mi date un'occhiata al log...please

?ucleare · 13-07-2005, 13:18

Logfile of HijackThis v1.99.1
Scan saved at 14.11.46, on 13/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\Programmi\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\System32\drivers\CDAC11BA.EXE
D:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
D:\WINDOWS\system32\sstray.exe
D:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Programmi\ISTsvc\istsvc.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\system32\ctfmon.exe
E:\PROGRAMMI\SPYBOT\Spybot - Search & Destroy\TeaTimer.exe
D:\Programmi\Alwil Software\Avast4\ashWebSv.exe
E:\ALTRO\UTILE-DRIVER\DRIVER\DRIVER FOTOCAMERA\QuickDCF.exe
D:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\Directory temporanea 3 per hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.goole.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\PROGRAMMI\ACROBAT\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRAMMI\SPYBOT\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [REGSHAVE] D:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATIPTA] D:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Siwix] C:\Program Files\Yuhqg\Bccit.exe
O4 - HKLM\..\Run: [JBdfSE] D:\WINDOWS\dcaijs.exe
O4 - HKLM\..\Run: [IST Service] D:\Programmi\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [ccApp] "D:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "D:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\PROGRAMMI\SPYBOT\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = D:\Programmi\File comuni\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://E:\PROGRA~1\OFFICE~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\OFFICE~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {E61135DF-716D-49A7-B29B-8287A1CD072C} (WidelookX Control) - http://81.208.113.59/it/widelook/WidelookX.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - D:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - D:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - D:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe

COSA NE PENSATE?
C'è ANCORA QUALCOSA CHE NON VA?
GRAZIE

N.B. fixare significa selezionare i file e poi cliccare su Fix cheched (è la prima volta che lo faccio, portate pazienza)?

andorra24 · 13-07-2005, 13:26

Fixa:
D:\Programmi\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Siwix] C:\Program Files\Yuhqg\Bccit.exe
O4 - HKLM\..\Run: [JBdfSE] D:\WINDOWS\dcaijs.exe
O4 - HKLM\..\Run: [IST Service] D:\Programmi\ISTsvc\istsvc.exe
O16 - DPF: {E61135DF-716D-49A7-B29B-8287A1CD072C} (WidelookX Control) - http://81.208.113.59/it/widelook/WidelookX.cab
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

Fixa cioe' spunta la casellina accanto alle voci da togliere e poi premi ''fix checked''

?ucleare · 13-07-2005, 13:54

Quote:

Originariamente inviato da andorra24

Fixa:
D:\Programmi\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Siwix] C:\Program Files\Yuhqg\Bccit.exe
O4 - HKLM\..\Run: [JBdfSE] D:\WINDOWS\dcaijs.exe
O4 - HKLM\..\Run: [IST Service] D:\Programmi\ISTsvc\istsvc.exe
O16 - DPF: {E61135DF-716D-49A7-B29B-8287A1CD072C} (WidelookX Control) - http://81.208.113.59/it/widelook/WidelookX.cab
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

Fixa cioe' spunta la casellina accanto alle voci da togliere e poi premi ''fix checked''

Per cortesia mi spiegheresti come fai a capire quali sono i file infetti( se si tratta di infetti)?
Ciò che mi hai consilgliato di fare è stato alla fin fine di cancellarli?

andorra24 · 13-07-2005, 14:00

Riconosco i processi di sistema e quelli che riguardano i programmi noti. Le cose strane che mi insospettiscono le cerco in rete per avere certezza se sono da cancellare oppure no.

?ucleare · 13-07-2005, 14:03

Quote:

Originariamente inviato da andorra24

Riconosco i processi di sistema e quelli che riguardano i programmi noti. Le cose strane che mi insospettiscono le cerco in rete per avere certezza se sono da cancellare oppure no.

Complimenti dei davvero Brava!!!
Penso che arrivare al tuo livello occorra molta dimestichezza con il PC

andorra24 · 13-07-2005, 14:15

Grazie sei molto gentile.

