Discussione: Help Dialer!!
View Single Post
Old 14-08-2005, 16:32   #30
gandalf3000
Member
 
Iscritto dal: Jul 2005
Messaggi: 70
sotto riporto il log, pero al momento credo di non avere nessuno problema col portatile. anche se kaspersky sia ora che in passato mi ha sempre dato 2 virus che non riusciva a eliminare, puo essere che questi due virus sono causati da adware o spybot? infatti qualche minuto prima kaspersky tenta di analizzare alcuni archivi protetti da password di spybot. cmq i collegamenti dei presunti virus non risultano esatti, infatti li non li trovo.
i nomi dei virus sarebbero: trojan-downloader.js.istbar e xeploit.html
è qualcosa che non si può togliere o altro?


Logfile of HijackThis v1.99.1
Scan saved at 17.28.02, on 14/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\UStorSrv.exe
C:\Programmi\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programmi\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Programmi\HP\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programmi\HP\HP Share-to-Web\hpgs2wnf.exe
C:\FlashEnc\FlashEnc.exe
C:\Programmi\Apoint2K\Apntex.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Programmi\GetRight\getright.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\GetRight\getright.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Giuseppe\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programmi\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [CamMonitor] C:\Programmi\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programmi\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [FlashEnc] c:\FlashEnc\FlashEnc.exe
O4 - HKLM\..\Run: [KAVPersonal50] C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Startup: desktop(2)(2).ini
O4 - Startup: desktop(2)(3)(2)(2)(2)(2).ini
O4 - Startup: desktop(2)(3)(2)(2)(2).ini
O4 - Startup: desktop(2)(3)(2)(2)(3).ini
O4 - Startup: desktop(2)(3)(2)(2).ini
O4 - Startup: desktop(2)(3)(2)(3)(2).ini
O4 - Startup: desktop(2)(3)(2)(3).ini
O4 - Startup: desktop(2)(3)(2)(4).ini
O4 - Startup: desktop(2)(3)(2).ini
O4 - Startup: desktop(2)(3)(3)(2)(2).ini
O4 - Startup: desktop(2)(3)(3)(2).ini
O4 - Startup: desktop(2)(3)(3)(3).ini
O4 - Startup: desktop(2)(3)(3).ini
O4 - Startup: desktop(2)(3)(4)(2).ini
O4 - Startup: desktop(2)(3)(4).ini
O4 - Startup: desktop(2)(3)(5).ini
O4 - Startup: desktop(2)(3).ini
O4 - Startup: desktop(2)(4)(2)(2).ini
O4 - Startup: desktop(2)(4)(2).ini
O4 - Startup: desktop(2)(4)(3).ini
O4 - Startup: desktop(2)(4).ini
O4 - Startup: desktop(2)(5)(2).ini
O4 - Startup: desktop(2)(5).ini
O4 - Startup: desktop(2)(6).ini
O4 - Startup: desktop(2).ini
O4 - Startup: desktop(3).ini
O4 - Startup: desktop(4)(2)(2).ini
O4 - Startup: desktop(4)(2).ini
O4 - Startup: desktop(4)(3).ini
O4 - Startup: desktop(4).ini
O4 - Startup: desktop(5)(2).ini
O4 - Startup: desktop(5).ini
O4 - Startup: desktop(6).ini
O4 - Global Startup: desktop(2)(2).ini
O4 - Global Startup: desktop(2)(3)(2)(2)(2)(2).ini
O4 - Global Startup: desktop(2)(3)(2)(2)(2).ini
O4 - Global Startup: desktop(2)(3)(2)(2)(3).ini
O4 - Global Startup: desktop(2)(3)(2)(2).ini
O4 - Global Startup: desktop(2)(3)(2)(3)(2).ini
O4 - Global Startup: desktop(2)(3)(2)(3).ini
O4 - Global Startup: desktop(2)(3)(2)(4).ini
O4 - Global Startup: desktop(2)(3)(2).ini
O4 - Global Startup: desktop(2)(3)(3)(2)(2).ini
O4 - Global Startup: desktop(2)(3)(3)(2).ini
O4 - Global Startup: desktop(2)(3)(3)(3).ini
O4 - Global Startup: desktop(2)(3)(3).ini
O4 - Global Startup: desktop(2)(3)(4)(2).ini
O4 - Global Startup: desktop(2)(3)(4).ini
O4 - Global Startup: desktop(2)(3)(5).ini
O4 - Global Startup: desktop(2)(3).ini
O4 - Global Startup: desktop(2)(4)(2)(2).ini
O4 - Global Startup: desktop(2)(4)(2).ini
O4 - Global Startup: desktop(2)(4)(3).ini
O4 - Global Startup: desktop(2)(4).ini
O4 - Global Startup: desktop(2)(5)(2).ini
O4 - Global Startup: desktop(2)(5).ini
O4 - Global Startup: desktop(2)(6).ini
O4 - Global Startup: desktop(2).ini
O4 - Global Startup: desktop(3).ini
O4 - Global Startup: desktop(4)(2)(2).ini
O4 - Global Startup: desktop(4)(2).ini
O4 - Global Startup: desktop(4)(3).ini
O4 - Global Startup: desktop(4).ini
O4 - Global Startup: desktop(5)(2).ini
O4 - Global Startup: desktop(5).ini
O4 - Global Startup: desktop(6).ini
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Programmi\GetRight\getright.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\\MAIN.MHT!http://207.44.186.186/b/online.chm::/on-line.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A61AE53-ACB9-4D5D-8B9B-EA9792C4FBC2}: NameServer = 213.230.155.94 213.230.130.222
O23 - Service: FreePOPs - Unknown owner - C:\Programmi\FreePOPs\freepopsservice.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
gandalf3000 è offline   Rispondi citando il messaggio o parte di esso