Condividi:        

Log di hijack...

Risolvi qui i tuoi problemi legati a Windows '95, '98, ME, NT, 2000, XP, 2003, Vista...

Moderatori: m.paolo, antoo69, -> EleKtrA <-

Log di hijack...

Postdi nippon » 20/05/14 22:32

Ciao a tutti! :)

Mi fa molto piacere ritrovarvi dopo tanto tempo... ;)

Senza farvi perdere troppo tempo, ho un pc che sto sistemando...

E' un ASUS Eee PC 1001PXD

Il computer è d'una lentezza scandalosa (tanto è inutile che vi spieghi, perché sapete bene cosa posso intendere... ;) ), ed in modalità provvisoria va un po' meglio.

Sono riuscito a metterci sopra CCleaner per pulirlo, ed ho fatto un log con hijack così da farvi vedere com'è la situazione prima che ci metta mano in modo più approfondito... ;)

Codice: Seleziona tutto
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:06:30, on 20/05/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16843)
Boot mode: Safe mode with network support

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\wininit.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe
C:\windows\system32\ctfmon.exe
C:\windows\system32\DllHost.exe
C:\windows\System32\svchost.exe
C:\Users\CLAUDIA\Desktop\Programmi Claudia\HiJackThis 2.0.4.exe
C:\windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZ1NhvDrYVql-uDq32sCRP-znDR-DumyNuAc1_QrQyntAAUjE4XUCcfGlBh48STwI110YDny6CPTdqIPYvs6poH5GJk1C4qO0806DFnxcn22p1t4sRiITc1LJswP2J6f9qb-dnFaxPI4rA,,&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZ1NhvDrYVql-uDq32sCRP-znDR-DumyNuAc1_QrQyntAAUjE4XUCcfGlBh48STwI110YDny6CPTdqIPYvs6poH5GJk1C4qO0806DFnxcn22p1t4sRiITc1LJswP2J6f9qb-dnFaxPI4rA,,&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.default-search.net?sid=492&aid=105&itype=n&ver=12283&tm=337&src=hmp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nationzoom.com/web/?type=ds&ts=1390120110&from=tt4u&uid=HitachiXHTS543225A7A384_E2021342GLZD1JGLZD1JX&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.nationzoom.com/web/?type=ds&ts=1390120110&from=tt4u&uid=HitachiXHTS543225A7A384_E2021342GLZD1JGLZD1JX&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZ1NhvDrYVql-uDq32sCRP-znDR-DumyNuAc1_QrQyntAAUjE4XUCcfGlBh48STwI110YDny6CPTdqIPYvs6poH5GJk1C4qO0806DFnxcn22p1t4sRiITc1LJswP2J6f9qb-dnFaxPI4rA,,&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZ1NhvDrYVql-uDq32sCRP-znDR-DumyNuAc1_QrQyntAAUjE4XUCcfGlBh48STwI110YDny6CPTdqIPYvs6poH5GJk1C4qO0806DFnxcn22p1t4sRiITc1LJswP2J6f9qb-dnFaxPI4rA,,&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:14174
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 54.225.95.126 dmcecclamecbinmplcolhaljlclhbgah
O2 - BHO: CrossriderApp0053166 - {11111111-1111-1111-1111-110511311166} - C:\Program Files\Plus-HD-9.5\Plus-HD-9.5-bho.dll
O2 - BHO: CrossriderApp0054246 - {11111111-1111-1111-1111-110511421146} - C:\Program Files\MediaPlayerplus\MediaPlayerplus-bho.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SmartbarInternetExplorerBHOEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll (file missing)
O2 - BHO: PowerOffer - {3543619C-D563-43f7-95EA-4DA7E1CC396A} - C:\Users\Public\Documents\PowerOffer\PowerOfferBHO.dll
O2 - BHO: Linkey - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\PROGRA~1\Linkey\IEEXTE~1\iedll.dll
O2 - BHO: CostMin - {54C7CCFE-2E82-2220-93B8-FB7C4109BE78} - C:\Program Files\CostMin\7.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Fortunitas - {c6f3fc7b-d607-44ec-9caf-2a41d547137f} - C:\Program Files\Fortunitas\Fortunitasbho.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Coupon Server BHO - {F791D8AE-47E8-40A5-A913-EB2D2AF29602} - C:\Program Files\Coupon Server\FrameworkBHO.dll
O3 - Toolbar: (no name) - {ec2bae47-25af-4ce9-9e78-10627a49c9ea} - (no file)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Shopping Helper Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HotkeyMon] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
