni. E' molto valido contro i dialer. Ti consiglio anche di navigare con Firefox.

[Matthia]

Quote:

Originariamente inviato da andorra24

Il log va bene.
Per quanto riguarda i dialer solitamente li puoi trovare in start/connetti a e in opzioni internet/connessioni. Se hai l'adsl non preoccuparti perche' il dialer non puo' effettuare la chiamata e quindi non ci sono rischi con le bollette. Ewido e' molto valido e ti ha ripulito il pc prima che tu postassi il log. Usalo con frequenza per fare delle scansioni. E' molto valido contro i dialer. Ti consiglio anche di navigare con Firefox.

Gentilissimo, grazie, ho fixato quello che dicevi... e con Ewido mi ha tolto parecchia spazzatura mettendola in quarantena
Cmq, uso SEMPRE Firefox, uso IE solo a lavoro per esigenze di progetto :P

Non vedendo stranezze con i vari browser, con la connessione (Alice mi dice sempre la connessione sull'IP Server vecchio: 192.168.100.1), credo sia tutto ok, quindi?

[andorra24]

Quote:

Originariamente inviato da Matthia

GentilissimA, grazie, ho fixato quello che dicevi... e con Ewido mi ha tolto parecchia spazzatura mettendola in quarantena
Cmq, uso SEMPRE Firefox, uso IE solo a lavoro per esigenze di progetto :P

Non vedendo stranezze con i vari browser, con la connessione (Alice mi dice sempre la connessione sull'IP Server vecchio: 192.168.100.1), credo sia tutto ok, quindi?

Sei a posto. Stai tranquillo.

[Stev-O]

gentilissima
la quarantena la puoi togliere
in aggiunta le estensioni adblock con filterset updater & noscript per java sono un ulteriore sicurezza

[Matthia]

Ringrazio tutti per le risposte

[bluesong]

Ho fatto analizzare il file di log che riporto sotto, ed eliminato spoolsvc.exe.
Invece non so che fare con ssvhoost94.exe ... me lo segnala sconosciuto e anche una ricerca sulla rete non mi da risultati (vorrei capirci qualcosa prima di installare il service pack 2) ..
Che sia qualcosa all'interno dell'installazione di Alice?

Ecco il log:

Logfile of HijackThis v1.99.1
Scan saved at 9.41.38, on 06/02/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\Programmi\VIA\RAID\raid_tool.exe
C:\WINDOWS\System32\VTTimer.exe
C:\WINDOWS\System32\VTtrayp.exe
C:\WINDOWS\sm56hlpr.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\System32\ssvhoost94.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\XXX\Documenti\sicurezza\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcw.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [RaidTool] C:\Programmi\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Windows Services] spoolsvc.exe
O4 - HKLM\..\Run: [internet service] ssvhoost94.exe
O4 - HKLM\..\RunServices: [Windows Services] spoolsvc.exe
O4 - HKLM\..\RunServices: [internet service] ssvhoost94.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.pcw.it
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1139163247779
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

[andorra24]

Fixa:
C:\WINDOWS\System32\ssvhoost94.exe
O4 - HKLM\..\Run: [Windows Services] spoolsvc.exe
O4 - HKLM\..\Run: [internet service] ssvhoost94.exe
O4 - HKLM\..\RunServices: [Windows Services] spoolsvc.exe
O4 - HKLM\..\RunServices: [internet service] ssvhoost94.exe