|
|||||||
|
|
|
 |
|
|
Strumenti |
11-06-2006, 12:16
|
#1 |
|
Bannato
Iscritto dal: Oct 2004
Città: Verona
Messaggi: 227
|
Problema con internet
Allora in questi giorni mi si crea di continuo una nuova connessione(io ho il 56k) di nome "internet" che ha lo stesso numero di quell'altra,e dopo un po' che sono collegata con la mia si disconnette e cerca di connettersi questa ma infostrada dice che il numero è inesistente..ho provato con norton,ewido,a cercare in c: ma niente..continuo ad aver sta rogna,ma che può essere??
|
|
|
11-06-2006, 12:27
|
#2 |
|
Senior Member
Iscritto dal: Feb 2006
Messaggi: 642
|
Sicuramente hai preso un dialer fai un log con HiJackThis e postalo in questo 3d http://www.hwupgrade.it/forum/showthread.php?t=937676 (trovi anche le istruzioni) indicando i sintomi.
P.S. leggi pure qui http://www.hwupgrade.it/forum/showthread.php?t=1142673 |
|
|
|
11-06-2006, 13:15
|
#3 |
|
Bannato
Iscritto dal: Oct 2004
Città: Verona
Messaggi: 227
|
--------------------------------------------------------------------------------Logfile of HijackThis v1.99.1
Scan saved at 13.10.38, on 11/06/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Intel\Wireless\Bin\EvtEng.exe C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe C:\Programmi\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\Programmi\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe C:\Programmi\ewido anti-malware\ewidoctrl.exe C:\Programmi\Norton AntiVirus\navapsvc.exe C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe C:\Programmi\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLSched.exe C:\WINDOWS\Explorer.EXE C:\Programmi\Synaptics\SynTP\SynTPLpr.exe C:\Programmi\Synaptics\SynTP\SynTPEnh.exe C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\WINDOWS\RTHDCPL.EXE C:\Programmi\Acer\Acer Arcade\PCMService.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\acer\epm\epm-dm.exe C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE C:\Programmi\File comuni\Symantec Shared\ccApp.exe C:\Programmi\HP\HP Software Update\HPWuSchd2.exe C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\Temp\oyna1.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\MSN Messenger\MsnMsgr.Exe C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\Programmi\Messenger\msmsgs.exe C:\DOCUME~1\Admin\IMPOST~1\Temp\Directory temporanea 1 per hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Programmi\Web Accelerator\components\NOWImaging.dll (file missing) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll O2 - BHO: Class - {DA39029C-D291-A968-3FF4-D0990D5CB5FC} - C:\Programmi\LinkOptimizer\LinkOptimizer.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [PCMService] "C:\Programmi\Acer\Acer Arcade\PCMService.exe" O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [Systems] C:\WINDOWS\system32\sysmon.exe O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [oyna1.exe] C:\WINDOWS\Temp\oyna1.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O15 - Trusted Zone: www.archiviosex.net O15 - Trusted Zone: www.redfunny.com O15 - Trusted Zone: www.skymasters.biz O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/M...pDownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{035DB4F8-61C3-4799-9CF3-084EF24BB021}: NameServer = 193.70.152.25 193.70.192.25 O17 - HKLM\System\CS1\Services\Tcpip\..\{035DB4F8-61C3-4799-9CF3-084EF24BB021}: NameServer = 193.70.152.25 193.70.192.25 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: aTDK - Unknown owner - \\?\C:\Programmi\con.exe (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmi\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: EvtEng - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: RegSrvc - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe |
|
|
|
11-06-2006, 13:50
|
#4 |
|
Senior Member
Iscritto dal: Nov 2001
Città: Bastia Umbra (PG)
Messaggi: 6395
|
teoricamente chiuderei il thread e ti direi di leggere qui
http://www.hwupgrade.it/forum/showthread.php?t=1142673 tuttavia controlla che tu non abbia su C:\programmi un file nascosto e di color verde con un nome casuale. fammi sapere se ce l'hai, in caso si tratta di una strana infezione della quale ancora non sono riuscito a ricavarne il sample
__________________
:: Il miglior argomento contro la democrazia è una conversazione di cinque minuti con l'elettore medio :: Ultima modifica di eraser : 11-06-2006 alle 13:53. |
|
|
|
11-06-2006, 13:56
|
#5 | |
|
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28983
|
Quote:
|
|
|
|
|
11-06-2006, 13:57
|
#6 | |
|
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28983
|
Quote:
|
|
|
|
|
11-06-2006, 14:14
|
#7 |
|
Senior Member
Iscritto dal: Nov 2001
Città: Bastia Umbra (PG)
Messaggi: 6395
|
se il file sotto programmi non e' presente posso chiudere
il thread in rilievo aiuterá tranquillamente a risolvere i problemi
__________________
:: Il miglior argomento contro la democrazia è una conversazione di cinque minuti con l'elettore medio :: |
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 04:57.
