View Full Version : PAZZESCO!
canadino
16-10-2006, 11:48
Vi prego aiutatemi, non so più che fare...Ho seguito e letto la guida!!!
Ho utilizzato fino a adesso:
1)Ad-aware
2)Spybot
3)Bitdefender
4)ewido
ma continuano a comparire finestre con un disegnino con scritto:
idd2B.tmp NON RIESCO A TROVARE UN MODEM PER LA CONNESSIONE
idd12E.tmp NON RIESCO A TROVARE UN MODEM PER LA CONNESSIONE
etc. etc.
compaiono icone con DILAIER e uno SCUDO con un punto interrogativo che rimanda ad un sito per l'acquisto di un antispyware...di windows???
non riesco ad aprire HIJACKTHIS, se cerco di aprire il file zip mi va in tilt il sistema, scompare il desktop e poi riappare.
ewido ha identificato e ma non é riuscito a mettere in quarantena i seguenti file:
downloader.harnig.cu
downloader.adload.fu
hijacker.small.lr
Ho letteralemente le chiappette a terra!!! :cry:
ti chiuderanno il topic per titolo non esplicitativo
comunque non so che dirti
blue_tech
16-10-2006, 12:38
rifai la scansione dalla modalità provvisoria ...
Teliqalipukt
16-10-2006, 13:10
Posta un log di hijackthis nel thread in rilievo.
SkunkWorks 68
16-10-2006, 13:25
rifai la scansione dalla modalità provvisoria ...
Quoto,si può provare,disabilitando il ripristino,prima.
Questi sono i tipici casi quasi disperati :muro:
@Teliqalipukt...purtroppo HijackThis non gli va...
La cosa migliore sarebbe poter smontare il disco,metterlo come slave su un altro PC e fare una bella scansione con un buon Antivirus.
Ciao
Teliqalipukt
16-10-2006, 13:28
Mmmm..... e se provasse con hijackfree?
E' un prodotto della software house che fa a-squared. Somiglia ad hijackthis mi pare, ed è ugualmente free.
Boh, può essere un tentativo. :mc:
SkunkWorks 68
16-10-2006, 13:33
Mmmm..... e se provasse con hijackfree?
E' un prodotto della software house che fa a-squared. Somiglia ad hijackthis mi pare, ed è ugualmente free.
Boh, può essere un tentativo. :mc:
Sì,interessante.Non lo conoscevo:http://www.hijackfree.com/en/
Ciao
canadino
16-10-2006, 14:41
Fatto il riavvio in modalità provvisoria e eliminato tramite ewido i tre:
downloader.harnig.cu
downloader.adload.fu
hijacker.small.lr
Spero fin quì di aver fatto bene.
Hijackfree scaricato e installato da la seguente lista di processi
--------------------------------------------------------------
Nome ProcessID Priorità Locazione
a2hijackfree.exe 2984 Normale C:\Programmi\a-squared HiJackFree\a2hijackfree.exe
alg.exe 2712 N/A C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
ashDisp.exe 800 Normale C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
ashMaiSv.exe 2184 Normale C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
ashServ.exe 1976 Alta C:\Programmi\Alwil Software\Avast4\ashServ.exe
ashWebSv.exe 2448 Normale C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
aswUpdSv.exe 1932 Normale C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
bdmcon.exe 3376 Normale c:\programmi\softwin\bitdefender8\bdmcon.exe
bdnagent.exe 1032 Normale C:\Programmi\Softwin\BitDefender8\bdnagent.exe
bdss.exe 2132 Normale C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
csrss.exe 640 N/A C:\WINDOWS\System32\smss.exe
ewido.exe 1048 Normale C:\Programmi\ewido anti-spyware 4.0\ewido.exe
explorer.exe 2864 Normale C:\WINDOWS\explorer.exe
guard.exe 124 Normale C:\Programmi\ewido anti-spyware 4.0\guard.exe
iexplore.exe 1384 Normale C:\Programmi\Internet Explorer\iexplore.exe
iexplore.exe 2296 Normale C:\Programmi\Internet Explorer\iexplore.exe
iexplore.exe 2992 Normale C:\Programmi\Internet Explorer\iexplore.exe
jusched.exe 936 Normale C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
