HiJackThis - Analisi Log - leggere Regole di Sezione - Pagina 289

juninho85 · 30-06-2007, 12:32

Quote:

Originariamente inviato da supersensei

C:\WINDOWS\system32\cxgcpvpv.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://italian.ircfast.com/index.php?rvs=hompag
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\winmgd.win
F1 - win.ini: run=C:\WINDOWS\system32\mouse_configurator.win
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,"c:\windows\fujitsuword.exe",
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\qjhisdpm.dll",forkonce
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\cxgcpvpv.exe

le stringhe in neretto prima di eliminarle falle analizzare qui,le altre puoi eliminarle già da ora.
se accetti dei consigli lascia perdere sia avast,sia il firewall di xp(a meno che tu non utilizzi un router con firewall)

una volta installato un nuovo antivirus lancia una scansione in modalità provvisoria premendo F8 all'avvio del pc,dovresti avere un altro pò di roba da rimuovere

supersensei · 30-06-2007, 13:44

Quote:

Originariamente inviato da juninho85

le stringhe in neretto prima di eliminarle falle analizzare qui,le altre puoi eliminarle già da ora.
se accetti dei consigli lascia perdere sia avast,sia il firewall di xp(a meno che tu non utilizzi un router con firewall)

una volta installato un nuovo antivirus lancia una scansione in modalità provvisoria premendo F8 all'avvio del pc,dovresti avere un altro pò di roba da rimuovere

Le voci in neretto virus total me le dà come vuote,eppure sono da 120K,che faccio le elimino lo stesso?
Mentre per l'antivirus dici di provare o Avira antivir o AVS,giusto?
Comunque grazie per l'aiuto e per la tempestività

juninho85 · 30-06-2007, 14:02

Quote:

Originariamente inviato da supersensei

Le voci in neretto virus total me le dà come vuote,eppure sono da 120K,che faccio le elimino lo stesso?
Mentre per l'antivirus dici di provare o Avira antivir o AVS,giusto?
Comunque grazie per l'aiuto e per la tempestività

"vuote in che senso"?!comunque si,prova avira o avs,entrambi sono più che validi

supersensei · 30-06-2007, 14:05

Quote:

Originariamente inviato da juninho85

"vuote in che senso"?!comunque si,prova avira o avs,entrambi sono più che validi

Nel senso che mi scrive questo:
0 bytes size received / Se ha recibido un archivo vacio

juninho85 · 30-06-2007, 14:09

Quote:

Originariamente inviato da supersensei

Nel senso che mi scrive questo:
0 bytes size received / Se ha recibido un archivo vacio

molto strano se dici che l'eseguibile è di 120 kb...prova a fare uno zip di questo file e fallo analizzare

supersensei · 30-06-2007, 14:33

Quote:

Originariamente inviato da juninho85

molto strano se dici che l'eseguibile è di 120 kb...prova a fare uno zip di questo file e fallo analizzare

Ho fatto un file zip e lo mandato,e questo lo legge.Ma sono diventati solo 22k e mi ha dato qualche problema durante lo zip.
Ha finito ora e non è un virus,che faccio?

juninho85 · 30-06-2007, 14:40

Quote:

Originariamente inviato da supersensei

Ho fatto un file zip e lo mandato,e questo lo legge.Ma sono diventati solo 22k e mi ha dato qualche problema durante lo zip.
Ha finito ora e non è un virus,che faccio?

strano...anche cercando su google non si trova nessuna informazione su questo file..apri un thread nella sezione delle infezioni,li qualcuno ti chiederà di inviarti il file per analizzarlo

supersensei · 30-06-2007, 14:41

Quote:

Originariamente inviato da juninho85

strano...anche cercando su google non si trova nessuna informazione su questo file..apri un thread nella sezione delle infezioni,li qualcuno ti chiederà di inviarti il file per analizzarlo

Grazie

fenomeno79 · 30-06-2007, 20:57

Quote:

il primo dovrebbe appartenere ai driver della tua tastiera,il secondo al chip realtek'97...una controllatina qui comunque è meglio farla

ok controllato e tutto è pulito.. ho solo trovato questa piccola annotazione in giro per il web:

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE è ok,non è pericoloso.E ' un piccolo spyware di proprietà Realtek.Fixandolo o lasciarlo lì non succede nulla di irreparabile.

grazie

juninho85 · 30-06-2007, 23:13

Quote:

