PDA

View Full Version : duplicazione di tutti i processi!!!

pikkolino
02-07-2004, 14:07
riporto intanto il file di hijackthis

Logfile of HijackThis v1.98.0
Scan saved at 14:51:48, on 2004-7-2
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\TEMP\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\TEMP\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\TEMP\spoolsv.exe
C:\WINDOWS\system32\netcom.exe
C:\WINDOWS\TEMP\netcom.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\srvany.exe
C:\WINDOWS\TEMP\srvany.exe
C:\WINDOWS\TEMP\resetservice.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\rundll32.exe
C:\DOCUME~1\alessia1\LOCALS~1\Temp\rundll32.exe
C:\DOCUME~1\alessia1\LOCALS~1\Temp\atiptaxx.exe
C:\WINDOWS\System32\devldr32.exe
C:\DOCUME~1\alessia1\LOCALS~1\Temp\devldr32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\DOCUME~1\alessia1\LOCALS~1\Temp\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\DOCUME~1\alessia1\LOCALS~1\Temp\evntsvc.exe
C:\WINDOWS\System32\desktop.exe
C:\DOCUME~1\alessia1\LOCALS~1\Temp\desktop.exe
C:\WINDOWS\System32\ctfmon.exe
C:\DOCUME~1\alessia1\LOCALS~1\Temp\ctfmon.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\WINDOWS\System32\taskmgr.exe
C:\DOCUME~1\alessia1\LOCALS~1\Temp\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\alessia1\LOCALS~1\Temp\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Downloads\HijackThis.exe
C:\DOCUME~1\alessia1\LOCALS~1\Temp\HijackThis.exe

R3 - URLSearchHook: ÉÏÍøÖúÊÖ - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - C:\PROGRA~1\3721\assist\assist.dll
O2 - BHO: ÉÏÍøÖúÊÖ - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - C:\PROGRA~1\3721\assist\assist.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus Professional\NavShExt.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll
O3 - Toolbar: µç̨(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus Professional\NavShExt.dll
O3 - Toolbar: ÉÏÍøÖúÊÖ - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - C:\PROGRA~1\3721\assist\assist.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroCheck] rem C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\RunServices: [MS Sound Config 16bit] sndcfg16.exe
O4 - HKLM\..\RunServices: [Microsoft Update] winsys.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: ʹÓÃÍø¼Ê¿ì³µÏÂÔØ - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: ʹÓÃÍø¼Ê¿ì³µÏÂÔØÈ«²¿Á´½Ó - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: µ¼³öµ½ Microsoft Excel(&x) - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: ÊÖ»ú¶ÌÐÅ - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - Extra button: Çé¾°ÁÄÌì - {0F7DE07D-BD74-4991-9D5F-ECBB8391875D} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: ÉÏÍøÖúÊÖ - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - Extra button: ÍøÖ·´óÈ« - {C18CB140-0BBB-11D4-8FE8-0088CC102438} - http://www.k369.com/mp3wz.htm (file missing)
O9 - Extra 'Tools' menuitem: ÍøÖ·´óÈ« - {C18CB140-0BBB-11D4-8FE8-0088CC102438} - http://www.k369.com/mp3wz.htm (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\qq\QQ.exe
O9 - Extra 'Tools' menuitem: ÌÚѶQQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\qq\QQ.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: ÐÞ¸´ä¯ÀÀÆ÷ - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: ÇåÀíÉÏÍø¼Ç¼ - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra button: Alice - {E8BEE8F1-8E8E-458B-A9B8-8DC6908E817C} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O11 - Options group: [!CNS] ÍøÂçʵÃû
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
pikkolino
02-07-2004, 14:08
inoltre ci sono varie icone bianche quali notepad, notron e altri programmi

il hdd e' sempre al lavoro che nn si sa cosa fa...
pero' una volta terminato il processo ndetect sembra calmarsi un po'...

c'e' quella cartella temp molto sospetta...pero' nn so cosa devo fare!!!

aiuto!!!
pikkolino
02-07-2004, 14:17
http://hyang.altervista.org/2.JPG


:eek: :cry: :cry: :cry: :cry:
Bilancino
02-07-2004, 14:40
Condoglianze amico.........il tuo pc è una fogna :D

Comunque vedo una alessia1....chi è?

Ciao
pikkolino
02-07-2004, 14:57
Originariamente inviato da Bilancino
Condoglianze amico.........il tuo pc è una fogna :D

Comunque vedo una alessia1....chi è?

Ciao

e' una fogna in che senso??? :eek: :cry: :cry: :cry:
pikkolino
02-07-2004, 15:19
ho inoltre notato una cosa strana...ogni volta che eseguo qlc si copia nella cartella documents and settings\nome\locals~1\temp....cosa puo' essere?!!??!?!??!

aiuto!!!!:cry: :cry: :cry: :cry:
MrOZ
02-07-2004, 18:00
Ciao prova con l'ultima procedura di questo 3d http://forum.hwupgrade.it/showthread.php?s=&threadid=693374&pagenumber=3. poi prova con adaware6 e spybot 1.3 aggiornati.


poi xò mi fai conoscere alessia1 :D :D :oink:
Pezzulu
02-07-2004, 18:19
Originariamente inviato da MrOZ


poi xò mi fai conoscere alessia1 :D :D :oink:


L'avrei chiesto io :oink: :D
ps:non mi hai risposto al pvt....fa niente mi sa che ho risolto da solo;)
MrOZ
02-07-2004, 20:09
Originariamente inviato da Pezzulu

ps:non mi hai risposto al pvt....fa niente mi sa che ho risolto da solo;)

scusami ma non ho proprio avuto tempo questa settimana... l'avrei fatto nel weekend... se ti interessa ancora dimmelo.

Ciao