aacge
21-11-2006, 14:16
in seguito all' installazione di una crack, il computer non mi faceva piu
accedere al task manager dicendomi che non ero autorizzato
dall'amministrarore che sono io, al nod32 control center dandomi questo
messagio "si è verificato un errore durante la comunicazione con il servizio
kernel di nod 32", non apre più in automatico i programmi all'avvio di
windows , al firewall di windows non mi fa più accedere. allora ho fatto uno
scan di ad-aware, spybot search & destroy e di nod32 che mi hanno rilevato
alcuni virus che ho eliminato.Il problema è ancora esistente, l'accesso al
task manager è stato riabilitato ma del nod 32 control center e del firewall
di windows no e l' avvio dei programmi all'accesso di windows non avviene.
non so che fare. provo a mandarvi uno scan di HijackThis
Logfile of HijackThis v1.99.0
Scan saved at 15.14.25, on 21/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Documents and Settings\Gia\Desktop\Nuova cartella\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/free
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.creative.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\PROGRA~1\DAP\DAPIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] -HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] -RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] -ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] -C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [ATICCC] -"C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Omnipage] -C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] -C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62"
O4 - HKLM\..\Run: [Register MediaRing Talk] -C:\Programmi\MediaRing Talk\register.exe
O4 - HKLM\..\Run: [NWEReboot] -
O4 - HKLM\..\Run: [NeroFilterCheck] -C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] -"C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DownloadAccelerator] -"C:\Programmi\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [DAEMON Tools-1033] -"C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] -C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [nod32kui] -"C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TkBellExe] -"C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CBitSpirit] -"C:\Programmi\BitSpirit\BitSpirit.exe" /start
O4 - HKLM\..\Run: [CloneCDTray] -"C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] Neverwinter Nights 2
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKCU\..\Run: [CTFMON.EXE] -C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] -"C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] -"C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] -C:\Programmi\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programmi\eMule\emule.exe -AutoStart
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.creative.com
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown - -"C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EPSON Printer Status Agent2 - Unknown - -C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NOD32 Kernel Service - Unknown - -"C:\Programmi\Eset\nod32krn.exe (file missing)
O23 - Service: Office Source Engine - Unknown - -"C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: StarWind iSCSI Service - Unknown - -C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
accedere al task manager dicendomi che non ero autorizzato
dall'amministrarore che sono io, al nod32 control center dandomi questo
messagio "si è verificato un errore durante la comunicazione con il servizio
kernel di nod 32", non apre più in automatico i programmi all'avvio di
windows , al firewall di windows non mi fa più accedere. allora ho fatto uno
scan di ad-aware, spybot search & destroy e di nod32 che mi hanno rilevato
alcuni virus che ho eliminato.Il problema è ancora esistente, l'accesso al
task manager è stato riabilitato ma del nod 32 control center e del firewall
di windows no e l' avvio dei programmi all'accesso di windows non avviene.
non so che fare. provo a mandarvi uno scan di HijackThis
Logfile of HijackThis v1.99.0
Scan saved at 15.14.25, on 21/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Documents and Settings\Gia\Desktop\Nuova cartella\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/free
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.creative.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\PROGRA~1\DAP\DAPIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] -HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] -RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] -ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] -C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [ATICCC] -"C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Omnipage] -C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] -C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62"
O4 - HKLM\..\Run: [Register MediaRing Talk] -C:\Programmi\MediaRing Talk\register.exe
O4 - HKLM\..\Run: [NWEReboot] -
O4 - HKLM\..\Run: [NeroFilterCheck] -C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] -"C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DownloadAccelerator] -"C:\Programmi\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [DAEMON Tools-1033] -"C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] -C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [nod32kui] -"C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TkBellExe] -"C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CBitSpirit] -"C:\Programmi\BitSpirit\BitSpirit.exe" /start
O4 - HKLM\..\Run: [CloneCDTray] -"C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] Neverwinter Nights 2
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKCU\..\Run: [CTFMON.EXE] -C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] -"C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] -"C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] -C:\Programmi\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programmi\eMule\emule.exe -AutoStart
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.creative.com
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown - -"C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EPSON Printer Status Agent2 - Unknown - -C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NOD32 Kernel Service - Unknown - -"C:\Programmi\Eset\nod32krn.exe (file missing)
O23 - Service: Office Source Engine - Unknown - -"C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: StarWind iSCSI Service - Unknown - -C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)