lsass.exe 724 Normale C:\WINDOWS\system32\lsass.exe
MDM.EXE 176 Normale C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
msmsgs.exe 1232 Normale C:\Programmi\Messenger\msmsgs.exe
qttask.exe 920 Normale C:\Programmi\QuickTime\qttask.exe
rundll32.exe 192 Normale C:\WINDOWS\system32\RunDll32.exe
SeagateNetwork.exe 1696 Normale c:\windows\seagatenetwork.exe
services.exe 712 Normale C:\WINDOWS\system32\services.exe
smss.exe 592 Normale C:\WINDOWS\System32\smss.exe
spoolsv.exe 1492 Normale C:\WINDOWS\system32\spoolsv.exe
svchost.exe 900 Normale C:\WINDOWS\system32\svchost.exe
svchost.exe 992 N/A C:\WINDOWS\system32\svchost.exe
svchost.exe 1084 Normale C:\WINDOWS\System32\svchost.exe
svchost.exe 1208 N/A C:\WINDOWS\System32\svchost.exe
svchost.exe 1344 N/A C:\WINDOWS\System32\svchost.exe
svchost.exe 1680 N/A C:\Programmi\Messenger\msmsgs.exe
System 4 Normale N/A
System Idle Processes 0 Bassa N/A
win14E.tmp.exe 3908 Normale C:\WINDOWS\TEMP\win14E.tmp.exe
winlogon.exe 664 Alta C:\WINDOWS\system32\winlogon.exe
WZQKPICK.EXE 1712 Normale C:\Programmi\WinZip\WZQKPICK.EXE
xcommsvr.exe 1156 Normale C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
---------------------------------------------------------------
Il programma permette di accedere anche ad altre funzioni...
Ditemi voi cosa é meglio postare o meno...
Grazie!
Teliqalipukt
16-10-2006, 14:47
Fatto il riavvio in modalità provvisoria e eliminato tramite ewido i tre:
downloader.harnig.cu
downloader.adload.fu
hijacker.small.lr
Spero fin quì di aver fatto bene.
Hijackfree scaricato e installato da la seguente lista di processi
--------------------------------------------------------------
Nome ProcessID Priorità Locazione
a2hijackfree.exe 2984 Normale C:\Programmi\a-squared HiJackFree\a2hijackfree.exe
alg.exe 2712 N/A C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
ashDisp.exe 800 Normale C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
ashMaiSv.exe 2184 Normale C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
ashServ.exe 1976 Alta C:\Programmi\Alwil Software\Avast4\ashServ.exe
ashWebSv.exe 2448 Normale C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
aswUpdSv.exe 1932 Normale C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
bdmcon.exe 3376 Normale c:\programmi\softwin\bitdefender8\bdmcon.exe
bdnagent.exe 1032 Normale C:\Programmi\Softwin\BitDefender8\bdnagent.exe
bdss.exe 2132 Normale C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
csrss.exe 640 N/A C:\WINDOWS\System32\smss.exe
ewido.exe 1048 Normale C:\Programmi\ewido anti-spyware 4.0\ewido.exe
explorer.exe 2864 Normale C:\WINDOWS\explorer.exe
guard.exe 124 Normale C:\Programmi\ewido anti-spyware 4.0\guard.exe
iexplore.exe 1384 Normale C:\Programmi\Internet Explorer\iexplore.exe
iexplore.exe 2296 Normale C:\Programmi\Internet Explorer\iexplore.exe
iexplore.exe 2992 Normale C:\Programmi\Internet Explorer\iexplore.exe
jusched.exe 936 Normale C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
lsass.exe 724 Normale C:\WINDOWS\system32\lsass.exe
MDM.EXE 176 Normale C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
msmsgs.exe 1232 Normale C:\Programmi\Messenger\msmsgs.exe
qttask.exe 920 Normale C:\Programmi\QuickTime\qttask.exe
rundll32.exe 192 Normale C:\WINDOWS\system32\RunDll32.exe
SeagateNetwork.exe 1696 Normale c:\windows\seagatenetwork.exe
services.exe 712 Normale C:\WINDOWS\system32\services.exe
smss.exe 592 Normale C:\WINDOWS\System32\smss.exe
spoolsv.exe 1492 Normale C:\WINDOWS\system32\spoolsv.exe
svchost.exe 900 Normale C:\WINDOWS\system32\svchost.exe
svchost.exe 992 N/A C:\WINDOWS\system32\svchost.exe
