GARRY77
04-08-2006, 12:27
E' stata chiusa il primo thread e non capisco per quale motivo....
Lo vorrei sapere con il moderatore...
Nel post ho descritto il porblema ed ho scritto anche se ho eseguito diversi programmi, quindi non vedo per quale motivo si debba chiudere la discussione ma semmai cercare di aiutare.
Cmq posto il file HijackThis
Logfile of HijackThis v1.99.0
Scan saved at 11.55.44, on 04/08/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Norton Personal Firewall\NISUM.EXE
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Norton Personal Firewall\SymProxySvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmi\Norton Personal Firewall\NISSERV.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WgaTray.exe
C:\Programmi\Norton Personal Firewall\IAMAPP.EXE
C:\Programmi\STOPzilla!\Stopzilla.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\Temp\jfkx2.exe
C:\WINDOWS\System32\rundll32.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\admin\Desktop\Virus\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice.it/oggi/index.html?free
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.virgilio.it/free
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: Class - {348C6EDB-C7CD-E53D-E858-5DF71C8E8C36} - C:\WINDOWS\gfkcx1.dll (file missing)
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\MSDXM.OCX
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [iamapp] C:\Programmi\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [STOPzilla] C:\Programmi\STOPzilla!\Stopzilla.exe /autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] C:\Programmi\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [jfkx2.exe] C:\WINDOWS\Temp\jfkx2.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGACCESS4_1064.dll,InstantAccess
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O16 - DPF: {04F414E9-E352-4BC3-963D-7BFE5A5F31A9} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1064_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A50937A6-B5AD-47AE-A144-8864AEBAAC5F}: NameServer = 212.216.112.222 212.216.172.162
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton Personal Firewall Service - Symantec Corporation - C:\Programmi\Norton Personal Firewall\NISSERV.EXE
O23 - Service: Norton Personal Firewall Accounts Manager - Symantec Corporation - C:\Programmi\Norton Personal Firewall\NISUM.EXE
O23 - Service: NOD32 Kernel Service - Unknown - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Norton Personal Firewall Proxy Service - Symantec Corporation - C:\Programmi\Norton Personal Firewall\SymProxySvc.exe
Speriamo in un anima PIA.
Grazie a tutti
Lo vorrei sapere con il moderatore...
Nel post ho descritto il porblema ed ho scritto anche se ho eseguito diversi programmi, quindi non vedo per quale motivo si debba chiudere la discussione ma semmai cercare di aiutare.
Cmq posto il file HijackThis
Logfile of HijackThis v1.99.0
Scan saved at 11.55.44, on 04/08/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Norton Personal Firewall\NISUM.EXE
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Norton Personal Firewall\SymProxySvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmi\Norton Personal Firewall\NISSERV.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WgaTray.exe
C:\Programmi\Norton Personal Firewall\IAMAPP.EXE
C:\Programmi\STOPzilla!\Stopzilla.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\Temp\jfkx2.exe
C:\WINDOWS\System32\rundll32.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\admin\Desktop\Virus\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice.it/oggi/index.html?free
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.virgilio.it/free
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: Class - {348C6EDB-C7CD-E53D-E858-5DF71C8E8C36} - C:\WINDOWS\gfkcx1.dll (file missing)
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\MSDXM.OCX
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [iamapp] C:\Programmi\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [STOPzilla] C:\Programmi\STOPzilla!\Stopzilla.exe /autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] C:\Programmi\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [jfkx2.exe] C:\WINDOWS\Temp\jfkx2.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGACCESS4_1064.dll,InstantAccess
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O16 - DPF: {04F414E9-E352-4BC3-963D-7BFE5A5F31A9} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1064_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A50937A6-B5AD-47AE-A144-8864AEBAAC5F}: NameServer = 212.216.112.222 212.216.172.162
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton Personal Firewall Service - Symantec Corporation - C:\Programmi\Norton Personal Firewall\NISSERV.EXE
O23 - Service: Norton Personal Firewall Accounts Manager - Symantec Corporation - C:\Programmi\Norton Personal Firewall\NISUM.EXE
O23 - Service: NOD32 Kernel Service - Unknown - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Norton Personal Firewall Proxy Service - Symantec Corporation - C:\Programmi\Norton Personal Firewall\SymProxySvc.exe
Speriamo in un anima PIA.
Grazie a tutti