Accedi per seguire   
Seguaci 0
debzagfan

Primo Check Log Pc

Iniziato da debzagfan,

4 messaggi in questa discussione

Inviato

Buon giorno a tutti,

sono una new entry e vorrei far verificare il mio primo log di hijackthis.

Viaggio spesso in internet e visto che le precauzioni non sono mai troppe ho deciso di utilizzare questo programma e far controllare il log.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 11.36.48, on 13/09/07

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe

C:\Programmi\Alwil Software\Avast4\aswServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programmi\Alwil Software\Avast4\AvAgent.exe

C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe

C:\Programmi\Microsoft Firewall Client 2004\FwcAgent.exe

C:\WINDOWS\system32\ssoftsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmi\Alwil Software\Avast4\aswMaiSv.exe

C:\Programmi\Alwil Software\Avast4\aswWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\PROGRA~1\ALWILS~1\Avast4\aswDisp.exe

C:\Programmi\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Programmi\File comuni\Real\Update_OB\realsched.exe

C:\Programmi\Spamihilator\spamihilator.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\Microsoft ActiveSync\wcescomm.exe

C:\PROGRA~1\MICROS~2\rapimgr.exe

C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe

C:\Programmi\Microsoft Firewall Client 2004\FwcMgmt.exe

D:\Programmi\Privoxy\privoxy.exe

C:\PROGRA~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE

D:\Programmi\Microsoft Office\OFFICE11\OUTLOOK.EXE

D:\Programmi\Mozilla Firefox\firefox.exe

D:\Programmi\NoAdware5.0\NoAdware5.exe

O:\Download\Software\Utility-Sistema\Spyware-Antivirus\HiJackThis_v2.exe

D:\Programmi\FreshDevices\FreshDownload\fd.exe

D:\Programmi\Foxit Software\Foxit Reader\Foxit Reader.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Mediacom Service ICT

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://isasrv:8080/array.dll?Get.Routing.Script

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = isasrv:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe

O1 - Hosts: 89.97.196.91 mailsrv

O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - D:\Programmi\FreshDevices\FreshDownload\FDCatch.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: KeePass Toolbar Helper - {F5A82B56-150E-4D4F-8802-94B0ED71E257} - C:\Programmi\KeePass Toolbar\v3.2.0.0\KeePass_Toolbar.dll

O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - D:\Programmi\FreshDevices\FreshDownload\fdiebar.dll

O3 - Toolbar: KeePass Toolbar - {76222034-5CFA-4A43-AADE-1E5DACB71469} - C:\Programmi\KeePass Toolbar\v3.2.0.0\KeePass_Toolbar.dll

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\aswDisp.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [spamihilator] "C:\Programmi\Spamihilator\spamihilator.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe"

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] D:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Microsoft Firewall Client Management.lnk = ?

O4 - Global Startup: Privoxy.lnk = D:\Programmi\Privoxy\privoxy.exe

O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: FreshDownload - {0DAE8D03-89F6-49DB-9193-4D4C2D69EB5A} - D:\Programmi\FreshDevices\FreshDownload\fd.exe

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll

O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll

O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/...trolLite_EN.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1171440773953

O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www-307.ibm.com/pc/support/access/a...nt/IbmEgath.cab

O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - https://www-307.ibm.com/pc/support/access/a.../AcpControl.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mediacomgroup.locale

O17 - HKLM\Software\..\Telephony: DomainName = mediacomgroup.locale

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mediacomgroup.locale

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = mediacomgroup.locale

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswMaiSv.exe

O23 - Service: avast! NetAgent - ALWIL Software - C:\Programmi\Alwil Software\Avast4\AvAgent.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswWebSv.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe

O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: Imapi Helper - Alex Feinman - D:\Programmi\Alex Feinman\ISO Recorder\ImapiHelper.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Cryptainer service (ssoftservice) - Cypherix - C:\WINDOWS\SYSTEM32\ssoftsrv.exe

--

End of file - 9746 bytes

Grazie per la verifica

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Ciao, io fixerei questa voce: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

Comunque io sono un profano quindi aspetta il consiglio degli esperti. Buona Fortuna!

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

logokdinoeo3.jpg

debzagfan, non sembrano esserci minacce attive nel tuo sistema... :)

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Grazie a tutti.

avevo qualche dubbio, perche un software asware mi ha tirato fuori una \windows\system32\loader.dll

sospetta.

Ciao

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Crea un account o accedi per lasciare un commento

Devi essere un utente registrato per partecipare

Crea un account

Iscriviti per un nuovo account nella nostra community. È facile!


Registra un nuovo account

Accedi

Sei già registrato? Accedi qui.


Accedi Ora
Accedi per seguire   
Seguaci 0
Vai alla lista Discussioni HiJackThis - Posta qui i Log