Delucidazioni per Hijackthis..!?

**karemmino** · 21-04-2010, 16:57

Ciao a tutti. Il mio problema è che qualche giorno fa l'antivirus mi ha rilevato un infezione, sono corso ai ripari usando tutti gli anti-malaware in mio possesso; ma oggi guardando il log di Hijackthis ho notato delle voci ambigue e, visto che non sono pratico con i file di log, volevo sapere se qualcuno poteva aiutarmi a capire cosa sono...

Le voci che mi hanno insospettito sono verso la fine e come vedete le ho indicate con le faccine e la freccetta:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:30:19, on 21/04/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\WinPatrol\WinPatrol.exe
C:\Program Files\Luxand\Blink!\LuxandBlinkTray.exe
C:\Program Files\Switcher\Switcher.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Calibrize\CalibrizeResume.exe
C:\KAREM\memboost\MemBoost.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\PROGRAM FILES\MOUSE DRIVER\STARTAUTORUN.EXE
C:\PROGRAM FILES\MOUSE DRIVER\KMConfig.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mouse Driver\KMProcess.exe
C:\PROGRAM FILES\HEWLETT-PACKARD\HP QUICK LAUNCH BUTTONS\QLBCTRL.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP 3D DRIVEGUARD\ACCELEROMETERST.EXE
C:\PROGRAM FILES\IDT\WDM\STTRAY.EXE
C:\Program Files\Namoroka\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\5.0.366.4\npchrome_frame.dll
O4 - HKLM\..\Run: [HPCam_Menu] "c:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [PSUNMain] "C:\Program Files\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Luxand Blink!] C:\Program Files\Luxand\Blink!\LuxandBlinkTray.exe /s
O4 - HKCU\..\Run: [Switcher] "C:\Program Files\Switcher\Switcher.exe" /quiet
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [CGFLoader] C:\PROGRAM FILES\CALIBRIZE\CALIBRIZELOADER.EXE
O4 - HKCU\..\Run: [CalibrizeResume] C:\PROGRAM FILES\CALIBRIZE\CALIBRIZERESUME.EXE
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Antanda] C:\Windows\TEMP\InstallValidator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Antanda] C:\Windows\TEMP\InstallValidator.exe (User 'Default user')
O4 - Startup: Rizone Memory Booster.lnk = C:\KAREM\memboost\MemBoost.exe
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{244485FE-E682-4ADB-8608-36D32D95562F}: NameServer = 85.37.17.4,85.37.17.13,8.8.8.8,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7579008-2539-4718-80F4-811650267503}: NameServer = 8.8.8.8,208.67.222.222,8.8.4.4,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{244485FE-E682-4ADB-8608-36D32D95562F}: NameServer = 85.37.17.4,85.37.17.13,8.8.8.8,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{244485FE-E682-4ADB-8608-36D32D95562F}: NameServer = 85.37.17.4,85.37.17.13,8.8.8.8,208.67.222.222
O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\5.0.366.4\npchrome_frame.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AODService - Unknown owner - C:\Program Files\AMD\OverDrive\AODAssist.exe
O23 - Service: Nalpeiron Licensing Service (ASTSRV) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.EXE
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
:master: -->O23 - Service: DOFIVW - Unknown owner - C:\Windows\TEMP\DOFIVW.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
:master: -->O23 - Service: FZWATQAZ - Unknown owner - C:\Windows\TEMP\FZWATQAZ.exe (file missing)
:master: -->O23 - Service: GKTBU - Unknown owner - C:\Windows\TEMP\GKTBU.exe (file missing)
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
:master: -->O23 - Service: IGMBLMYGO - Unknown owner - C:\Windows\TEMP\IGMBLMYGO.exe (file missing)
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Mouse Driver\KMWDSrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NanoServiceMain - Panda Security, S.L. - C:\Program Files\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_x86_neutral_8e7d5b9d3a91d8c5\STacSV.exe

Grazie in anticipo a tutti.

Discussione: Delucidazioni per Hijackthis..!?

Strumenti discussione

Ricerca discussione

Visualizza

Visualizzazione discussione

Delucidazioni per Hijackthis..!?

Permessi di invio