Originariamente inviato da fenomeno79

ok controllato e tutto è pulito.. ho solo trovato questa piccola annotazione in giro per il web:

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE è ok,non è pericoloso.E ' un piccolo spyware di proprietà Realtek.Fixandolo o lasciarlo lì non succede nulla di irreparabile.

grazie

prova pure ad eliminarlo,se qualcosa va storto si può ripristinare il backup

Drakan · 02-07-2007, 19:26

ciao a tutti, in diretta da questo 3d: http://www.hwupgrade.it/forum/showthread.php?t=1502011 posto il log del pc in questione... su alcune stringhe appare una "X" o "?" nell'analizzare il log ma non sapevo se rimuoverle e le ho lasciate...
grazie a tutti!

Logfile of HijackThis v1.99.1
Scan saved at 20.07.25, on 28/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\PhotoEd\PHOTOED.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Valentina\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com.../fix_homepage/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {6E1D1F8B-D31C-8DBF-1A11-8F8DCC2D8FED} - C:\WINDOWS\System32\mnzth.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\RunServices: [BIOS XP Loader] rssbvf.exe
O4 - HKLM\..\RunServices: [notes] notes.exe
O4 - HKLM\..\RunServices: [System Updates Dll] syst32.exe
O4 - HKLM\..\RunServices: [Symantec Autoscan] uvpeamuwitllt.exe
O4 - HKLM\..\RunServices: [Microsoft System Backup] sdkhsu.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [System Updates Dll] syst32.exe
O4 - HKCU\..\Run: [Symantec Autoscan] uvpeamuwitllt.exe
O4 - HKCU\..\Run: [Microsoft System Backup] sdkhsu.exe
O4 - HKCU\..\RunServices: [System Updates Dll] syst32.exe
O4 - HKCU\..\RunServices: [System reg] sysrun32.exe
O4 - HKCU\..\RunServices: [Symantec Autoscan] uvpeamuwitllt.exe
O4 - HKCU\..\RunServices: [Microsoft System Backup] sdkhsu.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1182963869114
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BC9CF98-FE7E-4B59-8EB4-9B43DF14D018}: NameServer = 193.70.152.15,193.70.192.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{0BC9CF98-FE7E-4B59-8EB4-9B43DF14D018}: NameServer = 193.70.152.15,193.70.192.25
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: Setup - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

p.s. http://hjt.networktechs.com/parse.php?log=350435 ho analizzato il log anche a questo indirizzo pare che le riche in rosso possano essere rimosse tranquillamente... ma HJT fa il backup in auto del file che elimina nel caso avessi problemi?

Drakan · 02-07-2007, 21:57

devo fixarle tutte quelle che hai elencato?

qui
http://hjt.networktechs.com/parse.php?log=350435
http://www.hijackthis.de/logfiles/92...1ce0f4600.html

dice un po diverso... non che non mi fidi sia chiaro, solo vorrei capire...

per esempio, questo "O20 - Winlogon Notify: NavLogon - C:\WINDOWS\" cos'è?
a cosa serve? lo posso rimuovere tranquillamente???
grazie mille per l'aiuto!

irissamy · 05-07-2007, 12:06

ciao ragazzi, qualcuno può dare un'occhiata al mio log? eccolo qua

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12.38.56, on 05/07/2007
Platform: Windows Vista (WinNT 6.00.1904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\ApVxdWin.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\System\w98eject.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
c:\program files\panda software\panda antivirus 2007\WebProxy.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\eMule\emule.exe
F:\Downloads\utorrent.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\Hijackthis\HiJackThis_v2.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: w98Eject.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con Download &Express - C:\Program Files\Download Express\Add_Url.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E920F38-8803-4245-B08C-8B4E79D7AB1F}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrvx86.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PskSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

Tidus Strife · 05-07-2007, 13:10

Vedi se conosci questo

O4 - Global Startup: w98Eject.lnk = ?

comunque, log pulito.

irissamy · 05-07-2007, 18:54

ciao, effettivamente non conosco quella voce, anche io l'ho notata subito, ma non ho idea di cosa sia...

Vagrant75 · 05-07-2007, 22:26

Ciao, ho un problema con il centro sicurezza Pc ... continua a dirmi che comodo firewall è disattivato, invece funziona perfettamente ...

H oscansioanto con Prevx,spywareterminator,antivir,a-squared free e non mi trova niente di niente .. mi hanno consigliato di postare qui il log di hijackthis, vedete qualcosa di strano???

