AESSENET.ORG - Forum Forum di aessenet

scansione Hijack This

  • Messaggi
  • OFFLINE
    andrea65
    Post: 3.351
    Maestro
    00 22/06/2008 12:24
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16.09.53, on 21/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\Programmi\LogMeIn\x86\RaMaint.exe
    C:\Programmi\LogMeIn\x86\LogMeIn.exe
    C:\Programmi\LogMeIn\x86\LMIGuardian.exe
    C:\WINDOWS\system32\wilpmove.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
    C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
    C:\Programmi\LogMeIn\x86\LogMeInSystray.exe
    C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\Messenger\msmsgs.exe
    C:\Programmi\OpenOffice.org 2.4\program\soffice.exe
    C:\Programmi\LogMeIn\x86\LMIGuardian.exe
    C:\Programmi\OpenOffice.org 2.4\program\soffice.BIN
    C:\Programmi\Internet Explorer\iexplore.exe
    C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.stanleygroup.it/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Programmi\LogMeIn\x86\LogMeInSystray.exe"
    O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MyWirelessCard] C:\Programmi\PHD\3G HSDPA Wireless Modem MD-@\WirelessCard.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 2.4.lnk = C:\Programmi\OpenOffice.org 2.4\program\quickstart.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com/get/shockwave/cabs/flash/swf...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{698921E2-3FFB-49D0-B754-FB8FC7F8F404}: NameServer = 192.168.1.1
    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Programmi\LogMeIn\x86\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Programmi\LogMeIn\x86\LogMeIn.exe
    O23 - Service: Unimessage Printer Tracking Service (wilusbmonitor) - Wordcraft International Limited - C:\WINDOWS\system32\wilpmove.exe

    --
    End of file - 5010 bytes


    Sbaglio a consigliare di elliminare queste 3:

    C:\WINDOWS\system32\wilpmove.exe

    O23 - Service: Unimessage Printer Tracking Service (wilusbmonitor) - Wordcraft International Limited - C:\WINDOWS\system32\wilpmove.exe

    O4 - HKCU\..\Run: [MyWirelessCard] C:\Programmi\PHD\3G HSDPA Wireless Modem MD-@\WirelessCard.exe

  • OFFLINE
    boyuniversity
    Post: 12.448
    Maestro
    00 22/06/2008 12:47
    pulito come log
  • OFFLINE
    andrea65
    Post: 3.352
    Maestro
    00 22/06/2008 13:14
    Re:
    boyuniversity, 22/06/2008 12.47:
    pulito come log

    pulito vuol dire che si possono lasciare quei 3 che ho evidenziato?
    scusa ma neppure la chiavetta della 3 devo far togliere....a cosa gli serve?
    Non potrebbe creare quei danni che ho elencato nell'altro post?


    PS: boy sbaglio a studi legge?
    se ho un disperato bisogno di te allora!!!!


  • OFFLINE
    boyuniversity
    Post: 12.450
    Maestro
    00 22/06/2008 13:40
    Re: Re:
    andrea65, 22/06/2008 13.14:


    pulito vuol dire che si possono lasciare quei 3 che ho evidenziato?
    scusa ma neppure la chiavetta della 3 devo far togliere....a cosa gli serve?
    Non potrebbe creare quei danni che ho elencato nell'altro post?


    PS: boy sbaglio a studi legge?
    se ho un disperato bisogno di te allora!!!!





    lasciali tutti non sono dannosi

    WILPMOVE.EXE information and startup locations can be examined on this page: verify all your files to make sure that they are legitimate, digitally signed and from the company Wordcraft International Limited to which they should belong.

    non credo sia questa la causa del problema dell'altra discussione

    si si studio legge...a disposizione [SM=x53911]
Sicurezza & Reti
Passa alla versione desktop

  • Anteprima