O4 - HKLM\..\Run: [HotkeyService] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
O4 - HKLM\..\Run: [SuperHybridEngine] AsusSender.exe C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
O4 - HKLM\..\Run: [LiveUpdate] AsusSender.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto
O4 - HKLM\..\Run: [CapsHook] AsusSender.exe C:\Program Files\EeePC\CapsHook\CapsHook.exe
O4 - HKLM\..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe autorun
O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\2.2.56.108\ASUSWSDashBoard.exe /S
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [Boingo Wi-Fi] "C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [Iminent] C:\Program Files\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
O4 - HKLM\..\Run: [IminentMessenger] C:\Program Files\Iminent\Iminent.Messengers.exe
O4 - HKLM\..\Run: [BService] C:\Program Files\Bench\BService\bservice.exe
O4 - HKLM\..\Run: [Wd] C:\Program Files\Bench\Wd\wd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [fst_it_112] "C:\Program Files\fst_it_112\fst_it_112.exe"
O4 - HKLM\..\RunOnce: [Coupon Server-repairJob] wscript.exe "C:\Users\CLAUDIA\AppData\Local\Coupon Server\repair.js" "Coupon Server-repairJob"
O4 - HKLM\..\RunOnce: [upfst_it_112.exe] C:\Users\CLAUDIA\AppData\Local\fst_it_112\upfst_it_112.exe -runonce
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [Browser Infrastructure Helper] C:\Users\CLAUDIA\AppData\Local\Smartbar\Application\Smartbar.exe startup
O4 - HKCU\..\Run: [M6] C:\Users\CLAUDIA\AppData\Roaming\M6 Processing\M6.exe
O4 - HKCU\..\Run: [vm6] C:\Users\CLAUDIA\AppData\Roaming\M6 Processing\vm6.exe
O4 - HKCU\..\Run: [contextfr] C:\Users\CLAUDIA\AppData\Local\Context2pro\contextfr.exe
O4 - HKCU\..\Run: [conadvanced] C:\Users\CLAUDIA\AppData\Local\Context2pro\conadvanced.exe
O4 - HKCU\..\Run: [contextprod] C:\Users\CLAUDIA\AppData\Local\Context2pro\contextprod.exe
O4 - HKCU\..\Run: [CCleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - Startup: MyPC Backup.lnk = C:\Program Files\MyPC Backup\MyPC Backup.exe
O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files\ASUS\AsusVibe\AsusVibeLauncher.exe
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{6717794E-42C2-4036-9860-D87234A8310D}: NameServer = 127.0.0.1
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Asus Launcher Service (AsusService) - Unknown owner - C:\Windows\System32\AsusService.exe
O23 - Service: Computer Backup (MyPC Backup) (BackupStack) - Just Develop It - C:\Program Files\MyPC Backup\BackupStack.exe
O23 - Service: BlockAndSurf - Unknown owner - C:\Program Files\BlockAndSurf-soft\BlockAndSurfKF161.exe
O23 - Service: Datamngr Coordinator (DatamngrCoordinator2) - Unknown owner - C:\Program Files\Movies Toolbar\Datamngr\DatamngrCoordinator.exe (file missing)
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LPT System Updater Service (LPTSystemUpdater) - Unknown owner - C:\Program Files\LPT\srpts.exe
O23 - Service: Penwes.com Service (PenWesController) - Unknown owner - C:\Program Files\Penwes\PenwesService.exe
O23 - Service: PriceMeterLiveUpdate Service (pricemeterliveUpdate) (pricemeterliveUpdate) - PriceMeter - C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe
O23 - Service: PriceMeterLiveUpdate Service (pricemeterliveUpdatem) (pricemeterliveUpdatem) - PriceMeter - C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Systemk Service (SystemkService) - Aztec Media Inc - C:\Program Files\Settings Manager\systemk\SystemkService.exe
O23 - Service: Systemk Service2 (SystemkService2) - Aztec Media Inc - C:\Program Files\Settings Manager\systemk\SystemkService.exe
O23 - Service: Update Fortunitas - Unknown owner - C:\Program Files\Fortunitas\updateFortunitas.exe
O23 - Service: Util Fortunitas - Unknown owner - C:\Program Files\Fortunitas\bin\utilFortunitas.exe
O23 - Service: Service Component of VO (vosr) - Unknown owner - C:\Users\CLAUDIA\AppData\Roaming\VOPackage\VOsrv.exe