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 23.19.29, on 05/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\IObit\Advanced WindowsCare V2\Awcl.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Comodo\Firewall\cmdagent.exe
C:\Programmi\Comodo\Firewall\CPF.exe
C:\DOCUME~1\Vagrant\IMPOST~1\Temp\RtkBtMnt.EXE
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\Programmi\RMClock\RMClock.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programmi\a-squared Free\a2free.exe
C:\Programmi\DustBuster\DustBuster.exe
C:\Programmi\Hijack\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file)
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min -nosplash
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Advanced WindowsCare V2 Personal] "C:\Programmi\IObit\Advanced WindowsCare V2\Awcl.exe" /startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programmi\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RMClock] C:\Programmi\RMClock\RMClockLauncher.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1183474650984
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{918D71A4-8646-40A9-A13F-21D84ABA24EA}: NameServer = 85.37.17.55 85.38.28.93
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - (no file)
O20 - Winlogon Notify: System Safety Monitor - C:\WINDOWS\SYSTEM32\SSMWinlogonEx.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Programmi\Comodo\Firewall\cmdagent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe

--
End of file - 6359 bytes

Vagrant75 · 06-07-2007, 11:24

Quote:

Originariamente inviato da Hitman079

@Vagrant75:
pulito...solo un paio di file missing e no file

Grazie ^_^
Chissà perchè stò problema con il centro sicurezza

lancetta · 06-07-2007, 12:22

Quote:

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)

Quote:

O3 - Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file)

appartengono alla crawler toolbar che forse hai messo e disinstallato...
Sono considerati adware..per me da fixare

Saluti

Alexhat · 06-07-2007, 18:48

Vi posto il mio log, ultimamente il sistema ha perso un po' di reattività e non vorrei che ci sia qualcosa di "losco" sotto

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.35.31, on 06/07/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Hamlet\Adsl\dslstat.exe
C:\Program Files\Hamlet\Adsl\dslagent.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Apoint2K\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\TaskSwitchXP\TaskSwitchXP.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\Launchy\Launchy.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\mIRC\mirc.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Opera\Opera.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programmi\GetRight\xx2gr.dll
O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Hamlet\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Hamlet\Adsl\dslagent.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Programmi\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Launchy.lnk = C:\Programmi\Launchy\Launchy.exe
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1182799422906
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{70FA05BA-8623-40CF-86AF-14D4E921D4FB}: NameServer = 212.212.112.112,212.216.172.62
O17 - HKLM\System\CCS\Services\Tcpip\..\{73B23A4F-4116-44D3-A288-93E0F56D1A34}: NameServer = 85.37.17.39 85.38.28.71
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\Skype4COM.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\SHARED\HPQWMI.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Desktop (Service_Desktop) - Unknown owner - C:\Programmi\Free-Soft\Virtual Desktop\Desktop.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 6796 bytes

C'è qualche "no file", posso fixare senza problemi?

oasis90 · 06-07-2007, 18:52

@Alexhat

log pulito..apparte qualche file missing ma nulla di rilevante..

02-07-2007, 19:26	#5771
Drakan Senior Member Iscritto dal: Jan 2003 Messaggi: 1044	ciao a tutti, in diretta da questo 3d: http://www.hwupgrade.it/forum/showthread.php?t=1502011 posto il log del pc in questione... su alcune stringhe appare una "X" o "?" nell'analizzare il log ma non sapevo se rimuoverle e le ho lasciate... grazie a tutti! Logfile of HijackThis v1.99.1 Scan saved at 20.07.25, on 28/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Programmi\Eset\nod32kui.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Programmi\Eset\nod32krn.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\File comuni\Microsoft Shared\PhotoEd\PHOTOED.EXE C:\Programmi\Mozilla Firefox\firefox.exe C:\Documents and Settings\Valentina\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com.../fix_homepage/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: (no name) - {6E1D1F8B-D31C-8DBF-1A11-8F8DCC2D8FED} - C:\WINDOWS\System32\mnzth.dll (file missing) O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\RunServices: [BIOS XP Loader] rssbvf.exe O4 - HKLM\..\RunServices: [notes] notes.exe O4 - HKLM\..\RunServices: [System Updates Dll] syst32.exe O4 - HKLM\..\RunServices: [Symantec Autoscan] uvpeamuwitllt.exe O4 - HKLM\..\RunServices: [Microsoft System Backup] sdkhsu.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [System Updates Dll] syst32.exe O4 - HKCU\..\Run: [Symantec Autoscan] uvpeamuwitllt.exe O4 - HKCU\..\Run: [Microsoft System Backup] sdkhsu.exe O4 - HKCU\..\RunServices: [System Updates Dll] syst32.exe O4 - HKCU\..\RunServices: [System reg] sysrun32.exe O4 - HKCU\..\RunServices: [Symantec Autoscan] uvpeamuwitllt.exe O4 - HKCU\..\RunServices: [Microsoft System Backup] sdkhsu.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1182963869114 O17 - HKLM\System\CCS\Services\Tcpip\..\{0BC9CF98-FE7E-4B59-8EB4-9B43DF14D018}: NameServer = 193.70.152.15,193.70.192.25 O17 - HKLM\System\CS1\Services\Tcpip\..\{0BC9CF98-FE7E-4B59-8EB4-9B43DF14D018}: NameServer = 193.70.152.15,193.70.192.25 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: NavLogon - C:\WINDOWS\ O20 - Winlogon Notify: Setup - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe p.s. http://hjt.networktechs.com/parse.php?log=350435 ho analizzato il log anche a questo indirizzo pare che le riche in rosso possano essere rimosse tranquillamente... ma HJT fa il backup in auto del file che elimina nel caso avessi problemi? Ultima modifica di Drakan : 02-07-2007 alle 19:33.

