PDA

Visualizza versione completa : Qualche problemino..


Giaky
22-10-2006, 11.59.54
Ciao a tutti..
Da un paio di giorni sto avendo qualche problemino..
Per esempio un file gendel32.exe che si piazza in C:\ non so perché..
A voi esperti posto il log di HijackThis..Potete darci un occhio? Grazie..

Logfile of HijackThis v1.99.1
Scan saved at 12.02.59, on 22/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS.0\System32\smss.exe
D:\WINDOWS.0\system32\winlogon.exe
D:\WINDOWS.0\system32\services.exe
D:\WINDOWS.0\system32\lsass.exe
D:\WINDOWS.0\system32\svchost.exe
D:\WINDOWS.0\System32\svchost.exe
D:\WINDOWS.0\system32\ZoneLabs\vsmon.exe
D:\WINDOWS.0\Explorer.EXE
D:\WINDOWS.0\system32\spoolsv.exe
D:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
D:\Programmi\Raxco\PerfectDisk\PDAgent.exe
D:\WINDOWS.0\system32\svchost.exe
D:\Programmi\Raxco\PerfectDisk\PDEngine.exe
D:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
D:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
D:\Programmi\MSN Messenger\MsnMsgr.Exe
D:\Programmi\NetMeter\NetMeter.exe
D:\Programmi\Logitech\SetPoint\SetPoint.exe
D:\Programmi\FreePOPs\freepopsd.exe
D:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE
D:\WINDOWS.0\system32\svchost.exe
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\Documents and Settings\Giacomo.MYHOMEPC\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.locators.com/search.php?que=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 127.0.0.1:1080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programmi\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Programmi\Free Download Manager\iefdmcks.dll
O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - D:\Programmi\Power Translator 10\Applications\LEC IE Translation Extension.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [kav] "D:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MsnMsgr] "D:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [D:\Programmi\NetMeter\NetMeter.exe] D:\Programmi\NetMeter\NetMeter.exe
O4 - Startup: FreePOPs.lnk = D:\Programmi\FreePOPs\freepopsd.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Programmi\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://D:\Programmi\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://D:\Programmi\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://D:\Programmi\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCC400EC-3A21-48A2-A307-26104EA22ABB}: NameServer = 62.94.0.1,80.79.48.66
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - D:\WINDOWS.0\system32\klogon.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - D:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: PDAgent - Raxco Software, Inc. - D:\Programmi\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - D:\Programmi\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS.0\system32\ZoneLabs\vsmon.exe

crazy.cat
22-10-2006, 12.36.16
L'unica cosa di troppo nel log è questa
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.locators.com/search.php?que=%s

Kaspersky non dice niente di quel virus che appare?
Quasi sicuramente è un trojan...

Piledriver
22-10-2006, 12.37.39
togli:
D:\Programmi\FreePOPs\freepopsd.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 127.0.0.1:1080
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Programmi\Free Download Manager\iefdmcks.dll
O4 - Startup: FreePOPs.lnk = D:\Programmi\FreePOPs\freepopsd.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCC400EC-3A21-48A2-A307-26104EA22ABB}: NameServer = 62.94.0.1,80.79.48.66

poi ci sono 2 file che sembrano essere di messenger......non saprei se farteli togliere.

crazy.cat
22-10-2006, 12.52.23
togli:
D:\Programmi\FreePOPs\freepopsd.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 127.0.0.1:1080
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Programmi\Free Download Manager\iefdmcks.dll
O4 - Startup: FreePOPs.lnk = D:\Programmi\FreePOPs\freepopsd.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCC400EC-3A21-48A2-A307-26104EA22ABB}: NameServer = 62.94.0.1,80.79.48.66
poi ci sono 2 file che sembrano essere di messenger......non saprei se farteli togliere.

Freepops è il programma per leggere la posta con altri provider, gli indirizzi sono quelli di rete e dei dns di collegamento ad internet, freedownloadmanager e un programma per scaricare dati.
Tutta roba buona e da non togliere, non dare retta al sito dove fai l'analisi automatica.

Giaky
22-10-2006, 12.59.59
Ok..ho fatto.. Speriamo vada meglio.. In effetti FDM mi serve, freepops pure, e O17 è proprio l'accesso a internet :)