Condividi:        

LOG HijackThis

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

LOG HijackThis

Postdi dcrescenti » 30/08/10 16:47

noto delle stranezze sul mio PC, qualcuno può dare un'occhiata a questo LOG... Ringrazio anticipatamente

===
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17.09.54, on 30/08/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\astsrv.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmi\Cobian Backup 10\cbVSCService.exe
C:\Programmi\Cobian Backup 10\cbService.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\Explorer.exe
C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\Programmi\Norton Ghost\Agent\VProSvc.exe
C:\Programmi\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\Programmi\PowerISO\PWRISOVM.EXE
C:\Programmi\Norton Ghost\Agent\VProTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Programmi\VMware\VMware Player\hqtray.exe
C:\Programmi\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\vmnat.exe
C:\Programmi\File comuni\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Programmi\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
C:\PVSW\Bin\w3dbsmgr.exe
C:\WINDOWS\TEMP\NKE576.EXE
C:\C2\AGIS\AGISW.EXE
C:\C2\AGIS\AGISW.exe
C:\C2\AGIS\AGISW.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpmup091.bin
C:\WINDOWS\system32\CMD.exe
D:\MAGA615\SISMENU.EXE
C:\MEW32\Mew32.exe
C:\Programmi\Google\Picasa3\Picasa3.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
T:\Download\trendmicro.com\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programmi_CS5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: VMN Toolbar - {078fed71-52f2-4a49-a0ab-6453e2ca72ba} - C:\Programmi\vmndtx\vmndx.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programmi\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programmi\Vuze_Remote\tbVuz1.dll
O2 - BHO: Security Helper {D63F58E9-B8BB-4DBA-B2A0-44F72C2A61BD} - {D63F58E9-B8BB-4DBA-B2A0-44F72C2A61BD} - C:\Programmi\vmndtx\auxi\vmndAu.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: VMN Toolbar - {078fed71-52f2-4a49-a0ab-6453e2ca72ba} - C:\Programmi\vmndtx\vmndx.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Wolfram Toolbar - {9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} - C:\Programmi\Wolfram Research\WolframToolbar\1.0\WolframBands32.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programmi_CS5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programmi\Vuze_Remote\tbVuz1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [amd_dc_opt] C:\Programmi\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Programmi\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programmi\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programmi\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Programmi\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Programmi_\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Cobian Backup 10 Interface] "C:\Programmi\Cobian Backup 10\cbInterface.exe" -service
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Programmi\File comuni\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Programmi\File comuni\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VMware hqtray] "C:\Programmi\VMware\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [HKLM] C:\WINDOWS\system32\Winbooterr\svchost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Programmi\File comuni\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HKCU] C:\WINDOWS\system32\Winbooterr\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\Winbooterr\svchost.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\Winbooterr\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: OfficeServ Call.lnk = C:\Programmi\Samsung Electronics\OfficeServ Call\Call.exe
O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\Bin\w3dbsmgr.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Programmi\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmi\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\programmi\vmware\vmware player\vsocklib.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=93&bd=all&pf=cmdt
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = softwarein.local
O17 - HKLM\Software\..\Telephony: DomainName = softwarein.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{458CCAA6-0DF7-4C35-82A9-B9CB7E3FE283}: NameServer = 192.168.1.99,192.168.1.98
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = softwarein.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = softwarein.local
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\astsrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cobian Backup 10 Volume Shadow Copy service (cbVSCService) - CobianSoft, Luis Cobian - C:\Programmi\Cobian Backup 10\cbVSCService.exe
O23 - Service: Cobian Backup 10 (CobianBackup10) - Luis Cobian, CobianSoft - C:\Programmi\Cobian Backup 10\cbService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programmi\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Scansione in tempo reale di Trend Micro Client/Server Security Agent (ntrtscan) - Trend Micro Inc. - C:\Programmi\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Personal Firewall di Trend Micro Client/Server Security Agent (OfcPfwSvc) - Trend Micro Inc. - C:\Programmi\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Programmi\Trend Micro\Client Server Security Agent\tmlisten.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Programmi\VMware\VMware Player\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Programmi\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Programmi\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 14603 bytes

===
dcrescenti
Newbie
 
Post: 3
Iscritto il: 30/08/10 16:33

Sponsor
 

Re: LOG HijackThis

Postdi FDAC » 30/08/10 17:39

Ciao,
- Apri HJT
- do a system scan only
- metti la spunta su queste voci:

