|
|||||||
|
|
|
 |
|
|
Strumenti |
24-02-2008, 21:59
|
#1 |
|
Member
Iscritto dal: Feb 2008
Messaggi: 93
|
hijackthis.log: le voci a rischio
un po' preoccupato da qualche rimozione di file sospetto di qualche giorno fa (con antivirus Avast), ho eseguito hijackthis.
Al log ho questo. Scusatemi se posto, ma vorrei capire come riconoscere le cose a rischio. Se c'è una guida rapida da consultare ve ne sono lieto. Logfile of HijackThis v1.99.1 Scan saved at 18.29.36, on 24/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Sicurezza\Avast4\aswUpdSv.exe C:\Programmi\Sicurezza\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe C:\Programmi\flexnet\i486_nt\obj\lmgrd.exe C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programmi\flexnet\i486_nt\obj\lmgrd.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\Sicurezza\Avast4\ashMaiSv.exe C:\Programmi\Sicurezza\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\AGRSMMSG.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\ALCXMNTR.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE C:\PROGRA~1\SICURE~1\Avast4\ashDisp.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\Programmi\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Messenger\msmsgs.exe C:\WINDOWS\system32\rundll32.exe C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programmi\FreePOPs\freepopsd.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Programmi\MSN Messenger\usnsvc.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\Compaq_Proprietario\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programmi\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programmi\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\SICURE~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB002" /M "Stylus C44" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Google IME Autoupdater] "C:\Programmi\Google\Google Pinyin\GooglePinyinDaemon.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Startup: FreePOPs.lnk = C:\Programmi\FreePOPs\freepopsd.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?c20e236ddedd47f9850c7c671acaf6f5 O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?c20e236ddedd47f9850c7c671acaf6f5 O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\Ufficio\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Ufficio\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2mail.com/static/apps...ountHelper.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5D459DC6-336D-42B0-9258-DE2493A2D86C}: NameServer = 130.244.127.161,130.244.127.169 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Sicurezza\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Sicurezza\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Sicurezza\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Sicurezza\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe O23 - Service: FLEXlm server for PTC - Macrovision Corporation - C:\Programmi\flexnet\i486_nt\obj\lmgrd.exe O23 - Service: Groove Installer Service (GrooveInstallerService) - Groove Networks, Inc. - C:\INGEGNERIA\Groove Networks\Groove\Bin\GrooveInstallerService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Servizio iPod (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe |
|
|
24-02-2008, 22:26
|
#2 |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Allegare il log qui http://www.hwupgrade.it/forum/showthread.php?t=937676 per il controllo
MODALITA' DI PUBBLICAZIONE DEI LOG RICHIESTI: 1- Se il log generato è max 20 kb, prima salvalo in formato .txt e poi allegalo alla discussione, utilizzando l'apposita funzione GESTISCI ALLEGATI; 2- Se è superiore a 20 kb, ogni singolo log, esclusivamente in formato txt, deve essere caricato su FileUp, pubblicando, per ogni log, il link che verrà rilasciato per il download. E' preferibile pubblicare i log in un unico post, separatamente, non zippateli Essendo vietato da Regolamento copiare ed incollare i log vedi post#1 rfits il tuo post NB: sarebbe opportuno usare la versione aggiornata di HJT scaricabile da qui: Download: http://www.trendsecure.com/portal/en...HiJackThis.exe Nell'eventualità risultassi infetto ti verrà indicato come procedere, ciao.
__________________
Try again and you will be luckier.
|
|
|
|
25-02-2008, 00:42
|
#3 |
|
Senior Member
Iscritto dal: Nov 2001
Città: Fidenza(pr) da Trento
Messaggi: 27479
|
ti serve questo thread: http://www.hwupgrade.it/forum/showthread.php?t=734483
ovvaimente questo essendo doppione sono costretto a chiuderlo 
__________________
"Visti da vicino siamo tutti strani..." ~|~ What Defines a Community? ~|~ Thread eMule Ufficiale ~|~ Online Armor in Italiano ~|~ Regole di Sezione ~|► Guida a PrivateFirewall
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 20:14.