svchost.exe 1084 Normale C:\WINDOWS\System32\svchost.exe
svchost.exe 1208 N/A C:\WINDOWS\System32\svchost.exe
svchost.exe 1344 N/A C:\WINDOWS\System32\svchost.exe
svchost.exe 1680 N/A C:\Programmi\Messenger\msmsgs.exe
System 4 Normale N/A
System Idle Processes 0 Bassa N/A
win14E.tmp.exe 3908 Normale C:\WINDOWS\TEMP\win14E.tmp.exe
winlogon.exe 664 Alta C:\WINDOWS\system32\winlogon.exe
WZQKPICK.EXE 1712 Normale C:\Programmi\WinZip\WZQKPICK.EXE
xcommsvr.exe 1156 Normale C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
---------------------------------------------------------------
Il programma permette di accedere anche ad altre funzioni...
Ditemi voi cosa é meglio postare o meno...
Grazie!
Fai l'analsi on line dei processi, il programma prevede questa possibilità.
canadino
16-10-2006, 14:52
Analisi Hijackfree
-----------------------------------------------------------------------
Registry Autoruns: Result ToDo
Name: Cmaudio
Path: RunDll32 cmicnfg.cpl,CMICtrlWnd
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 2 - Bad: 0
View Details
Name: Easy-PrintToolBox
Path: C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 2 - Bad: 0
View Details
Name: avast!
Path: C:\Programmi\ALWILS~1\Avast4\ashDisp.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 4 - Bad: 0
View Details
Name: QuickTime Task
Path: C:\Programmi\QuickTime\qttask.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 0 - Bad: 0
Unknown Item
Search at Google
Name: SunJavaUpdateSched
Path: C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 2 - Bad: 0
View Details
Name: BDMCon
Path: C:\Programmi\Softwin\BitDefender8\bdmcon.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 2 - Bad: 0
View Details
Name: BDNewsAgent
Path: c:\programmi\softwin\bitdefender8\bdnagent.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 2 - Bad: 0
View Details
Name: !ewido
Path: C:\Programmi\ewido anti-spyware 4.0\ewido.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 0 - Bad: 0
Unknown Item
Search at Google
Name: MSMSGS
Path: "C:\Programmi\Messenger\msmsgs.exe"
Location: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 2 - Bad: 18
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Tricky and Other Autoruns: Result ToDo
Name: shell
Path: Explorer.exe
Location: system.ini
Not checked Unknown Item
Search at Google
Name: SET BLASTER
Path: A220 I5 D1 P330 T3
Location: autoexec.nt
Not checked Unknown Item
Search at Google
Name: dos
Path: high, umb
Location: config.nt
Not checked Unknown Item
Search at Google
Name: device
Path: %SystemRoot%\system32\himem.sys
Location: config.nt
Not checked Unknown Item
Search at Google
Name: files
Path: 40
Location: config.nt
Not checked Unknown Item
Search at Google
Name: device
Path: C:\Programmi\ALWILS~1\Avast4\aswmonds.sys
Location: config.nt
Not checked Unknown Item
Search at Google
Name: WinZip Quick Pick
Path:
Location: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Not checked Unknown Item
Search at Google
Name: SA
Path:
Location: C:\WINDOWS\tasks\
Not checked Unknown Item
Search at Google
Name: CTFMON.EXE
Path: C:\WINDOWS\System32\CTFMON.EXE
Location: HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Run\
Not checked Unknown Item
Search at Google
Name: Shell
Path: Explorer.exe
Location: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
Not checked Unknown Item
Search at Google
Name: $GT;{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
Path: C:\WINDOWS\inf\unregmp2.exe
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: $GT;{26923b43-4d38-484f-9b9e-de460746276c}