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programmi_CS5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: VMN Toolbar - {078fed71-52f2-4a49-a0ab-6453e2ca72ba} - C:\Programmi\vmndtx\vmndx.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programmi\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programmi\Vuze_Remote\tbVuz1.dll
O2 - BHO: Security Helper {D63F58E9-B8BB-4DBA-B2A0-44F72C2A61BD} - {D63F58E9-B8BB-4DBA-B2A0-44F72C2A61BD} - C:\Programmi\vmndtx\auxi\vmndAu.dll
O3 - Toolbar: VMN Toolbar - {078fed71-52f2-4a49-a0ab-6453e2ca72ba} - C:\Programmi\vmndtx\vmndx.dll
O3 - Toolbar: Wolfram Toolbar - {9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} - C:\Programmi\Wolfram Research\WolframToolbar\1.0\WolframBands32.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programmi_CS5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programmi\Vuze_Remote\tbVuz1.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Programmi_\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VMware hqtray] "C:\Programmi\VMware\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [HKLM] C:\WINDOWS\system32\Winbooterr\svchost.exe
O4 - HKCU\..\Run: [HKCU] C:\WINDOWS\system32\Winbooterr\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\Winbooterr\svchost.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\Winbooterr\svchost.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Programmi\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O10 - Unknown file in Winsock LSP: c:\programmi\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\programmi\vmware\vmware player\vsocklib.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=93&bd=all&pf=cmdt

e clicchi su Fix Checked.

POI:
Elimina queste cartelle:
C:\Programmi\vmndtx
C:\Programmi\BitComet
C:\Programmi\Vuze_Remote
C:\Programmi\Wolfram Research


Hai due Adobe Reader installati nel tuo sistema.
Provvedi a disinstallare e reinstallarne una versione unica, non di più.

POI:

Esegui una scansione COMPLETA con MALWAREBYTES aggiornato -non serve scaricare questo programma, è gia presente nel tuo PC-, invia qui il file di testo che alla fine della scansione il programma rilascerà.
MSN/Email: supercesco94@hotmail.it
Skype: francesco240194
Sito Web: http://windowspertutti.altervista.org
FDAC
Utente Senior
 
Post: 235
Iscritto il: 30/07/10 08:39
Località: Trento

Re: LOG HijackThis

Postdi dcrescenti » 31/08/10 14:37

fatte tutte le operazioni, segue la scansione (ho detto di rimuovere i malware)...

non vedo allega file e quindi lo incollo a seguire

===
Malwarebytes' Anti-Malware 1.44
Database version: 3916
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

31/08/2010 15.32.11
mbam-log-2010-08-31 (15-32-11).txt

Scan type: Full Scan (C:\|)
Objects scanned: 556220
Time elapsed: 2 hour(s), 42 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 5
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed

Components\{0ds01an7-555f-s2e8-cqx6-n1p2132015qp} (Generic.Bot.H) -> Quarantined and deleted

successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu (Trojan.Backdoor) ->

Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies

(Trojan.Backdoor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hklm (Trojan.Backdoor) ->

Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies

(Trojan.Backdoor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and

deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default)

(Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\diego.crescenti\Impostazioni

locali\Dati applicazioni\av.exe" /START "C:\Programmi\Internet Explorer\iexplore.exe") Good:

(iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) ->

Bad: (Explorer.exe C:\WINDOWS\Config\csrss.exe) Good: (Explorer.exe) -> Quarantined and deleted

successfully.

Folders Infected:
C:\WINDOWS\system32\Winbooterr (Trojan.Backdoor) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\Winbooterr\svchost.exe (Generic.Bot.H) -> Quarantined and deleted

successfully.
C:\Documents and Settings\diego.crescenti\Impostazioni locali\Temp\xxxyyyzzz.dat (Malware.Trace)

-> Quarantined and deleted successfully.
C:\Documents and Settings\diego.crescenti\Impostazioni locali\Temp\IELOGIN.abc (Malware.Trace) ->

Quarantined and deleted successfully.
C:\Documents and Settings\diego.crescenti\Dati applicazioni\cglogs.dat (Malware.Trace) ->

Quarantined and deleted successfully.
C:\Documents and Settings\diego.crescenti\Impostazioni locali\Temp\MSN.abc (Malware.Trace) ->

Quarantined and deleted successfully.
C:\Documents and Settings\diego.crescenti\Impostazioni locali\Temp\UuU.uUu (Malware.Trace) ->

Quarantined and deleted successfully.
C:\Documents and Settings\diego.crescenti\Impostazioni locali\Temp\XxX.xXx (Malware.Trace) ->

Quarantined and deleted successfully.
===

FATTO attendo fiducioso e ancora grazie
dcrescenti
Newbie
 
Post: 3
Iscritto il: 30/08/10 16:33

Re: LOG HijackThis

Postdi FDAC » 31/08/10 16:54

Malwarebytes installato nel tuo sistema NON è ne' l'ultima versione, ne' è in italiano.
Procedi dunque con quello che ti scrivo sotto -sappi che Malwarebytes ha eliminato comunque parecchi fetecchioni -.
scarica ed installa Malwarebytes:
http://www.techspot.com/downloadget.php ... b719e1d18d
In fase di installazione, lascia le due spunte:
- Aggiorna Malwarebytes' Anti-Malware
- Avvia Malwarebytes' Anti-Malware