05-07-2007, 22:26	#5776
Vagrant75 Senior Member Iscritto dal: Jul 2005 Città: Grosseto Messaggi: 1470	Ciao, ho un problema con il centro sicurezza Pc ... continua a dirmi che comodo firewall è disattivato, invece funziona perfettamente ... H oscansioanto con Prevx,spywareterminator,antivir,a-squared free e non mi trova niente di niente .. mi hanno consigliato di postare qui il log di hijackthis, vedete qualcosa di strano??? Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 23.19.29, on 05/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\GSICON.EXE C:\WINDOWS\system32\dslagent.exe C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programmi\IObit\Advanced WindowsCare V2\Awcl.exe C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Programmi\a-squared Free\a2service.exe C:\Programmi\AntiVir PersonalEdition Classic\sched.exe C:\Programmi\Comodo\Firewall\cmdagent.exe C:\Programmi\Comodo\Firewall\CPF.exe C:\DOCUME~1\Vagrant\IMPOST~1\Temp\RtkBtMnt.EXE C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Spyware Terminator\sp_rsser.exe C:\Programmi\RMClock\RMClock.exe C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Programmi\a-squared Free\a2free.exe C:\Programmi\DustBuster\DustBuster.exe C:\Programmi\Hijack\HiJackThis_v2.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file) O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file) O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min -nosplash O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [StartCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Advanced WindowsCare V2 Personal] "C:\Programmi\IObit\Advanced WindowsCare V2\Awcl.exe" /startup O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programmi\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RMClock] C:\Programmi\RMClock\RMClockLauncher.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Crawler Search - tbr:iemenu O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1183474650984 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{918D71A4-8646-40A9-A13F-21D84ABA24EA}: NameServer = 85.37.17.55 85.38.28.93 O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - (no file) O20 - Winlogon Notify: System Safety Monitor - C:\WINDOWS\SYSTEM32\SSMWinlogonEx.dll O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Programmi\Comodo\Firewall\cmdagent.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe -- End of file - 6359 bytes __________________ DELL U2410 H-IPS + ASUS AM3 M4A79XTD EVO + AMD Phenom II X4 955 3.2Ghz 4x512KB Black Edition/Arctic Cooling Freezer Xtreme rev2 + DDR3 1333Mhz PC10666 4GB CORSAIR XMS3 CL9 + AMD SAPPHIRE HD6870 1GB + Western Digital 500GB WD5001AALS 7200rpm 32MB Black + Corsair CMPSU-650HXEU 650W + Xbox360 + Ps3

06-07-2007, 18:52	#5780
oasis90 Senior Member Iscritto dal: Aug 2006 Città: Treviso Messaggi: 13353	@Alexhat log pulito..apparte qualche file missing ma nulla di rilevante.. __________________ NZXT H710 \| RM650x \| ASUS PRIME X670E-PRO WiFi \| Ryzen 7 7800X3D \| Corsair Vengeance CL36 DDR5 2x16 Gb 6000Mhz \| RTX 4080 Super Gaming X Trio \| Logitech G502 \| Logitech G410 \| ASUS ROG Swift OLED PG32UCDP \| MacBook Pro M4 \| Meta Quest 3 PS5 \| Nintendo Switch 2 \| STEAM \| Vodafone FTTH 1000/200

