• User

    Analisi log HiJackThis

    Ciao a tutti!
    Il mio computer è ormai alla frutta... Non ne vuole sapere di funzionare... E' lentissimo ed ogni tanto si blocca, perde colpi ecc... Siccome antivirus e compagnia bella non hanno rilevato niente e le varie utility (defrag, smart ram, ecc) non migliorano la situazione, penso possa essere un problema da dover risolvere "manualmente".

    Ho quindi fatto un log di HiJackThis, ma ho bisogno del vostro aiuto per analizzarlo.

    Ve lo allego (nota: ho dovuto modificare i collegamenti vari aggiungendo degli spazi).

    Grazie a tutti!

    
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 23.48.35, on 13/01/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ATK0100\HControl.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe
    C:\Programmi\Wireless Console 2\wcourier.exe
    C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Programmi\PC Tools Security\pctsTray.exe
    C:\Programmi\IObit\IObit Security 360\IS360tray.exe
    C:\Programmi\File comuni\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\Windows Live\Messenger\msnmsgr.exe
    C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programmi\Application Updater\ApplicationUpdater.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Programmi\Google\Update\GoogleUpdate.exe
    C:\Programmi\IObit\IObit Security 360\IS360srv.exe
    C:\Programmi\Java\jre6\bin\jqs.exe
    C:\Programmi\PC Tools Security\pctsAuxs.exe
    C:\Programmi\PC Tools Security\pctsSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\Windows Live\Contacts\wlcomm.exe
    C:\Programmi\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Programmi\IObit\IObit Security 360\is360.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    c:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\HelpCtr.exe
    C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h ttp://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = ht tp://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ht 
    tp://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ht 
    tp://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.stud.univpm.it:3128
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    R3 - URLSearchHook: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Programmi\IObit Toolbar\IE\4.1\iobitToolbarIE.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Programmi\IObit Toolbar\IE\4.1\iobitToolbarIE.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Programmi\IObit Toolbar\IE\4.1\iobitToolbarIE.dll
    O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Power_Gear] C:\Programmi\ASUS\Power4 Gear\BatteryLife.exe 1
    O4 - HKLM\..\Run: [Wireless Console 2] C:\Programmi\Wireless Console 2\wcourier.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [ISTray] "C:\Programmi\PC Tools Security\pctsTray.exe"
    O4 - HKLM\..\Run: [IObit Security 360] "C:\Programmi\IObit\IObit Security 360\IS360tray.exe" /autostart
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [MSC] "C:\Programmi\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe" /startup
    O4 - HKCU\..\Run: [Sony Ericsson PC Companion] "C:\Programmi\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=htt p://w ww.asus.com
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - ht tps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.162.246,93.188.160.56
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 93.188.162.246,93.188.160.56
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.246,93.188.160.56
    O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Application Updater - Spigot, Inc. - C:\Programmi\Application Updater\ApplicationUpdater.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
    O23 - Service: IS360service - IObit - C:\Programmi\IObit\IObit Security 360\IS360srv.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
    O23 - Service: MySQL - Unknown owner - C:\Programmi\MySQL\MySQL.exe (file missing)
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\PC Tools Security\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\PC Tools Security\pctsSvc.exe
    O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Programmi\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
    
    --
    End of file - 8119 bytes
    

  • Consiglio Direttivo

    Ciao ufobm,

    dai una ripulita con ccleaner "anche al registro", ed effettua una scansiona con superantispyware e malwarebytes "aggiornati".

    p.s. dal menu di ccleaner: --> **strumenti **--> avvio puoi disattivare quei processi "inutili" che sono impostati per essere eseguiti all'avvio del pc. 😉

    p.s.2 effettua anche* una deframmentazione* con* defraggler.*

    :ciauz: