Accedi per seguire   
Seguaci 0
Ryo Saeba

Messengers Invia Messaggi A Tutti

Iniziato da Ryo Saeba,

4 messaggi in questa discussione

Inviato

Ciao a tutti.

Posto questo log dopo che alcuni amici dicono di ricevere messaggi a go-go senza che l'utente faccia assolutamente niente.

Potete darci una occhiata e dirmi se c'e qualcosa che non va?

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21.22.42, on 04/01/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe

F:\WINDOWS\system32\svchost.exe

F:\Programmi\Alwil Software\Avast4\aswUpdSv.exe

F:\WINDOWS\Explorer.EXE

F:\Programmi\Alwil Software\Avast4\ashServ.exe

F:\Programmi\Java\jre1.6.0_03\bin\jusched.exe

F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

F:\Program Files\D-Link\DSL-200\dslstat.exe

F:\Program Files\D-Link\DSL-200\dslagent.exe

F:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

F:\Programmi\DS-3200 Wireless Optical Slimline Deskset\MouseDrv.exe

F:\Programmi\DS-3200 Wireless Optical Slimline Deskset\PS2USBKbdDrv.exe

F:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe

F:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe

F:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe

F:\Programmi\ScanSoft\PaperPort\pptd40nt.exe

F:\Programmi\Brother\ControlCenter2\brctrcen.exe

F:\WINDOWS\system32\az.exe

F:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

F:\WINDOWS\system32\ctfmon.exe

F:\Programmi\Skype\Phone\Skype.exe

F:\Programmi\Macrogaming\SweetIM\SweetIM.exe

F:\WINDOWS\system32\brsvc01a.exe

F:\WINDOWS\system32\spoolsv.exe

F:\WINDOWS\system32\brss01a.exe

F:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe

F:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe

F:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE

F:\WINDOWS\system32\nvsvc32.exe

F:\DOCUME~1\DICIANTA\IMPOST~1\Temp\500064-PMLPatch\HPZipm12.exe

F:\WINDOWS\system32\svchost.exe

F:\Programmi\Alwil Software\Avast4\ashMaiSv.exe

F:\Programmi\Alwil Software\Avast4\ashWebSv.exe

F:\Programmi\Skype\Plugin Manager\skypePM.exe

F:\Programmi\Internet Explorer\iexplore.exe

F:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.it

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - F:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll

O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - F:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - F:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Programmi\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\programmi\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\programmi\google\googletoolbar1.dll

O3 - Toolbar: SYSTRAN Web Translator 5.0 - {A5899B52-3AF9-4F56-85FE-AD7B3BE8490F} - F:\Programmi\SYSTRAN\5.0\Personal\IEPlugIn.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - F:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NVMixerTray] "F:\Programmi\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "F:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [DSLSTATEXE] F:\Program Files\D-Link\DSL-200\dslstat.exe icon

O4 - HKLM\..\Run: [DSLAGENTEXE] F:\Program Files\D-Link\DSL-200\dslagent.exe

O4 - HKLM\..\Run: [HP Software Update] "F:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [WireLessMouse] F:\Programmi\DS-3200 Wireless Optical Slimline Deskset\MouseDrv.exe

O4 - HKLM\..\Run: [WireLessKeyboard] F:\Programmi\DS-3200 Wireless Optical Slimline Deskset\PS2USBKbdDrv.exe

O4 - HKLM\..\Run: [NeroFilterCheck] F:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [TrueImageMonitor.exe] F:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] F:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "F:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [sSBkgdUpdate] "F:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] F:\Programmi\ScanSoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [indexSearch] F:\Programmi\ScanSoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [setDefPrt] F:\Programmi\Brother\Brmfl05a\BrStDvPt.exe

O4 - HKLM\..\Run: [ControlCenter2.0] F:\Programmi\Brother\ControlCenter2\brctrcen.exe /autorun

O4 - HKLM\..\Run: [az] F:\WINDOWS\system32\az.exe

O4 - HKLM\..\Run: [fzhcmrtfj] F:\WINDOWS\system32\fzhcmrtfj.exe

O4 - HKCU\..\Run: [swg] F:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "F:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [sweetIM] F:\Programmi\Macrogaming\SweetIM\SweetIM.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Invia a periferica &Bluetooth... - F:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programmi\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programmi\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - F:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1189713056531

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1189713018156

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-7f6c5d3dfa82b483.spaces.live.co...ad/MsnPUpld.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{08F906C2-AFD0-40B9-AC30-DD81826D685E}: NameServer = 85.37.17.6 85.38.28.89

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - F:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Programmi\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - F:\Programmi\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - F:\Programmi\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - F:\Programmi\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - F:\WINDOWS\system32\brsvc01a.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - F:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Google Updater Service (gusvc) - Google - F:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - F:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - F:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - F:\DOCUME~1\DICIANTA\IMPOST~1\Temp\500064-PMLPatch\HPZipm12.exe

O23 - Service: Print Spooler Service (uii6axsi) - Unknown owner - F:\WINDOWS\system32\fzhcmrtfj.exe

--

End of file - 11195 bytes

Grazie.

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Queste chiavi del registro non mi convincono... :leggi:

O4 - HKLM\..\Run: [az] F:\WINDOWS\system32\az.exe

O4 - HKLM\..\Run: [fzhcmrtfj] F:\WINDOWS\system32\fzhcmrtfj.exe

O4 - HKCU\..\Run: [swg] F:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

soprattuto la 2a... prova a disattivarle o dimmi se sono qualcosa che hai messo tu! :P:P:P

:)

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

>Grazie per le info :) ma ho formattato tutto anche perchè aveva anche altri problemi..... (ti dicono sempre una cosa per volta.....) :steve: :steve:

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Ciao Ryo Saeba,

dal log in effetti risultava un'infezione...

F:\WINDOWS\system32\az.exe

O4 - HKLM\..\Run: [az] F:\WINDOWS\system32\az.exe

O4 - HKLM\..\Run: [fzhcmrtfj] F:\WINDOWS\system32\fzhcmrtfj.exe

O23 - Service: Print Spooler Service (uii6axsi) - Unknown owner - F:\WINDOWS\system32\fzhcmrtfj.exe

ma se si trattava solo di questo non avevi bisogno di formattare... :P

Una domanda...formattando immagino avrai risolto anche il problema della partizione fantasma, vero ? :leggi:

:P:)

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Crea un account o accedi per lasciare un commento

Devi essere un utente registrato per partecipare

Crea un account

Iscriviti per un nuovo account nella nostra community. È facile!


Registra un nuovo account

Accedi

Sei già registrato? Accedi qui.


Accedi Ora
Accedi per seguire   
Seguaci 0
Vai alla lista Discussioni HiJackThis - Posta qui i Log