Condividi:        

Hijackth log interpretation

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Hijackth log interpretation

Postdi al3ssio » 29/05/06 18:35

Ciao a tutti, questaè la prima volta che mi servo del forum per un problema di spware, ma leggevo sempre con curiosità le vostre risposte ed ora, col pc della mia coinquilina (francese) reso inservibile da decine di finestre che si aprono da sole (la situazione è veramente drammatica) posso anch'io dire: "sottopongo alla vostra attenzione il log di hijackthis"! Grazie per il vostro aiuto.

al3ssio&Valeryanne

Logfile of HijackThis v1.99.1
Scan saved at 19:09:21, on 29/05/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\algsec.exe
C:\WINDOWS\dm91bA\command.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\mmrserv.exe
C:\Norman\NVC\BIN\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
c:\eqcudara.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\NORMAN\nvc\BIN\ZLH.EXE
C:\WINDOWS\System32\update32.exe
C:\Program Files\lilbuhgx.exe
C:\NORMAN\nvc\BIN\NJEEVES.EXE
C:\WINDOWS\System32\0mcamcap.exe
C:\windows\system32\taskmgn.exe
C:\NORMAN\nvc\BIN\nvcoas.exe
C:\defender23.exe
C:\NORMAN\nvc\BIN\NYMSE.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\NORMAN\nvc\BIN\NIP.EXE
C:\WINDOWS\System32\rpcc.exe
C:\Program Files\webHancer\Programs\whagent.exe
C:\Program Files\webHancer\Programs\whsurvey.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\NORMAN\nvc\BIN\cclaw.exe
C:\Program Files\Microsoft Picture It! 7\mhpwa7.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
c:\puujo.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
c:\Program Files\lilbuhgx.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\TheMatrixHasYou.exe
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\voul\Bureau\Hijackthis anti-spy\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL (file missing)
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00027.exe"
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Windows update adbpro] update32.exe
O4 - HKLM\..\Run: [SysTray] c:\Program Files\lilbuhgx.exe
O4 - HKLM\..\Run: [1ef32631.exe] C:\WINDOWS\System32\1ef32631.exe
O4 - HKLM\..\Run: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe
O4 - HKLM\..\Run: [idqyJiaxvJ] C:\WINDOWS\System32\pzbepklkfwnzeq.exe
O4 - HKLM\..\Run: [Windows Task Manager] c:\windows\system32\taskmgn.exe
O4 - HKLM\..\Run: [defender] c:\\defender24.exe
O4 - HKLM\..\Run: [keyboard] c:\\keyboard24.exe
O4 - HKLM\..\Run: [newname] c:\\newname24.exe
O4 - HKLM\..\Run: [w00e892b.dll] RUNDLL32.EXE w00e892b.dll,I2 0011970b000e892b
O4 - HKLM\..\Run: [rpcc] rpcc.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\RunServices: [Windows update adbpro] update32.exe
O4 - HKLM\..\RunServices: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe
O4 - HKLM\..\RunServices: [idqyJiaxvJ] C:\WINDOWS\System32\pzbepklkfwnzeq.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} (SponsorAdulto Class) - http://ip.sponsoradulto.com/cab/3/fr/Sy ... comInt.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\g8jo0i13e8.dll
O20 - Winlogon Notify: xptptt - C:\WINDOWS\SYSTEM32\xptptt.dll
O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINDOWS\System32\bgohfhkm.dll
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINDOWS\System32\dcom_21.dll
O21 - SSODL: hLOBiMfXsr - {6CE91AFD-C643-B057-1EAC-1D8A800A9050} - C:\WINDOWS\System32\xcu.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\dm91bA\command.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\NORMAN\nvc\BIN\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\NVC\BIN\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\nvc\BIN\NVCSCHED.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
al3ssio
Utente Senior
 
Post: 239
Iscritto il: 08/05/04 15:59

Sponsor
 

Postdi dado » 29/05/06 18:37

Copia il log in questa pagina e clicca su analyze:
http://www.hijackthis.de/it

Ti verrà indicato cosa è pericoloso, cosa devi eliminare...

House: "Vede, tutti pensano che sia un paziente a causa del bastone"
Wilson: "Allora perchè non indossa un camice bianco come tutti noi?"
House: "Perchè altrimenti pensano che sia un medico".
Avatar utente
dado
Utente Senior
 
Post: 16208
Iscritto il: 21/08/01 01:00
Località: La Città dei Sette Assedi

Postdi Dylan666 » 29/05/06 18:57

Avresti dovuto postare nella sezione Security, sposto ;)
Ps: fai come dice dado e della pagina che viene segnati e leva TUTTI i Rossi e i Gialli cancellandone dopo i file mentre sei in modalità provvisoria tranne questo se la tua amica usa veramente "Microsoft Picture It! 7"

C:\Program Files\Microsoft Picture It! 7\mhpwa7.exe
Avatar utente
Dylan666
Moderatore
 
Post: 40118
Iscritto il: 18/11/03 16:46

Postdi D4rthSaurd » 02/06/06 01:37

ciao a tutttiii!!da qualche gg ha scaricato qualche film con programmi p2p, ho un problema, alcuni file scaricati nn ne vogliono sentire di essere cestinati, e mi ritrovo con 5Giga d roba inutile ke occupa solo spazio---

non ho idea della natura del problema, in attesa di soluzioni vi invio il log dell'amico jack(a scanso di equivoci)
Logfile of HijackThis v1.99.1
Scan saved at 3.51.28, on 02/06/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\system32\nvsvc32.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\WINNT\system32\stisvc.exe
E:\WINNT\system32\ZONELABS\vsmon.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\system32\svchost.exe
E:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\WINNT\system32\internat.exe
E:\WINNT\system32\RUNDLL32.EXE
E:\WINNT\system32\wuauclt.exe
E:\WINNT\explorer.exe
E:\Programmi\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
E:\Programmi\Internet Explorer\iexplore.exe
E:\Programmi\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/intl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\programmi\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Programmi\MSN Apps\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\system32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Programmi\MSN Apps\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPHUPD08] E:\Programmi\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] E:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Zone Labs Client] E:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Manolito] E:\Programmi\Manolito SILENT
O4 - HKLM\..\Run: [msci] E:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\2006529193938_mcinfo.exe /insfin
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "E:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: ScreenThemes.lnk = E:\WINNT\scthemes\scthemes.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = E:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = E:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Cerca con Google - res://E:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://E:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Link a ritroso - res://E:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://E:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://E:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .spop: E:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINNT\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINNT\system32\ZONELABS\vsmon.exe
D4rthSaurd
Utente Junior
 
Post: 64
Iscritto il: 14/03/06 19:59

Postdi Ottavia » 02/06/06 18:05

a me era capitato di scaricare un film che poi non riuscivo a cestinare, sono riuscita a risolvere elimindalo in modalità provvisoria
Ottavia
Utente Senior
 
Post: 126
Iscritto il: 26/09/05 17:13

Postdi Luke57 » 02/06/06 19:34

Il log sembra a posto, segui il consiglio di octavia.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Postdi D4rthSaurd » 10/06/06 15:27

Ciao ragazzi in effetti ho risolto il problema avviando il sistema op sull'altra partiz e eliminando i file da li.. :D
D4rthSaurd
Utente Junior
 
Post: 64
Iscritto il: 14/03/06 19:59


Torna a Sicurezza e Privacy


Topic correlati a "Hijackth log interpretation":

Log di hijackth
Autore: mich74
Forum: Sicurezza e Privacy
Risposte: 1

Chi c’è in linea

Visitano il forum: Nessuno e 15 ospiti

cron