|
|||||||
|
|
|
 |
|
|
Strumenti |
16-06-2005, 06:28
|
#1 |
|
Senior Member
Iscritto dal: Nov 2001
Città: Vercelli
Messaggi: 478
|
Trojan svchos1at.exe..........
Non riesco a rimuovere il trojan svchos1at.exe..........consigli?
Grazie
__________________
Asus A7V8X-X, Amd Athlon XP 2500+ Barton 512 Kb, 333 Fsb ,1024 Mb DDR PC 2700, Ati 1650 XT, Win Xp Professional, Samsung Syncmaster 2032 MW 20" |
|
|
|
17-06-2005, 04:18
|
#2 |
|
Member
Iscritto dal: Jun 2005
Città: Firenze
Messaggi: 102
|
Prova con un Antivirus, aggiornalo ovviamente prima, se il problema persiste prova con una scansione online. Se non risolvi nemmeno con la scansione online vai qui http://kobemaster.altervista.org/php...p?t=66&start=0 e cerca la parola svchos1at.exe nel testo. Vi sono altri consigli dati per un utente infettato come te.
Saluti, gRullo[Oo] ps=non dirmi che avevi gia cercato su google : http://www.google.it/search?hl=it&q=...a=lr%3Dlang_it
__________________
Slackware GNU/Linux Kernel 2.6.16.14 - "When you get Serious"  Linux User: #391618 | Machine n°: #292440 | Get your FirefoX RTFM: /R·T·F·M/, imp. (Unix) Abbreviation for ‘Read The Fucking Manual’"If you don't know something, that one can damage you." ( K. D. M. )
 |
|
|
|
|
18-06-2005, 02:41
|
#3 |
|
Senior Member
Iscritto dal: Nov 2001
Città: Varese
Messaggi: 1461
|
disabilita il ripristino del sistema poi fai una scansione in mod provvisoria con antivirus e antispy aggiornati poi posta il log di hijackthis
__________________
Quando l'agnello aprì il quarto sigillo udì una voce che diceva vieni e apparve a lui un cavallo pallido il suo cavaliere si chiamava morte dietro di lui l'inferno...  Le uniche donne che vengono sedotte sono quelle che non hanno desiderio di offrirsi
|
|
|
|
|
18-06-2005, 07:18
|
#4 |
|
Senior Member
Iscritto dal: Nov 2001
Città: Vercelli
Messaggi: 478
|
Ecco il log............l'antivirus non ha trovato niente.......
Logfile of HijackThis v1.99.1 Scan saved at 8.11.56, on 18/06/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programmi\WinRAR\WinRAR.exe C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\Rar$EX00.468\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.virgilio.it/free R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: DAPBHO Class - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - D:\Dap\DAP\DAPIEBar.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: CDllBho Object - {5A5B6916-ED71-4531-8018-E792DD44156E} - C:\WINDOWS\sdasa.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Norton Antivirus 2004\NavShExt.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programmi\TGTSoft\StyleXP\TGT_BHO.dll O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\Dap\DAP\DAPIEBar.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Norton Antivirus 2004\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe O4 - HKLM\..\Run: [TkBellExe] C:\Programmi\File comuni\Real\Update_OB\realsched.exe -osboot O4 - HKLM\..\Run: [CloneCDElbyCDFL] "D:\CloneCD 4\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "D:\Riva tuner\RivaTuner\RivaTuner.exe" /S O4 - HKLM\..\Run: [LonghornClock] C:\WINDOWS\Resources\Themes\DameK UltraBlue\Longhorn Clock\Clock.lnk O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WIN USB 2.0] winusb.exe O4 - HKLM\..\Run: [Real One Player] realone.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [zBrowser Launcher] D:\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [JVM0.14] C:\WINDOWS\System32\stfemaiq.exe O4 - HKLM\..\Run: [SvcH0st] C:\WINDOWS\svchst.exe /i O4 - HKLM\..\Run: [HDAudio Driver] C:\WINDOWS\System32\grlg.exe O4 - HKLM\..\Run: [firewall] C:\WINDOWS\avsoft.exe /i O4 - HKLM\..\RunServices: [WIN USB 2.0] winusb.exe O4 - HKLM\..\RunServices: [Real One Player] realone.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE O4 - Global Startup: NaturalColorLoad.