NoTrace Security Forum

NoTrace Security Forum
Home | Discussioni Attive | Discussioni Recenti | Segnalibro | Msg privati | Utenti | Download | cerca | faq | RSS | Security Chat
Nome Utente:
 Password:
Salva Password
Password Dimenticata?

 Tutti i Forum
 Off-Topic
 Altre Discussioni
 Log di Hijackthis		  Forum Bloccato
 Versione Stampabile Bookmark this Topic Aggiungi Segnalibro
I seguenti utenti stanno leggendo questo Forum Qui c'è:
Autore Discussione Precedente Discussione Discussione Successiva  

mara
Senior Member


Città: milano


203 Messaggi

Inserito il - 05/01/2006 : 12:04:10  Mostra Profilo
Ciao, se qualcuno ha tempo mi dice cosa levare dal mio pc?
Grazie fate con comodo :)

Logfile of HijackThis v1.99.1
Scan saved at 12.05.16, on 05/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\AntiVir PersonalEdition Classic\AVGNT.EXE
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avcenter.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\*******!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\Mara\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = htt*://[www].google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: *******! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\*******!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: *******! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\*******!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\*******!\Common\yhexbmesit.dll
O9 - Extra 'Tools' menuitem: *******! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\*******!\Common\yhexbmesit.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: [ presso ]C:\Programmi\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: [ presso ]C:\Programmi\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O12 - Plugin for .mp3: C:\Programmi\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\Programmi\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - htt*://messenger.zone.msn[.com]/binary/msgrchkr .cab31267 .cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - htt*://[www].ipix[.com]/download/ipixx .cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - htt*://messenger.zone.msn[.com]/binary/MessengerStatsPAClient .cab31267 .cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - htt*://messenger.zone.msn[.com]/binary/MineSweeper .cab31267 .cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\*******!\Common\yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - htt*://[www].cult3d[.com]/download/cult .cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - htt*://messenger.zone.msn[.com]/binary/MessengerStatsClient .cab31267 .cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - htt*://appdirectory.messenger.msn[.com]/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN .cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - htt*://appdirectory.messenger.msn[.com]/AppDirectory/P4Apps/PhotoSwap/DigWXMSN .cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - htt*://messenger.msn[.com]/download/msnmessengersetupdownloader .cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - htt*://messenger.zone.msn[.com]/binary/ZIntro .cab32846 .cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - htt*://messenger.zone.msn[.com]/binary/SolitaireShowdown .cab31267 .cab
O20 - AppInit_DLLs: msgplusloader.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe

n/a
deleted

Città: Nascosta


1310 Messaggi
Inserito il - 05/01/2006 : 12:25:26  Mostra Profilo
Direi questi per cominciare:

O2 - BHO: *******! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\*******!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: *******! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\*******!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - htt*://messenger.zone.msn[.com]/binary/msgrchkr .cab31267 .cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - htt*://[www].ipix[.com]/download/ipixx .cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - htt*://messenger.zone.msn[.com]/binary/MessengerStatsPAClient .cab31267 .cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - htt*://messenger.zone.msn[.com]/binary/MineSweeper .cab31267 .cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\*******!\Common\yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - htt*://[www].cult3d[.com]/download/cult .cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - htt*://messenger.zone.msn[.com]/binary/MessengerStatsClient .cab31267 .cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - htt*://appdirectory.messenger.msn[.com]/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN .cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - htt*://appdirectory.messenger.msn[.com]/AppDirectory/P4Apps/PhotoSwap/DigWXMSN .cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - htt*://messenger.msn[.com]/download/msnmessengersetupdownloader .cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - htt*://messenger.zone.msn[.com]/binary/ZIntro .cab32846 .cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - htt*://messenger.zone.msn[.com]/binary/SolitaireShowdown .cab31267 .cab
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\*******!\Common\yhexbmesit.dll
O9 - Extra 'Tools' menuitem: *******! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\*******!\Common\yhexbmesit.dll
O9 - Extra button: [ presso ]C:\Programmi\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: [ presso ]C:\Programmi\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)

Poi eventualmente aspetta la conferma di Alex che è lei l'esperta dei log qui su notrace.it......ciauz ciauz
Torna all'inizio della Pagina

mara
Senior Member


Città: milano


203 Messaggi
Inserito il - 05/01/2006 : 12:36:28  Mostra Profilo
Ok grazie, allora aspetto la conferma dell'esperta Alexsandra....mi piacerebbe capire un po' i criteri del fixaggio hehe qualcosa ho intuito...ma temo poi di levare cose da non levare....
Alex confermi il fixaggio? hehe
Torna all'inizio della Pagina

Er-Gladiatore
Advanced Member


Città: Roma


2540 Messaggi
Inserito il - 05/01/2006 : 14:43:53  Mostra Profilo
Io lo confermo però sconsiglio di Fixare questi due:

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll <--- Fixando questo non potrai più leggere file .pdf da internet
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll <--- Questo non sò di preciso cosa sia...ma credo in una protezione di SpyBot in internet.
Torna all'inizio della Pagina

mara
Senior Member


Città: milano


203 Messaggi
Inserito il - 05/01/2006 : 14:54:55  Mostra Profilo
ok grazie!
Torna all'inizio della Pagina

n/a
deleted



1470 Messaggi
Inserito il - 05/01/2006 : 15:14:47  Mostra Profilo
Citazione:
Messaggio inserito da Er-Gladiatore

Io lo confermo però sconsiglio di Fixare questi due:

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll <--- Fixando questo non potrai più leggere file .pdf da internet
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll <--- Questo non sò di preciso cosa sia...ma credo in una protezione di SpyBot in internet.

Vedo che l'esperienza insegna ehhh Glad (vedi mio link in MP non quello del Barone Rosso ma l'altro)

ciao
Torna all'inizio della Pagina
  Discussione Precedente Discussione Discussione Successiva  

 Forum Bloccato
 Versione Stampabile Bookmark this Topic Aggiungi Segnalibro
Vai a:
NoTrace Security Forum
 © Nazzareno Schettino
RSS NEWS 		Torna all'inizio della Pagina
Pagina generata in 0,29 secondi. TargatoNA | SuperDeeJay | Snitz Forums 2000