Help log hijackthis

[capitan pc]

Ciao a tutti, mi date una mano ad analizare il log di hijackthis ? ho il sospeto che ci sia qualciosa che non va nel pc ( si disconete da solo all' improviso dalla connessione adsl).
Grazie

Logfile of HijackThis v1.99.1
Scan saved at 18.44.14, on 04/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\giusi\Documenti\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcw.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programmi\File comuni\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKLM\..\Run: [NAVNet] "C:\WINDOWS\msxmidi.exe" /m
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.pcw.it
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe

[wgator]

Ciao,

ho dato un'occhiata veloce e mi ha colpito questo:
O4 - HKLM\..\Run: [NAVNet] "C:\WINDOWS\msxmidi.exe" /m

E' sicuramente una schifezza

[andorra24]

Questo ''msxmidi.exe" /m '' e' una variante del CoolWebSearch. Fai una scansione con CWShredder: http://www.softpedia.com/progDownloa...load-8114.html

[YMen]

installa sp2 e aggiornalo

[capitan pc]

Grazie, per quanto riguarda eventuali dialer che mi dite ?

[BravoGT83]

Quote:

Originariamente inviato da capitan pc

Grazie, per quanto riguarda eventuali dialer che mi dite ?

con adsl al max ti disconnettano dalla rete

cmq fai una ricerca e troverai un 3d che parla di antidialer

cmq con adsl non hai da preoccupare

[masachella76]

Ciao a tutti, mi date una mano ad analizare il log di hijackthis ? ho il sospeto che ci sia qualciosa che non va nel pc ( si disconete da solo all' improviso dalla connessione adsl)...qualcuno mi può aiutare?

Logfile of HijackThis v1.99.1
Scan saved at 13.58.13, on 08/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Programmi\Sygate\SPF\Smc.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\Programmi\eMule\eMule.exe
F:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
F:\Programmi\Alwil Software\Avast4\ashServ.exe
F:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
F:\Programmi\Alwil Software\Avast4\ashWebSv.exe
F:\Programmi\ewido\security suite\ewidoctrl.exe
F:\WINDOWS\system32\WISPTIS.EXE
F:\Documents and Settings\lupin III\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CloneCDTray] "F:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SmcService] F:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKCU\..\Run: [eMuleAutoStart] F:\Programmi\eMule\eMule.exe -AutoStart
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = F:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{587CABEC-69F4-440A-A05A-DC48064C120F}: NameServer = 193.70.152.15 193.70.152.25
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - F:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - F:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - F:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - F:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - F:\Programmi\ewido\security suite\ewidoctrl.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - F:\Programmi\Sygate\SPF\Smc.exe

[andorra24]

Quote:

Originariamente inviato da masachella76

Ciao a tutti, mi date una mano ad analizare il log di hijackthis ? ho il sospeto che ci sia qualciosa che non va nel pc ( si disconete da solo all' improviso dalla connessione adsl)...qualcuno mi può aiutare?

Logfile of HijackThis v1.99.1
Scan saved at 13.58.13, on 08/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Programmi\Sygate\SPF\Smc.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\Programmi\eMule\eMule.exe
F:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
F:\Programmi\Alwil Software\Avast4\ashServ.exe
F:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
F:\Programmi\Alwil Software\Avast4\ashWebSv.exe
F:\Programmi\ewido\security suite\ewidoctrl.exe
F:\WINDOWS\system32\WISPTIS.EXE
F:\Documents and Settings\lupin III\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CloneCDTray] "F:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SmcService] F:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKCU\..\Run: [eMuleAutoStart] F:\Programmi\eMule\eMule.exe -AutoStart
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = F:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{587CABEC-69F4-440A-A05A-DC48064C120F}: NameServer = 193.70.152.15 193.70.152.25
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - F:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - F:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - F:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - F:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - F:\Programmi\ewido\security suite\ewidoctrl.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - F:\Programmi\Sygate\SPF\Smc.exe

Il log e' pulito.

[sb3rla]

www.hijackthis.de

[masachella76]

...grazie mille ANDORRA24!!!

[jackz]

scusate la mia ignoranza ma nel log di MASACHELLA76 alla riga:

O17 - HKLM\System\CCS\Services\Tcpip\..\{587CABEC-69F4-440A-A05A-DC48064C120F}: NameServer = 193.70.152.15 193.70.152.25

ho verificato che il secondo DNS, 193.70.152.25 corrisponde al provider di libero, ma il primo DNS ovvero 193.70.152.15 a cosa corrisponde? nella lista dei DNS che ho controllato su

http://support.antidegroup.com/index...mod_id=2&id=14

non v'è traccia.

thanx.

[andorra24]

Quote:

Originariamente inviato da jackz

scusate la mia ignoranza ma nel log di MASACHELLA76 alla riga:

O17 - HKLM\System\CCS\Services\Tcpip\..\{587CABEC-69F4-440A-A05A-DC48064C120F}: NameServer = 193.70.152.15 193.70.152.25

ho verificato che il secondo DNS, 193.70.152.25 corrisponde al provider di libero, ma il primo DNS ovvero 193.70.152.15 a cosa corrisponde? nella lista dei DNS che ho controllato su

http://support.antidegroup.com/index...mod_id=2&id=14

non v'è traccia.

thanx.

E' sempre Libero

[cicquetto]

i vari

R0
R0
o2
o4...

cosa rappresentano? sono attivi o no?

edit: ok trovato, me lo spiega stesso lui

[wgator]

Ciao,

ti consiglio di leggere questo articolo, in italiano: http://www.tweakness.net/articoli/hijack.htm

[cicquetto]

ottima, grazie

[capitan pc]

Per eliminare definitivamente questi dialer cosa devo fare ? ogni volta che li elimino rappaiono ...

[andorra24]

Quote:

Originariamente inviato da capitan pc

Per eliminare definitivamente questi dialer cosa devo fare ? ogni volta che li elimino rappaiono ...

Leggiti questo thread:http://www.hwupgrade.it/forum/showth...ght=antidialer