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\DAP\DAP\DAP.EXE O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.virgilio.it/free O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/co...rolLite_EN.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...a/LSSupCtl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1118349090830 O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - D:\Norton Antivirus 2004\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - D:\Norton Antivirus 2004\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe O23 - Service: StyleXPService - Unknown owner - C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
__________________
Asus A7V8X-X, Amd Athlon XP 2500+ Barton 512 Kb, 333 Fsb ,1024 Mb DDR PC 2700, Ati 1650 XT, Win Xp Professional, Samsung Syncmaster 2032 MW 20" |
|
|
|
|
18-06-2005, 08:01
|
#5 |
|
Senior Member
Iscritto dal: May 2005
Città: Palermo
Messaggi: 6390
|
Ciao Mavettor, da una rapida occhiata al tuo log mi sembra che tu abbia parecchie schifezze sul pc soprattutto molte toolbars e alcuni bho. Ti consiglio di disinstallare il Dap che contiene spywares ed eventualmente ti cerchi un programma analogo ma pulito. Oltre all'antivirus fai una bella scansione in modalita' provvisoria con Adaware e Spybot aggiornati. Disabilita il ripristino di sistema prima.
|
|
|
|
|
18-06-2005, 14:22
|
#6 | |
|
Senior Member
Iscritto dal: Nov 2001
Città: Varese
Messaggi: 1461
|
Quote:
R3 - Default URLSearchHook is missing O2 - BHO: DAPBHO Class - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - D:\Dap\DAP\DAPIEBar.dll O2 - BHO: CDllBho Object - {5A5B6916-ED71-4531-8018-E792DD44156E} - C:\WINDOWS\sdasa.dll (file missing) O4 - HKLM\..\Run: [JVM0.14] C:\WINDOWS\System32\stfemaiq.exe O4 - HKLM\..\Run: [SvcH0st] C:\WINDOWS\svchst.exe /i O4 - Global Startup: NaturalColorLoad.lnk = ? quelle che non riesci a fixare nrmalmente falle in provvisoria
__________________
Quando l'agnello aprì il quarto sigillo udì una voce che diceva vieni e apparve a lui un cavallo pallido il suo cavaliere si chiamava morte dietro di lui l'inferno... Le uniche donne che vengono sedotte sono quelle che non hanno desiderio di offrirsi
|
|
|
|
|
|
18-06-2005, 14:58
|
#7 | |
|
Senior Member
Iscritto dal: Nov 2001
Città: Vercelli
Messaggi: 478
|
Quote:
__________________
Asus A7V8X-X, Amd Athlon XP 2500+ Barton 512 Kb, 333 Fsb ,1024 Mb DDR PC 2700, Ati 1650 XT, Win Xp Professional, Samsung Syncmaster 2032 MW 20" |
|
|
|
|
|
18-06-2005, 20:27
|
#8 |
|
Senior Member
Iscritto dal: Nov 2001
Città: Vercelli
Messaggi: 478
|
Altro problema.........devo riloggarmi ogni volta in tutti i siti dove mi chiedono user name e password..............
__________________
Asus A7V8X-X, Amd Athlon XP 2500+ Barton 512 Kb, 333 Fsb ,1024 Mb DDR PC 2700, Ati 1650 XT, Win Xp Professional, Samsung Syncmaster 2032 MW 20" |
|
|
|
|
18-06-2005, 21:25
|
#9 |
|
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28978
|
R3 - Default URLSearchHook is missing
O2 - BHO: CDllBho Object - {5A5B6916-ED71-4531-8018-E792DD44156E} - C:\WINDOWS\sdasa.dll (file missing) O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - O4 - HKLM\..\Run: [WIN USB 2.0] winusb.exe O4 - HKLM\..\Run: [JVM0.14] C:\WINDOWS\System32\stfemaiq.exe O4 - HKLM\..\Run: [SvcH0st] C:\WINDOWS\svchst.exe /i O4 - HKLM\..\Run: [HDAudio Driver] C:\WINDOWS\System32\grlg.exe O4 - HKLM\..\Run: [firewall] C:\WINDOWS\avsoft.exe /i O4 - HKLM\..\RunServices: [WIN USB 2.0] winusb.exe O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\DAP\DAP\DAP.EXE O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll prova con questi
|
|
|
|
|
20-06-2005, 07:08
|
#10 | |
|
Senior Member
Iscritto dal: Nov 2001
Città: Vercelli
Messaggi: 478
|
Quote:
GRAZIE!!!!!!!!!!!! Adesso tutto a posto! 