Esegui una scansione completa dei sistema
Posta qui il log che alla fine della scansione il programma rilascerà
MSN/Email: supercesco94@hotmail.it
Skype: francesco240194
Sito Web: http://windowspertutti.altervista.org
FDAC
Utente Senior
 
Post: 235
Iscritto il: 30/07/10 08:39
Località: Trento

Re: LOG HijackThis

Postdi dcrescenti » 03/09/10 07:58

ecco la scansione fatta con mamb 1.46

===
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versione database: 4530

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

03/09/2010 8.56.05
mbam-log-2010-09-03 (08-56-05).txt

Tipo di scansione: Scansione completa (C:\|S:\|T:\|)
Elementi esaminati: 1439046
Tempo trascorso: 9 ore, 8 minuti, 54 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 1

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
T:\BitTorrent\Adobe.CS5.Keygen\Adobe.CS5.Keygen\Keygen\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
===

Mi sembra che già ci siano meno stranezze... GRAZIE... fammi sapere di questa scansione
dcrescenti
Newbie
 
Post: 3
Iscritto il: 30/08/10 16:33

Re: LOG HijackThis

Postdi FDAC » 04/09/10 19:08

Ciao Diego:
Elimina questa cartella, contenente un software piratato:

T:\BitTorrent\Adobe.CS5.Keygen

Quanti HD possiedi? Ci ha impiegato quasi 10 ore ad effettuare la scansione.

Posta un log AGGIORNATO di Hijackthis.
MSN/Email: supercesco94@hotmail.it
Skype: francesco240194
Sito Web: http://windowspertutti.altervista.org
FDAC
Utente Senior
 
Post: 235
Iscritto il: 30/07/10 08:39
Località: Trento

Re: LOG HijackThis

Postdi Riverside » 04/09/10 19:24

FDAC ha scritto:Quanti HD possiedi? Ci ha impiegato quasi 10 ore ad effettuare la scansione.

Quando finirai di fare danni, ci avvisi con un post di commiato FDAC?
Riverside
Utente Senior
 
Post: 2001
Iscritto il: 03/06/10 10:35
Località: "Riverside House" Italy

Re: LOG HijackThis

Postdi FDAC » 04/09/10 19:31

Spiegati meglio, Riverside.
MSN/Email: supercesco94@hotmail.it
Skype: francesco240194
Sito Web: http://windowspertutti.altervista.org
FDAC
Utente Senior
 
Post: 235
Iscritto il: 30/07/10 08:39
Località: Trento

Re: LOG HijackThis

Postdi Riverside » 04/09/10 19:47

FDAC ha scritto:Spiegati meglio, Riverside.

Un esempio (e ne potrei portare altri) FDAC?
FDAC ha scritto:Elimina questa cartella, contenente un software piratato: T:\BitTorrent\Adobe.CS5.Keygen

quel keygen è già stato spazzato via da Malwarebytes, e tu pensi che si trovi ancora in quella cartella?.
Io comprendo la tua voglia di collaborare, ma credo che tu debba ancora imparare molto.
Se davvero (questo non è il tuo forum .... ) vuoi imparare qualcosa, inzia a seguire gente come Luke ed altri sul forum (io non faccio testo .... sono il più scarso della compagnia ..... ) e vedrai che qualcosa impari.
Altra cosa: evita il log di Hijackthis, almeno per ora, non è roba per te.
Riverside
Utente Senior
 
Post: 2001
Iscritto il: 03/06/10 10:35
Località: "Riverside House" Italy

Re: LOG HijackThis

Postdi FDAC » 05/09/10 08:50

Mi spiego:
Ho fatto eliminare quella cartella, in quanto un Software craccato senza Keygen è come un computer senza hardware:
senza le componenti meccaniche, infatti, esso non funzionerebbe.
Stessa cosa vale per i Sw:
ho fatto eliminare la cartella, perchè occupa spazio su disco, e non serve a nulla.
Saro' pur testardo, ma a volte ho ragione.
Questo penso sia una di quelle.
Ciao
MSN/Email: supercesco94@hotmail.it
Skype: francesco240194
Sito Web: http://windowspertutti.altervista.org
FDAC
Utente Senior
 
Post: 235
Iscritto il: 30/07/10 08:39
Località: Trento


Torna a Sicurezza e Privacy


Topic correlati a "LOG HijackThis":

Analisi log HijackThis
Autore: Sanko
Forum: Sicurezza e Privacy
Risposte: 4
Pc lento e Hijackthis
Autore: Flopez
Forum: Assistenza Hardware
Risposte: 3
HijackThis
Autore: franco58
Forum: Sistemi Operativi Windows
Risposte: 0

Chi c’è in linea

Visitano il forum: Nessuno e 41 ospiti