Questo è il mio log di Hijackthis

di **SilviaGrind** » 07/04/07 22:21

C'è qualche anima pia che mi aiuterebbe a eliminare/fissa le voci pericolose dato che ho paura di combinare dei guai?
grazie!

Logfile of HijackThis v1.99.1
Scan saved at 23.18.43, on 07/04/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\devldr32.exe
C:\Documents and Settings\Silvia\Desktop\Programmi\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://myhomepage.capitan-trash.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 205.214.67.211 auto.search.msn.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {CD756C0F-10F9-E8CC-5DED-57BB4A3E870D} - C:\DOCUME~1\Silvia\DATIAP~1\GRIMPLAY\Bias Kind.exe (file missing)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Micrsoft Exploerer] spaderman.exe
O4 - HKLM\..\Run: [Micrcoft Windows Updat] spoolsan.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [UploadPureGreyMp3] C:\Documents and Settings\All Users\Dati applicazioni\DartSkipUploadPure\The Jump.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuamkop.exe
O4 - HKLM\..\RunServices: [Micrsoft Exploerer] spaderman.exe
O4 - HKLM\..\RunServices: [Micrcoft Windows Updat] spoolsan.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Mode tick] C:\DOCUME~1\Silvia\DATIAP~1\IDLEHO~1\remoteenc.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programmi\eMule\emule.exe -AutoStart
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Websi ... dge-c4.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu ... 0.0.15.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://www.ysbweb.com/ist/softwares/v4. ... viewer.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8171265942
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.virgilio.it/downloa ... ctiveX.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/605683.exe
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O16 - DPF: {F7FD91D1-45E6-4349-B698-F976062DAC26} - http://www.storage-tasp.com/gs/gsa_1435.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://deposito.hostance.net/dialer/605683.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E6E85B1-6728-49FB-9D01-59C41F83E78C}: NameServer = 85.37.17.47 85.38.28.82
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

di **Luke57** » 08/04/07 08:00

Ciao, scarica asuperantispyware ed.free da qui:
http://www.superantispyware.com/
installalo e aggiornalo alle ultime definizioni.

Scarica ATF cleaner da qui:
http://www.atribune.org/ccount/click.php?id=1
(per eliminare i file temporanei)

Copia hijackthis.exe in una cartella permanente, no desktop, appositamente dedicata in modo che il programma possa fare il backup delle voci rimosse.

Apri hijackthis dalla nuova cartella, premi “do a system scan only”, cdrchi e spunti le voci seguenti:
O2 - BHO: (no name) - {CD756C0F-10F9-E8CC-5DED-57BB4A3E870D} - C:\DOCUME~1\Silvia\DATIAP~1\GRIMPLAY\Bias Kind.exe (file missing)
O4 - HKLM\..\Run: [Micrsoft Exploerer] spaderman.exe
O4 - HKLM\..\Run: [UploadPureGreyMp3] C:\Documents and Settings\All Users\Dati applicazioni\DartSkipUploadPure\The Jump.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuamkop.exe
O4 - HKLM\..\RunServices: [Micrsoft Exploerer] spaderman.exe
O4 - HKLM\..\RunServices: [Micrcoft Windows Updat] spoolsan.exe
O4 - HKCU\..\Run: [Mode tick] C:\DOCUME~1\Silvia\DATIAP~1\IDLEHO~1\remoteenc.exe
O16 - DPF: {F7FD91D1-45E6-4349-B698-F976062DAC26} - http://www.storage-tasp.com/gs/gsa_1435.exe
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/605683.exe

Premi fix cheked.

Cerca ed elimina i seguenti file e cartelle:
C:\Documents and Settings\All Users\Dati applicazioni\DartSkipUploadPure----->la cartella
C:\DOCUME~1\Silvia\DATIAP~1\IDLEHO~1\remoteenc.exe

Poi avvia ATFCleaner. Clicca sul menu main e poi seleziona la casella Select All. Adesso clicca sul pulsante Empty selected e aspetta il messaggio Done Cleaning!.

Fai uno scan completo con supeantispyware.

di **SilviaGrind** » 08/04/07 13:03

Grazie, molto gentile

di **SkunkWorks 68** » 08/04/07 14:09

Oltre agli ottimi consigli di Luke 57 ne aggiungo un altro io...Metti il SP 2.
Ciao

di **SilviaGrind** » 08/04/07 17:10

Sarebbe il Service Pack 2?? Mi sa che nn posso perchè nn ho windows originale...
grazie cmq !

Questo è il mio log di Hijackthis

Questo è il mio log di Hijackthis

Topic correlati a "Questo è il mio log di Hijackthis":

Chi c’è in linea