Path: C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: $GT;{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
Path: RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: $GT;{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
Path: C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {2C7339CF-2B09-4501-B3F3-F3508C9228ED}
Path: C:\WINDOWS\system32\regsvr32.exe
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
Path: "C:\Programmi\Outlook Express\setup50.exe"
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {44BBA842-CC51-11CF-AAFA-00AA00B6015B}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {5945c046-1e7d-11d1-bc44-00c04fd912be}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {7790769C-0471-11d2-AF11-00C04FA35D02}
Path: "C:\Programmi\Outlook Express\setup50.exe"
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {89820200-ECBD-11cf-8B85-00AA005B4340}
Path: regsvr32.exe
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {89820200-ECBD-11cf-8B85-00AA005B4383}
Path: C:\WINDOWS\system32\ie4uinit.exe
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: File di script VBScript
Path: C:\WINDOWS\System32\WScript.exe "%1" %*
Location: HKEY_CLASSES_ROOT\vbsfile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: File di script codificato in VBScript
Path: C:\WINDOWS\System32\WScript.exe "%1" %*
Location: HKEY_CLASSES_ROOT\vbefile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: File di script JScript
Path: C:\WINDOWS\System32\WScript.exe "%1" %*
Location: HKEY_CLASSES_ROOT\jsfile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: File di script codificato in JScript
Path: C:\WINDOWS\System32\WScript.exe "%1" %*
Location: HKEY_CLASSES_ROOT\jsefile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: File di impostazioni di Windows Script Host
Path: C:\WINDOWS\System32\WScript.exe "%1" %*
Location: HKEY_CLASSES_ROOT\wshfile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: File di script Windows
Path: C:\WINDOWS\System32\WScript.exe "%1" %*
Location: HKEY_CLASSES_ROOT\wsffile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: Applicazione
Path: "%1" %*
Location: HKEY_CLASSES_ROOT\exefile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: Applicazione per MS-DOS
Path: "%1" %*
Location: HKEY_CLASSES_ROOT\comfile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: File batch MS-DOS
Path: "%1" %*
Location: HKEY_CLASSES_ROOT\batfile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: Screen saver
Path: "%1"
Location: HKEY_CLASSES_ROOT\scrfile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: Collegamento ad un programma per MS-DOS
Path: "%1" %*
Location: HKEY_CLASSES_ROOT\piffile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: PostBootReminder
Path: C:\WINDOWS\system32\SHELL32.dll
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
Not checked Unknown Item
Search at Google
Name: CDBurn
Path: C:\WINDOWS\system32\SHELL32.dll
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
Not checked Unknown Item
Search at Google
Name: WebCheck
Path: C:\WINDOWS\System32\webcheck.dll
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
Not checked Unknown Item
Search at Google
Name: SysTray
Path: C:\WINDOWS\System32\stobject.dll
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
Not checked Unknown Item
Search at Google
Layered Service Providers (LSP): Result ToDo
Name: mswsock.dll
Path: %SystemRoot%\system32\
Location: HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\
Good: 1 - Bad: 0
View Details
Name: rsvpsp.dll
Path: %SystemRoot%\system32\
Location: HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\
Good: 1 - Bad: 0
