morpheus85
28-07-2005, 14:25
E da quando ho installato win 2000 (prima avevo il Me) che mi esce questo messaggio:
Che devo fare????
Che devo fare????
View Full Version : Aiutoooooooooooooooooooo
lukkissimo
28-07-2005, 14:31
è qualche troin virus, scansiona con qualke antivirus tosto (ti consiglio Kaspersky ma nn è free), utilizza Spyboot o Ad-Aware, metti un buon firewall (sygate - outpost - kerio), controlla il registo con Hijackthis
GiacoXp
28-07-2005, 14:39
disabilita i msg e non dovrebbe piu appariti
Esegui > net stop messenger
:D fammi sapere
Esegui > net stop messenger
:D fammi sapere
morpheus85
28-07-2005, 14:48
è qualche troin virus, scansiona con qualke antivirus tosto (ti consiglio Kaspersky ma nn è free), utilizza Spyboot o Ad-Aware, metti un buon firewall (sygate - outpost - kerio), controlla il registo con Hijackthis
Adesso l'ho installato stavo facendo soltanto l'aggiornamento nel Norton :muro:
Adesso l'ho installato stavo facendo soltanto l'aggiornamento nel Norton :muro:
morpheus85
28-07-2005, 15:08
Spybot ha rilevato:
Avenue A, Inc.: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)
Alexa Related: What's related link (Replace file, nothing done)
C:\WINNT\Web\RELATED.HTM
DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-1580436667-1343024091-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
Adesso?
Avenue A, Inc.: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)
Alexa Related: What's related link (Replace file, nothing done)
C:\WINNT\Web\RELATED.HTM
DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-1580436667-1343024091-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
Adesso?
morpheus85
28-07-2005, 15:11
disabilita i msg e non dovrebbe piu appariti
Esegui > net stop messenger
:D fammi sapere
Funziona :)
Esegui > net stop messenger
:D fammi sapere
Funziona :)
morpheus85
28-07-2005, 15:12
Logfile of HijackThis v1.99.0
Scan saved at 15.08.44, on 28/07/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Programmi\SuperRam\SuperRam.exe
C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINNT\system32\wuauclt.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINNT\system32\internat.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\File comuni\Symantec Shared\cfgwiz.exe
C:\Programmi\Opera\Opera.exe
C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tele2.it/redirect/startpage/adsl/ita
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SuperRam] "C:\Programmi\SuperRam\SuperRam.exe" /start
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{64D3DC0B-58A8-4F42-BC85-F55338952891}: NameServer = 130.244.127.161 130.244.127.169
O17 - HKLM\System\CS1\Services\Tcpip\..\{64D3DC0B-58A8-4F42-BC85-F55338952891}: NameServer = 130.244.127.161 130.244.127.169
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Servizio amministrativo di Gestione disco logico - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
Questo è il risultato di Hijackthis :help:
Scan saved at 15.08.44, on 28/07/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Programmi\SuperRam\SuperRam.exe
C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINNT\system32\wuauclt.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINNT\system32\internat.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\File comuni\Symantec Shared\cfgwiz.exe
C:\Programmi\Opera\Opera.exe
C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tele2.it/redirect/startpage/adsl/ita
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SuperRam] "C:\Programmi\SuperRam\SuperRam.exe" /start
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{64D3DC0B-58A8-4F42-BC85-F55338952891}: NameServer = 130.244.127.161 130.244.127.169
O17 - HKLM\System\CS1\Services\Tcpip\..\{64D3DC0B-58A8-4F42-BC85-F55338952891}: NameServer = 130.244.127.161 130.244.127.169
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Servizio amministrativo di Gestione disco logico - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
Questo è il risultato di Hijackthis :help:
GiacoXp
28-07-2005, 15:23
O17 - HKLM\System\CCS\Services\Tcpip\..\{64D3DC0B-58A8-4F42-BC85-F55338952891}: NameServer = 130.244.127.161 130.244.127.169
O17 - HKLM\System\CS1\Services\Tcpip\..\{64D3DC0B-58A8-4F42-BC85-F55338952891}: NameServer = 130.244.127.161 130.244.127.169
risultano sospetti io li cancellerei
O17 - HKLM\System\CS1\Services\Tcpip\..\{64D3DC0B-58A8-4F42-BC85-F55338952891}: NameServer = 130.244.127.161 130.244.127.169
risultano sospetti io li cancellerei
morpheus85
28-07-2005, 15:31
Ad aware invece mi ha trovato questi:
ArchiveData(auto-quarantine- 28-07-2005 15-28-15.bckp) ====================================================== ALEXA ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ obj[0]=RegKey : SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} WINDOWS ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ obj[1]=RegData : .DEFAULT\Software\Microsoft\MediaPlayer\Player\Settings obj[2]=RegData : Software\Microsoft\MediaPlayer\Player\Settings TRACKING COOKIE ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ obj[3]=File : c:\documents and settings\administrator\cookies\[email protected][1].txt obj[4]=File : c:\documents and settings\administrator\cookies\administrator@tradedoubler[1].txt
ArchiveData(auto-quarantine- 28-07-2005 15-28-15.bckp) ====================================================== ALEXA ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ obj[0]=RegKey : SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} WINDOWS ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ obj[1]=RegData : .DEFAULT\Software\Microsoft\MediaPlayer\Player\Settings obj[2]=RegData : Software\Microsoft\MediaPlayer\Player\Settings TRACKING COOKIE ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ obj[3]=File : c:\documents and settings\administrator\cookies\[email protected][1].txt obj[4]=File : c:\documents and settings\administrator\cookies\administrator@tradedoubler[1].txt
morpheus85
28-07-2005, 15:36
O17 - HKLM\System\CCS\Services\Tcpip\..\{64D3DC0B-58A8-4F42-BC85-F55338952891}: NameServer = 130.244.127.161 130.244.127.169
O17 - HKLM\System\CS1\Services\Tcpip\..\{64D3DC0B-58A8-4F42-BC85-F55338952891}: NameServer = 130.244.127.161 130.244.127.169
risultano sospetti io li cancellerei
Risultato:
Logfile of HijackThis v1.99.0
Scan saved at 15.33.47, on 28/07/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Programmi\SuperRam\SuperRam.exe
C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINNT\system32\wuauclt.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINNT\system32\internat.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\File comuni\Symantec Shared\cfgwiz.exe
C:\Programmi\Opera\Opera.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tele2.it/redirect/startpage/adsl/ita
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SuperRam] "C:\Programmi\SuperRam\SuperRam.exe" /start
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Servizio amministrativo di Gestione disco logico - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O17 - HKLM\System\CS1\Services\Tcpip\..\{64D3DC0B-58A8-4F42-BC85-F55338952891}: NameServer = 130.244.127.161 130.244.127.169
risultano sospetti io li cancellerei
Risultato:
Logfile of HijackThis v1.99.0
Scan saved at 15.33.47, on 28/07/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Programmi\SuperRam\SuperRam.exe
C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINNT\system32\wuauclt.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINNT\system32\internat.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\File comuni\Symantec Shared\cfgwiz.exe
C:\Programmi\Opera\Opera.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tele2.it/redirect/startpage/adsl/ita
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SuperRam] "C:\Programmi\SuperRam\SuperRam.exe" /start
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Servizio amministrativo di Gestione disco logico - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
GiacoXp
28-07-2005, 15:39
:mano:
morpheus85
28-07-2005, 15:52
:mano:
Perfetto, grazie a tutti. :)
Perfetto, grazie a tutti. :)
vBulletin® v3.6.4, Copyright ©2000-2026, Jelsoft Enterprises Ltd.