?ucleare · 13-07-2005, 14:19

Quote:

Originariamente inviato da andorra24

Grazie sei molto gentile.

Prego!

13-07-2005, 13:18	#1
?ucleare Member Iscritto dal: Oct 2004 Messaggi: 189	mi date un'occhiata al log...please Logfile of HijackThis v1.99.1 Scan saved at 14.11.46, on 13/07/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\spoolsv.exe D:\Programmi\Alwil Software\Avast4\aswUpdSv.exe D:\WINDOWS\System32\Ati2evxx.exe D:\Programmi\Alwil Software\Avast4\ashServ.exe D:\WINDOWS\System32\drivers\CDAC11BA.EXE D:\Programmi\Alwil Software\Avast4\ashMaiSv.exe D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe D:\WINDOWS\system32\sstray.exe D:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe D:\Programmi\ISTsvc\istsvc.exe D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe D:\WINDOWS\system32\ctfmon.exe E:\PROGRAMMI\SPYBOT\Spybot - Search & Destroy\TeaTimer.exe D:\Programmi\Alwil Software\Avast4\ashWebSv.exe E:\ALTRO\UTILE-DRIVER\DRIVER\DRIVER FOTOCAMERA\QuickDCF.exe D:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\Directory temporanea 3 per hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.goole.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\PROGRAMMI\ACROBAT\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRAMMI\SPYBOT\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [REGSHAVE] D:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [ATIPTA] D:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Siwix] C:\Program Files\Yuhqg\Bccit.exe O4 - HKLM\..\Run: [JBdfSE] D:\WINDOWS\dcaijs.exe O4 - HKLM\..\Run: [IST Service] D:\Programmi\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [ccApp] "D:\Programmi\File comuni\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "D:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\PROGRAMMI\SPYBOT\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Exif Launcher.lnk = ? O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = D:\Programmi\File comuni\Autodesk Shared\acstart16.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://E:\PROGRA~1\OFFICE~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\OFFICE~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe O16 - DPF: {E61135DF-716D-49A7-B29B-8287A1CD072C} (WidelookX Control) - http://81.208.113.59/it/widelook/WidelookX.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Programmi\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - D:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - Unknown owner - D:\Programmi\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - D:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - D:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: C-DillaCdaC11BA - Macrovision - D:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - D:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe COSA NE PENSATE? C'è ANCORA QUALCOSA CHE NON VA? GRAZIE N.B. fixare significa selezionare i file e poi cliccare su Fix cheched (è la prima volta che lo faccio, portate pazienza)?

13-07-2005, 13:26	#2
andorra24 Senior Member Iscritto dal: May 2005 Città: Palermo Messaggi: 6390	Fixa: D:\Programmi\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [Siwix] C:\Program Files\Yuhqg\Bccit.exe O4 - HKLM\..\Run: [JBdfSE] D:\WINDOWS\dcaijs.exe O4 - HKLM\..\Run: [IST Service] D:\Programmi\ISTsvc\istsvc.exe O16 - DPF: {E61135DF-716D-49A7-B29B-8287A1CD072C} (WidelookX Control) - http://81.208.113.59/it/widelook/WidelookX.cab O23 - Service: avast! Mail Scanner - Unknown owner - D:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - D:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) Fixa cioe' spunta la casellina accanto alle voci da togliere e poi premi ''fix checked'' Ultima modifica di andorra24 : 13-07-2005 alle 13:30.

13-07-2005, 14:00	#4
andorra24 Senior Member Iscritto dal: May 2005 Città: Palermo Messaggi: 6390	Riconosco i processi di sistema e quelli che riguardano i programmi noti. Le cose strane che mi insospettiscono le cerco in rete per avere certezza se sono da cancellare oppure no.

13-07-2005, 14:15	#6
andorra24 Senior Member Iscritto dal: May 2005 Città: Palermo Messaggi: 6390	Grazie sei molto gentile.

Strumenti
Mostra una versione stampabile Invia questa pagina per email