02-07-2007, 21:57	#5772
Drakan Senior Member Iscritto dal: Jan 2003 Messaggi: 1044	devo fixarle tutte quelle che hai elencato? qui http://hjt.networktechs.com/parse.php?log=350435 http://www.hijackthis.de/logfiles/92...1ce0f4600.html dice un po diverso... non che non mi fidi sia chiaro, solo vorrei capire... per esempio, questo "O20 - Winlogon Notify: NavLogon - C:\WINDOWS\" cos'è? a cosa serve? lo posso rimuovere tranquillamente??? grazie mille per l'aiuto!

05-07-2007, 12:06	#5773
irissamy Junior Member Iscritto dal: Apr 2007 Messaggi: 12	ciao ragazzi, qualcuno può dare un'occhiata al mio log? eccolo qua Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 12.38.56, on 05/07/2007 Platform: Windows Vista (WinNT 6.00.1904) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\Panda Software\Panda Antivirus 2007\ApVxdWin.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Windows\System\w98eject.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN C:\Windows\ehome\ehmsas.exe C:\Windows\system32\taskeng.exe c:\program files\panda software\panda antivirus 2007\WebProxy.exe C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE C:\Program Files\eMule\emule.exe F:\Downloads\utorrent.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe C:\Program Files\Internet Explorer\iexplore.exe F:\Hijackthis\HiJackThis_v2.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: w98Eject.lnk = ? O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Scarica con Download &Express - C:\Program Files\Download Express\Add_Url.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O13 - Gopher Prefix: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{6E920F38-8803-4245-B08C-8B4E79D7AB1F}: NameServer = 192.168.1.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrvx86.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe O23 - Service: Panda PSK service (PskSvcRetail) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PskSvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe --

05-07-2007, 13:10	#5774
Tidus Strife Senior Member Iscritto dal: Feb 2007 Città: Spira, Zanarkand Messaggi: 394	Vedi se conosci questo O4 - Global Startup: w98Eject.lnk = ? comunque, log pulito.

05-07-2007, 18:54	#5775
irissamy Junior Member Iscritto dal: Apr 2007 Messaggi: 12	ciao, effettivamente non conosco quella voce, anche io l'ho notata subito, ma non ho idea di cosa sia...

06-07-2007, 18:48	#5779
Alexhat Senior Member Iscritto dal: Jul 2005 Messaggi: 773	Vi posto il mio log, ultimamente il sistema ha perso un po' di reattività e non vorrei che ci sia qualcosa di "losco" sotto Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19.35.31, on 06/07/07 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Apoint2K\Apoint.exe C:\WINDOWS\AGRSMMSG.exe C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Hamlet\Adsl\dslstat.exe C:\Program Files\Hamlet\Adsl\dslagent.exe C:\Programmi\iTunes\iTunesHelper.exe C:\Programmi\Apoint2K\Apntex.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\TaskSwitchXP\TaskSwitchXP.exe C:\Programmi\MSN Messenger\msnmsgr.exe C:\Programmi\Google\Google Updater\GoogleUpdater.exe C:\Programmi\Launchy\Launchy.exe C:\Programmi\iPod\bin\iPodService.exe C:\Programmi\eMule\emule.exe C:\Programmi\mIRC\mirc.exe C:\Programmi\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\Opera\Opera.exe C:\Programmi\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programmi\GetRight\xx2gr.dll O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Hamlet\Adsl\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Hamlet\Adsl\dslagent.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TaskSwitchXP] C:\Programmi\TaskSwitchXP\TaskSwitchXP.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Launchy.lnk = C:\Programmi\Launchy\Launchy.exe O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1182799422906 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{70FA05BA-8623-40CF-86AF-14D4E921D4FB}: NameServer = 212.212.112.112,212.216.172.62 O17 - HKLM\System\CCS\Services\Tcpip\..\{73B23A4F-4116-44D3-A288-93E0F56D1A34}: NameServer = 85.37.17.39 85.38.28.71 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\Skype4COM.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\SHARED\HPQWMI.exe O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Desktop (Service_Desktop) - Unknown owner - C:\Programmi\Free-Soft\Virtual Desktop\Desktop.exe (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- End of file - 6796 bytes C'è qualche "no file", posso fixare senza problemi?

Strumenti
Mostra una versione stampabile Invia questa pagina per email