log di hijack this

Rossy77 · 10-09-2004, 14:47

una ragazzina che conosco dice di avere problemi col pc..questo è il suo log..io vedo parecchie schifezze

Logfile of HijackThis v1.97.7
Scan saved at 14.59.23, on 10/09/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAMMI\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\CMMPU.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMMI\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAMMI\NORTON ANTIVIRUS\POPROXY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMMI\NORTON SYSTEMWORKS\NORTON CRASHGUARD\CGMENU.EXE
C:\PROGRAMMI\SAVE\SAVE.EXE
C:\PROGRAMMI\AHEAD\INCD\INCD.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAMMI\NORTON SYSTEMWORKS\NORTON CRASHGUARD\CG16EH.EXE
C:\PROGRAMMI\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
C:\Programmi\Norton SystemWorks\Norton CleanSweep\Monwow.exe
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMMI\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAMMI\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\DOCUMENTI\FILE RICEVUTI\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchbar.findthewebsiteyouneed.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.findthewebsiteyouneed.com/
F1 - win.ini: run=C:\WINDOWS\SYSTEM\cmmpu.exe
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programmi\NewDotNet\newdotnet6_30.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [Norton eMail Protect] C:\PROGRAMMI\NORTON ANTIVIRUS\POProxy.exe
O4 - HKLM\..\Run: [Norton CrashGuard Monitor] "C:\PROGRAMMI\NORTON SYSTEMWORKS\NORTON CRASHGUARD\CGMenu.EXE"
O4 - HKLM\..\Run: [00SyncNet-screensavers] C:\WINDOWS\APPLIC~1\SCREEN~1.EXE /nostart
O4 - HKLM\..\Run: [desk4107] c:\wimcom\fantadesktop.exe r
O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\SAVE\Save.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ICQ Net] C:\WINDOWS\winlogon.exe -stealth
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [TVWatch] C:\WINDOWS\SYSTEM\TVWatch.exe
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Programmi\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Programmi\File comuni\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Programmi\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra 'Tools' menuitem: Loghi e suonerie (HKLM)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab28578.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab28578.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab28578.cab

Rossy77 · 11-09-2004, 11:55

up

10-09-2004, 14:47	#1
Rossy77 Senior Member Iscritto dal: Feb 2002 Città: Monza(come tanti qui) Messaggi: 1126	log di hijack this una ragazzina che conosco dice di avere problemi col pc..questo è il suo log..io vedo parecchie schifezze Logfile of HijackThis v1.97.7 Scan saved at 14.59.23, on 10/09/2004 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\PROGRAMMI\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\SYMTRAY.EXE C:\WINDOWS\SYSTEM\MDM.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\SYSTEM\CMMPU.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAMMI\NORTON ANTIVIRUS\NAVAPW32.EXE C:\PROGRAMMI\NORTON ANTIVIRUS\POPROXY.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAMMI\NORTON SYSTEMWORKS\NORTON CRASHGUARD\CGMENU.EXE C:\PROGRAMMI\SAVE\SAVE.EXE C:\PROGRAMMI\AHEAD\INCD\INCD.EXE C:\WINDOWS\RUNDLL32.EXE C:\WINDOWS\RUNDLL32.EXE C:\WINDOWS\LOADQM.EXE C:\PROGRAMMI\NORTON SYSTEMWORKS\NORTON CRASHGUARD\CG16EH.EXE C:\PROGRAMMI\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE C:\Programmi\Norton SystemWorks\Norton CleanSweep\Monwow.exe C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\PROGRAMMI\MSN MESSENGER\MSNMSGR.EXE C:\PROGRAMMI\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\DOCUMENTI\FILE RICEVUTI\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchbar.findthewebsiteyouneed.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.findthewebsiteyouneed.com/ F1 - win.ini: run=C:\WINDOWS\SYSTEM\cmmpu.exe O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programmi\NewDotNet\newdotnet6_30.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET O4 - HKLM\..\Run: [Norton eMail Protect] C:\PROGRAMMI\NORTON ANTIVIRUS\POProxy.exe O4 - HKLM\..\Run: [Norton CrashGuard Monitor] "C:\PROGRAMMI\NORTON SYSTEMWORKS\NORTON CRASHGUARD\CGMenu.EXE" O4 - HKLM\..\Run: [00SyncNet-screensavers] C:\WINDOWS\APPLIC~1\SCREEN~1.EXE /nostart O4 - HKLM\..\Run: [desk4107] c:\wimcom\fantadesktop.exe r O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\SAVE\Save.exe O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [ICQ Net] C:\WINDOWS\winlogon.exe -stealth O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [TVWatch] C:\WINDOWS\SYSTEM\TVWatch.exe O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Programmi\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Programmi\File comuni\Symantec Shared\SymTray.exe "Norton SystemWorks" O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Programmi\Norton SystemWorks\Norton CleanSweep\csinsm32.exe O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra 'Tools' menuitem: Loghi e suonerie (HKLM) O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab28578.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab28578.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab28578.cab

11-09-2004, 11:55	#2
Rossy77 Senior Member Iscritto dal: Feb 2002 Città: Monza(come tanti qui) Messaggi: 1126	up

Strumenti
Mostra una versione stampabile Invia questa pagina per email