--
End of file - 12961 bytes



C'è qualche consiglio che potete darmi? ;)


Grazie mille! :)
CIAO A TUTTI E GRAZIE A TUTTI QUELLI CHE MI PRENDERANNO IN CONSIDERAZIONE! :)
Avatar utente
nippon
Utente Senior
 
Post: 841
Iscritto il: 22/04/07 15:19

Sponsor
 

Re: Log di hijack...

Postdi Dylan666 » 21/05/14 11:43

Incolla il log qui e dicci delle voci gialle o rosse quali proprio non conosci:
http://www.hijackthis.de/it
Avatar utente
Dylan666
Moderatore
 
Post: 40108
Iscritto il: 18/11/03 16:46

Re: Log di hijack...

Postdi nippon » 21/05/14 11:57

Ciao Dylan! :)

Il fatto è che il pc non è il mio, quindi non so se posso fixare tranquillamente tutte le voci gialle e rosse...
CIAO A TUTTI E GRAZIE A TUTTI QUELLI CHE MI PRENDERANNO IN CONSIDERAZIONE! :)
Avatar utente
nippon
Utente Senior
 
Post: 841
Iscritto il: 22/04/07 15:19

Re: Log di hijack...

Postdi Dylan666 » 21/05/14 21:28

Facciamo così, dai una passata di questo, poi rifai un log:
http://www.malwarebytes.org/mwb-download/
Avatar utente
Dylan666
Moderatore
 
Post: 40108
Iscritto il: 18/11/03 16:46

Re: Log di hijack...

Postdi nippon » 31/05/14 10:56

Anche se in ritardo, ...grazie Dylan! ;)

...Comunque, il computer stava messo peggio di come avrei potuto immaginare! :eeh:

Morale della favola...
La cosa più semplice da fare è stata formattarlo, ripartendo tutto da 0...
Poi col Norton Ghost ho creato un'immagine da ripristinare qualora ci dovessero essere ancora problemi... ;)


Grazie comunque della pronta assistenza! ;)
CIAO A TUTTI E GRAZIE A TUTTI QUELLI CHE MI PRENDERANNO IN CONSIDERAZIONE! :)
Avatar utente
nippon
Utente Senior
 
Post: 841
Iscritto il: 22/04/07 15:19

Re: Log di hijack...

Postdi Dylan666 » 31/05/14 16:23

Grazie a te del feedback
Avatar utente
Dylan666
Moderatore
 
Post: 40108
Iscritto il: 18/11/03 16:46

Re: Log di hijack...

Postdi nippon » 03/06/14 10:14

Dovere! ;)
CIAO A TUTTI E GRAZIE A TUTTI QUELLI CHE MI PRENDERANNO IN CONSIDERAZIONE! :)
Avatar utente
nippon
Utente Senior
 
Post: 841
Iscritto il: 22/04/07 15:19


Torna a Sistemi Operativi Windows


Topic correlati a "Log di hijack...":

controllo Hijack
Autore: dayfreeman
Forum: Sicurezza e Privacy
Risposte: 1

Chi c’è in linea

Visitano il forum: Nessuno e 5 ospiti