View Details
Explorer And Browser Addons: Result ToDo
Name: Class
Path: C:\WINDOWS\bkwmp1.dll
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
ClsID: {A2F00648-FEE1-9795-AF5E-97C17406FAC5}
Good: 0 - Bad: 0
Unknown Item
Search at Google
Name: Google Toolbar Helper
Path: c:\programmi\google\googletoolbar2.dll
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
ClsID: {AA58ED58-01DD-4d91-8333-CF10577473F7}
Good: 1 - Bad: 0
View Details
Name: Hook per l'esecuzione degli URL
Path: shell32.dll
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
ClsID: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
Good: 0 - Bad: 0
Unknown Item
Search at Google
Name: CShellExecuteHookImpl Object
Path: C:\Programmi\ewido anti-spyware 4.0\shellexecutehook.dll
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
ClsID: {57B86673-276A-48B2-BAE7-C6DBB3020EB8}
Good: 0 - Bad: 0
Unknown Item
Search at Google
Local Open Ports: Result ToDo
Port: 135 TCP
Path: system (Process ID: 992)
Good: 1 - Bad: 0
View Details
Port: 139 TCP
Path: system (Process ID: 4)
Good: 1 - Bad: 0
View Details
Port: 445 TCP
Path: system (Process ID: 4)
Good: 1 - Bad: 0
View Details
Port: 1308 TCP
Path: system (Process ID: 0)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 1311 TCP
Path: system (Process ID: 0)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 1313 TCP
Path: system (Process ID: 0)
Good: 0 - Bad: 1
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Port: 1315 TCP
Path: system (Process ID: 0)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 1320 TCP
Path: system (Process ID: 0)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 1327 TCP
Path: C:\Programmi\Internet Explorer\iexplore.exe (Process ID: 2992)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 1328 TCP
Path: C:\Programmi\Alwil Software\Avast4\ashWebSv.exe (Process ID: 2448)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 1329 TCP
Path: C:\Programmi\Internet Explorer\iexplore.exe (Process ID: 2992)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 1330 TCP
Path: C:\Programmi\Alwil Software\Avast4\ashWebSv.exe (Process ID: 2448)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 1331 TCP
Path: C:\Programmi\Internet Explorer\iexplore.exe (Process ID: 2992)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 1332 TCP
Path: C:\Programmi\Alwil Software\Avast4\ashWebSv.exe (Process ID: 2448)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 1333 TCP
Path: C:\Programmi\Internet Explorer\iexplore.exe (Process ID: 2992)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 1334 TCP
Path: C:\Programmi\Alwil Software\Avast4\ashWebSv.exe (Process ID: 2448)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 1335 TCP
Path: C:\Programmi\Internet Explorer\iexplore.exe (Process ID: 2296)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 1336 TCP
Path: C:\Programmi\Alwil Software\Avast4\ashWebSv.exe (Process ID: 2448)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 1337 TCP
Path: C:\Programmi\Internet Explorer\iexplore.exe (Process ID: 2296)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 1338 TCP
Path: C:\Programmi\Alwil Software\Avast4\ashWebSv.exe (Process ID: 2448)
Good: 0 - Bad: 1
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Port: 12025 TCP
Path: C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe (Process ID: 2184)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 12080 TCP
Path: C:\Programmi\Alwil Software\Avast4\ashWebSv.exe (Process ID: 2448)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 12080 TCP
Path: system (Process ID: 0)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 12110 TCP
