Condividi:        

Log Hjackthis

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Log Hjackthis

Postdi Luvi » 14/04/06 17:52

COme da oggetto, vi posto il mio log sperando che qualcuno mi dica come si leva sto downloader zlob che da un paio di giorni ho beccato. :neutral:

Ciao e grazie :D
Luvi
Newbie
 
Post: 8
Iscritto il: 01/04/06 16:58

Sponsor
 

Postdi hydra » 14/04/06 17:53

Prego ma.... dov'è il log??? :eeh:
Avatar utente
hydra
Moderatore
 
Post: 7007
Iscritto il: 19/07/04 08:06
Località: Vallis Duplavis

Postdi Luvi » 14/04/06 17:53

Scusate il doppio messaggio, ma nn c'e' il tasto edita.

Logfile of HijackThis v1.99.1
Scan saved at 18.50.58, on 14/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\eScan\TRAYSSER.EXE
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\Programmi\ewido anti-malware\ewidoguard.exe
C:\PROGRA~1\eScan\avpm.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\USBStorage\USBDetector.exe
C:\Programmi\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\System32\khooker.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\optmouse.exe
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\PROGRA~1\eScan\TRAYICOS.EXE
C:\PROGRA~1\eScan\AVPMWrap.EXE
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Asus\ASUS Hotkey\Hotkey.exe
C:\WINDOWS\system32\ch_utility.exe
C:\Programmi\Asus\Asus ChkMail\ChkMail.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\PROGRA~1\eScan\MAILDISP.EXE
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\PROGRA~1\eScan\SPOOLER.EXE
C:\PROGRA~1\eScan\MAILSCAN.EXE
C:\PROGRA~1\eScan\kavss.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\eScan\AvpM.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\term14\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mtpvcnozskeuifa.com/fKM4cPl6 ... WcSUxQ.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com.tw
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll (file missing)
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series (Copia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P40 "EPSON Stylus Photo R200 Series (Copia 1)" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Power_Gear] C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [OPTMOUSEMOUSE] C:\WINDOWS\system32\optmouse.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [MailScan Dispatcher] "C:\Programmi\eScan\LAUNCH.EXE"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [eScan Updater] C:\PROGRA~1\eScan\TRAYICOS.EXE /App
O4 - HKLM\..\Run: [eScan Monitor] C:\PROGRA~1\eScan\AVPMWrap.EXE
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O5 "LPT1:" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\Pirelli\Access Gateway USB Network\CnxTrApp.dll",AppEntry -REG "Pirelli\Access Gateway USB"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R200 Series (Copia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P40 "EPSON Stylus Photo R200 Series (Copia 1)" /M "Stylus Photo R200" /EF "HKCU"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Hotkey.lnk = C:\Programmi\Asus\ASUS Hotkey\Hotkey.exe
O4 - Global Startup: Chrontel TV.lnk = C:\WINDOWS\system32\ch_utility.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Programmi\Asus\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_01\bin\npjpi150_01.dll
O10 - Broken Internet access because of LSP provider 'mwtsp.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b30149.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b30149.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b30149.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC81DFDC-3C96-4511-A617-9275C1FADB94}: NameServer = 212.216.112.222,212.216.172.162
O17 - HKLM\System\CCS\Services\Tcpip\..\{D127683E-E9A3-4B72-B2B8-2F0F1852D37D}: NameServer = 85.37.17.39 85.38.28.71
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: eScan Server-Updater (eScan-trayicos) - Unknown owner - C:\PROGRA~1\eScan\TRAYSSER.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: eScan Monitor Service (KAVMonitorService) - Kaspersky Labs. - C:\PROGRA~1\eScan\avpm.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Luvi
Newbie
 
Post: 8
Iscritto il: 01/04/06 16:58

Postdi hydra » 14/04/06 17:55

Il log mi sembra a posto.
Avatar utente
hydra
Moderatore
 
Post: 7007
Iscritto il: 19/07/04 08:06
Località: Vallis Duplavis

Postdi Luvi » 14/04/06 18:00

Boh. .sara' .. ma intanto da un paio di giorni ewido mi dice all'avvio che c'e' sia dowloader zlob che mscornet.exe.. :roll:

E tutto si apre un po' piu' lentamente del solito.
Luvi
Newbie
 
Post: 8
Iscritto il: 01/04/06 16:58

Postdi hydra » 14/04/06 18:02

Prova con start-esegui-msconfig e nel tab Avvio controlla se ci sono queste cose.
Avatar utente
hydra
Moderatore
 
Post: 7007
Iscritto il: 19/07/04 08:06
Località: Vallis Duplavis

Postdi Luvi » 14/04/06 18:04

Non ci sono.
Luvi
Newbie
 
Post: 8
Iscritto il: 01/04/06 16:58

Postdi hydra » 14/04/06 18:38

Ma l'antivirus non te li leva?
Avatar utente
hydra
Moderatore
 
Post: 7007
Iscritto il: 19/07/04 08:06
Località: Vallis Duplavis

Postdi Luvi » 14/04/06 18:56

Quando parte la scansione 9 volte su 10 si pegne il pc a meta' scansione e nel frattempo li trova. :neutral:

Grazie Hidra per il tempo che mi dedichi :D
Luvi
Newbie
 
Post: 8
Iscritto il: 01/04/06 16:58

Postdi Luke57 » 14/04/06 23:32

Ciao, hai provato ad usare smitrem?
Qui:
http://www.pc-facile.com/forum/viewtopi ... 04&start=0
link per scaricarlo e istruzioni (preziose) di lucas/s sull'utilizzo
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10


Torna a Sicurezza e Privacy


Topic correlati a "Log Hjackthis":

Help hjackthis
Autore: liam77
Forum: Sicurezza e Privacy
Risposte: 21

Chi c’è in linea

Visitano il forum: Nessuno e 16 ospiti

cron