ciao a tutti per favore mi potete controllare il log di hijackthis x vedere se e' tutto a posto o se devo cancellare qlcosa? avrei anke una domanda:qual'e' il sistema migliore per tenere il pc protetto nel migliore dei modi?2 antivirus vanno in conflitto tra loro?io ho internet security della f-secure e se installo ad-aware mi rallenta notevolmente il sistema.come mai?vanno in conflitto.grazie della vs, attenzione
Logfile of HijackThis v1.99.1
Scan saved at 0.20.15, on 25/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\WINDOWS\vphc600.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Internet Security\Common\FSM32.EXE
C:\Programmi\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Philips\SPC 600NC PC Camera\TrayMin.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\PROGRA~1\INTERN~2\backweb\1655489\Program\SERVIC~1.EXE
C:\Programmi\Internet Security\Anti-Virus\fsgk32st.exe
C:\Programmi\Internet Security\backweb\1655489\program\fsbwsys.exe
C:\Programmi\Internet Security\Anti-Virus\FSGK32.EXE
C:\Programmi\Internet Security\Common\FSMA32.EXE
C:\Programmi\Internet Security\Anti-Virus\fssm32.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Internet Security\Common\FSMB32.EXE
C:\Programmi\Internet Security\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Internet Security\backweb\1655489\Program\fspex.exe
C:\Programmi\Internet Security\Common\FAMEH32.EXE
C:\Programmi\Internet Security\Anti-Virus\fsrw.exe
C:\Programmi\Internet Security\FSPC\fspc.exe
C:\Programmi\Internet Security\Anti-Virus\fsav32.exe
C:\Programmi\Internet Security\FWES\Program\fsdfwd.exe
C:\PROGRA~1\INTERN~2\ANTI-S~1\fsaw.exe
C:\Programmi\Internet Security\FSGUI\fsguidll.exe
C:\Documents and Settings\Amilo\Desktop\SCANSIONI\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com/fsc/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults/su/* http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [phc600] C:\WINDOWS\vphc600.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmi\Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programmi\Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Programmi\Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Programmi\Internet Security\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [OrderReminder] C:\Programmi\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe /c
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Internet Security.lnk = C:\Programmi\Internet Security\backweb\1655489\Program\fspex.exe
O4 - Global Startup: TrayMin.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Programmi\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Blocca questo popup - C:\Programmi\Internet Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Filtro pagine Web - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmi\Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programmi\Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Filtro pagine Web - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programmi\Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: Protezione IE - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmi\Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protezione IE... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmi\Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_ unicode.cab
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSn iff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/ cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (Damage Cleanup Server Control) - http://213.158.72.33/housecall/xscan53.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ ICSScanner37960.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Internet Security (BackWeb Plug-in - 1655489) - Wind - C:\PROGRA~1\INTERN~2\backweb\1655489\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Programmi\Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Programmi\Internet Security\backweb\1655489\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programmi\Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Programmi\Internet Security\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programmi\Internet Security\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
ciao e vista l'ora b.notte
scusa prisaca ho sbagliato a scrivere il nome del malware
"win32trojandownloader.Zlob"
di nuovo grazie,ciao
rieccomi,ciao
ewido scan non mi permette la scansione online
panda mi da' questo risultato:
tra l'altro il file non c'e' in downloaded program files
trend micro mi da:
ADWARE_BHOT_IEHELPER
ALIAS NOMI:Adware_BHO.gen(McAfee);IEHIpr (PestPatrol)
non da' altre informazioni
non ho sisinfettato devo farlo?
grazie della pazienza rompero' ancoraciao ora devo uscire,spero di trovare la risposta stasera,ciao ciao
cavolo come mai sono usciti tutti quei simboli?avevo fatto copia e incolla.ora lo scrivo manualmente il risultato di panda
dialer:dialer min
c:windows\downloaded program files\61AE400.exe
file che non ho ciao
ciao prisca,sono riuscita a fare anche la scansione on line con ewido.ti incollo il risultato
2.13 28/10/2006__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________
Name: Adware.Gator
Path: [2964] C:\Programmi\Internet Security\FWES\Program\fsdfwd.exe
Risk: Medium
Name: Adware.Gator
Path: C:\Programmi\Internet Security\FWES\program\fsdfwd.exe
Risk: Medium
Name: Dialer.TFD.a
Path: C:\WINDOWS\Downloaded Program Files\61AE400.exe
Risk: High
Name: Dialer.TFD.c
Path: C:\WINDOWS\Downloaded Program Files\61AE601.exe
Risk: High
Name: Dialer.TFD.c
Path: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\61AE601.exe
Risk: High
Name: Dialer.TFD.c
Path: C:\WINDOWS\Downloaded Program Files\CONFLICT.2\61AE601.exe
Risk: High
i primi due sono dell'antivirus com'e' possibile?
i dialer sono pericolosi anche se ho la connessione adsl?aggiungo che sono anche connessa al server dell'ufficio
comunque alla fine della scansione ho cliccato su rimuovi infezione,spero ke nn abbia rimosso qualcosa di importante perche' qui nn e' possibile fare il backup,ora la sto rifacendo ,e' quasi alla fine e sembra nn trovi nulla.ora vado a nanna perche' i miei due neuroni sono fusi.ciao b.notte