Path: C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe (Process ID: 2184)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 12119 TCP
Path: C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe (Process ID: 2184)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 12143 TCP
Path: C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe (Process ID: 2184)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 123 UDP
Path: C:\WINDOWS\System32\svchost.exe (Process ID: 1084)
Good: 1 - Bad: 0
View Details
Port: 137 UDP
Path: system (Process ID: 4)
Good: 1 - Bad: 0
View Details
Port: 138 UDP
Path: system (Process ID: 4)
Good: 1 - Bad: 0
View Details
Port: 445 UDP
Path: system (Process ID: 4)
Good: 1 - Bad: 0
View Details
Port: 500 UDP
Path: C:\WINDOWS\system32\lsass.exe (Process ID: 724)
Good: 1 - Bad: 0
View Details
Port: 1025 UDP
Path: system (Process ID: 1208)
Good: 1 - Bad: 1
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Port: 1033 UDP
Path: C:\Programmi\Internet Explorer\iexplore.exe (Process ID: 1384)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 1052 UDP
Path: C:\Programmi\Internet Explorer\iexplore.exe (Process ID: 2296)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 1087 UDP
Path: C:\Programmi\Internet Explorer\iexplore.exe (Process ID: 2992)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 1900 UDP
Path: system (Process ID: 1344)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 4500 UDP
Path: C:\WINDOWS\system32\lsass.exe (Process ID: 724)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Running Processes: Result ToDo
Name: [System Process]
Process ID: 0
Path:
Info: Threads: 2 - Priority: N/A - Visible: No
Good: 1 - Bad: 0
View Details
Name: System
Process ID: 4
Path:
Info: Threads: 70 - Priority: Normale - Visible: No
Good: 1 - Bad: 0
View Details
Name: guard.exe
Process ID: 124
Path: C:\Programmi\ewido anti-spyware 4.0\guard.exe
Info: Threads: 9 - Priority: Normale - Visible: No
Good: 1 - Bad: 0
View Details
Name: MDM.EXE
Process ID: 176
Path: C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
Info: Threads: 5 - Priority: Normale - Visible: No
Good: 1 - Bad: 0
View Details
Name: rundll32.exe
Process ID: 192
Path: C:\WINDOWS\system32\RunDll32.exe
Info: Threads: 2 - Priority: Normale - Visible: No
Good: 1 - Bad: 0
View Details
Name: a2hijackfree.exe (a-squared HiJackFree)
Process ID: 456
Path: C:\Programmi\a-squared HiJackFree\a2hijackfree.exe
Info: Threads: 4 - Priority: Normale - Visible: Si
Good: 1 - Bad: 0
View Details
Name: smss.exe
Process ID: 592
Path: C:\WINDOWS\System32\smss.exe
Info: Threads: 3 - Priority: Normale - Visible: No
Good: 1 - Bad: 2
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: csrss.exe
Process ID: 640
Path: C:\WINDOWS\System32\smss.exe
Info: Threads: 11 - Priority: N/A - Visible: No
Good: 1 - Bad: 3
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: winlogon.exe
Process ID: 664
Path: C:\WINDOWS\system32\winlogon.exe
Info: Threads: 22 - Priority: Alta - Visible: No
Good: 1 - Bad: 2
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: services.exe
Process ID: 712
Path: C:\WINDOWS\system32\services.exe
Info: Threads: 17 - Priority: Normale - Visible: No
Good: 1 - Bad: 3
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: lsass.exe
Process ID: 724
Path: C:\WINDOWS\system32\lsass.exe
Info: Threads: 20 - Priority: Normale - Visible: No
Good: 1 - Bad: 0
View Details
Name: ashDisp.exe
Process ID: 800
Path: C:\Programmi\ALWILS~1\Avast4\ashDisp.exe
Info: Threads: 10 - Priority: Normale - Visible: No
Good: 1 - Bad: 0
View Details
Name: svchost.exe
Process ID: 900
Path: C:\WINDOWS\system32\svchost.exe
Info: Threads: 17 - Priority: Normale - Visible: No
Good: 1 - Bad: 2
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: qttask.exe
Process ID: 920
Path: C:\Programmi\QuickTime\qttask.exe
Info: Threads: 3 - Priority: Normale - Visible: No
Good: 1 - Bad: 0
View Details
Name: jusched.exe
Process ID: 936
Path: C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
Info: Threads: 2 - Priority: Normale - Visible: No
Good: 2 - Bad: 0
View Details
Name: svchost.exe
Process ID: 992
Path: C:\WINDOWS\system32\svchost.exe
Info: Threads: 10 - Priority: N/A - Visible: No
Good: 1 - Bad: 2
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: bdnagent.exe
Process ID: 1032
Path: C:\Programmi\Softwin\BitDefender8\bdnagent.exe
Info: Threads: 2 - Priority: Normale - Visible: No
Good: 1 - Bad: 0
View Details
Name: ewido.exe
Process ID: 1048
Path: C:\Programmi\ewido anti-spyware 4.0\ewido.exe
Info: Threads: 14 - Priority: Normale - Visible: No
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: svchost.exe
Process ID: 1084
Path: C:\WINDOWS\System32\svchost.exe
Info: Threads: 64 - Priority: Normale - Visible: No
Good: 1 - Bad: 2
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: xcommsvr.exe
Process ID: 1156
Path: C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
Info: Threads: 3 - Priority: Normale - Visible: No
Good: 1 - Bad: 0
View Details
Name: svchost.exe
Process ID: 1208
Path: C:\WINDOWS\System32\svchost.exe
Info: Threads: 7 - Priority: N/A - Visible: No
Good: 1 - Bad: 2
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: msmsgs.exe
Process ID: 1232
Path: C:\Programmi\Messenger\msmsgs.exe
Info: Threads: 4 - Priority: Normale - Visible: No
Good: 1 - Bad: 0
View Details
Name: svchost.exe
Process ID: 1344
Path: C:\WINDOWS\System32\svchost.exe
Info: Threads: 14 - Priority: N/A - Visible: No
Good: 1 - Bad: 2
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: iexplore.exe (Hardware Upgrade Forum - PAZZESCO! - Microsoft Internet Explorer)
Process ID: 1384
Path: C:\Programmi\Internet Explorer\iexplore.exe
Info: Threads: 22 - Priority: Normale - Visible: Si
Good: 1 - Bad: 0
View Details
Name: spoolsv.exe
Process ID: 1492
Path: C:\WINDOWS\system32\spoolsv.exe
Info: Threads: 13 - Priority: Normale - Visible: No
Good: 1 - Bad: 0
View Details
Name: svchost.exe
Process ID: 1680
Path: C:\Programmi\Messenger\msmsgs.exe
Info: Threads: 6 - Priority: N/A - Visible: No
Good: 1 - Bad: 2
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: SeagateNetwork.exe
Process ID: 1696
Path: c:\windows\seagatenetwork.exe
Info: Threads: 4 - Priority: Normale - Visible: No
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: WZQKPICK.EXE
Process ID: 1712
Path: C:\Programmi\WinZip\WZQKPICK.EXE
Info: Threads: 2 - Priority: Normale - Visible: No
Good: 1 - Bad: 0
View Details
Name: aswUpdSv.exe
Process ID: 1932
Path: C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
Info: Threads: 4 - Priority: Normale - Visible: No
Good: 1 - Bad: 0
View Details
Name: ashServ.exe
Process ID: 1976
Path: C:\Programmi\Alwil Software\Avast4\ashServ.exe
Info: Threads: 27 - Priority: Alta - Visible: No
Good: 1 - Bad: 0
View Details
Name: bdss.exe
Process ID: 2132
Path: C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
Info: Threads: 7 - Priority: Normale - Visible: No
Good: 1 - Bad: 0
View Details
Name: ashMaiSv.exe
Process ID: 2184
Path: C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
Info: Threads: 9 - Priority: Normale - Visible: No
Good: 1 - Bad: 0
View Details
Name: iexplore.exe (Rivista Internet di Viticoltura e Enologia - Microsoft Internet Explorer)
Process ID: 2296
Path: C:\Programmi\Internet Explorer\iexplore.exe
Info: Threads: 16 - Priority: Normale - Visible: Si
Good: 1 - Bad: 0
View Details
Name: ashWebSv.exe
Process ID: 2448
Path: C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
Info: Threads: 19 - Priority: Normale - Visible: No
Good: 1 - Bad: 0
View Details
Name: alg.exe
Process ID: 2712
Path: C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
Info: Threads: 4 - Priority: N/A - Visible: No
Good: 1 - Bad: 1
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: explorer.exe
Process ID: 2864
Path: C:\WINDOWS\explorer.exe
Info: Threads: 12 - Priority: Normale - Visible: No
Good: 2 - Bad: 1
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: iexplore.exe (Rivista Internet di Viticoltura e Enologia - Microsoft Internet Explorer)
Process ID: 2992
Path: C:\Programmi\Internet Explorer\iexplore.exe
Info: Threads: 18 - Priority: Normale - Visible: Si
Good: 1 - Bad: 0
View Details
Name: bdmcon.exe
Process ID: 3376
Path: c:\programmi\softwin\bitdefender8\bdmcon.exe
Info: Threads: 4 - Priority: Normale - Visible: No
Good: 1 - Bad: 0
View Details
Name: win52.tmp.exe
Process ID: 3604
Path: C:\WINDOWS\TEMP\win52.tmp.exe
Info: Threads: 2 - Priority: Normale - Visible: No
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
canadino
16-10-2006, 14:57
Praticamente devo cercare tutto su google? mah!? :stordita:
Teliqalipukt
16-10-2006, 15:14
Praticamente devo cercare tutto su google? mah!? :stordita:
Di tutto no, di quello che non conosci sì.
Comunque a questo punto, visto che l'abbiamo menzionato, fai pure una scansione con a squared (e ti raccomando di fare attenzione a quello che trova con l'euristica, perchè soffre un pochettino di falsi positivi ;) )
Il log di hijackfree postalo nel thread di hijackthis, magari mettendo in anteprima il collegamento a questo thread e specificando che hai fatto questo log perchè hijackthis non ti funziona.
Sicuramente lì troverai qualcuno che saprà darti un aiuto ad interpretarlo ;)
canadino
16-10-2006, 15:32
E' dura, troppo dura...mi sa tanto che questa volta vince lui...
Non mi fa neppure cercare in google la parola hijackthis...
Grazie comunque di tutto...
Pitagora
16-10-2006, 15:35
Prova a far passare questo: http://www.tgsoft.it/italy/index_ita.html
canadino
17-10-2006, 07:35
Fatto passare anche Vir.it ma ancora nulla...
juninho85
17-10-2006, 07:43
Vi prego aiutatemi, non so più che fare...Ho seguito e letto la guida!!!
Ho utilizzato fino a adesso:
1)Ad-aware
2)Spybot
3)Bitdefender
4)ewido
ma continuano a comparire finestre con un disegnino con scritto:
idd2B.tmp NON RIESCO A TROVARE UN MODEM PER LA CONNESSIONE
idd12E.tmp NON RIESCO A TROVARE UN MODEM PER LA CONNESSIONE
etc. etc.
compaiono icone con DILAIER e uno SCUDO con un punto interrogativo che rimanda ad un sito per l'acquisto di un antispyware...di windows???
non riesco ad aprire HIJACKTHIS, se cerco di aprire il file zip mi va in tilt il sistema, scompare il desktop e poi riappare.
ewido ha identificato e ma non é riuscito a mettere in quarantena i seguenti file:
downloader.harnig.cu
downloader.adload.fu
hijacker.small.lr
Ho letteralemente le chiappette a terra!!! :cry:
devi postare qui (http://www.hwupgrade.it/forum/forumdisplay.php?f=125)
blue_tech
17-10-2006, 10:37
fai una scansione online da qui -> http://it.trendmicro-europe.com/consumer/housecall/housecall_launch.php
stesio54
17-10-2006, 11:24
devi postare qui (http://www.hwupgrade.it/forum/forumdisplay.php?f=125)
:O
vBulletin® v3.6.4, Copyright ©2000-2025, Jelsoft Enterprises Ltd.