__________________
Asus A7V8X-X, Amd Athlon XP 2500+ Barton 512 Kb, 333 Fsb ,1024 Mb DDR PC 2700, Ati 1650 XT, Win Xp Professional, Samsung Syncmaster 2032 MW 20" |
|
|
|
|
|
20-06-2005, 07:47
|
#11 | |
|
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28978
|
Quote:
|
|
|
|
|
|
20-06-2005, 20:58
|
#12 |
|
Senior Member
Iscritto dal: Nov 2001
Città: Vercelli
Messaggi: 478
|
Porca Pippetta, a posto per niente..................mi devo riloggare in tutti i siti dove chiedono una user ID ed una password......questo ad esempio, il Corriere della Sera. etc..............cosa devo fare?
Help me, please!
__________________
Asus A7V8X-X, Amd Athlon XP 2500+ Barton 512 Kb, 333 Fsb ,1024 Mb DDR PC 2700, Ati 1650 XT, Win Xp Professional, Samsung Syncmaster 2032 MW 20" |
|
|
|
|
20-06-2005, 21:39
|
#13 |
|
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28978
|
usi firefox?
Ultima modifica di juninho85 : 20-06-2005 alle 21:42. |
|
|
|
|
03-07-2005, 19:56
|
#14 |
|
Junior Member
Iscritto dal: Jan 2005
Città: Trinacria
Messaggi: 7
|
Aiuto Trojan
Un saluto a tutti i partecipanti e oprattutto al moderatore del forum.
Il mio problema: quando mi connetto ad Internet Norton Antivirus rileva la presenza di un Ttrojan in svchos1at.exe. Ho effettuato alcune scansioni sotto Win anche in modalità provvisoria ma il prb persiste. Ho effettuato una scansione con HijackThis v1.99.1 e questo è il logfile. Vi prego di aiutarmi se possibile:  grazie a tuttiLogfile of HijackThis v1.99.1 Scan saved at 19.48.21, on 03/07/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\bmwebcfg.exe C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programmi\Norton SystemWorks\Norton Antivirus\navapsvc.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE C:\WINDOWS\system32\svchost.exe c:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe C:\Programmi\Synaptics\SynTP\SynTPLpr.exe C:\Programmi\Synaptics\SynTP\SynTPEnh.exe C:\Programmi\HP\hpcoretech\hpcmpmgr.exe C:\Programmi\Norton SystemWorks\Norton Antivirus\SAVScan.exe C:\WINDOWS\system32\hphmon05.exe C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe C:\WINDOWS\vsnpstd.exe C:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe C:\Programmi\File comuni\InterVideo\SchSvr\SchSvr.exe C:\Programmi\InterVideo\Common\Bin\WinRemote.exe C:\Programmi\File comuni\Symantec Shared\ccApp.exe C:\Programmi\PaperPort\pptd40nt.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Programmi\HP\HP Software Update\HPWuSchd2.exe C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Programmi\iTunes\iTunesHelper.exe C:\WINDOWS\system32\otfgzjn.exe C:\Programmi\iPod\bin\iPodService.exe C:\WINDOWS\fw_304.exe C:\Programmi\Microsoft AntiSpyware\gcasServ.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\HP\hpcoretech\comp\hptskmgr.exe C:\WINDOWS\fw_304.exe C:\Programmi\Microsoft AntiSpyware\gcasDtServ.exe C:\Programmi\Hijackthis 1.99.1\HijackThis.exe C:\Programmi\Messenger\msmsgs.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tin.it R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton SystemWorks\Norton Antivirus\NavShExt.dll O3 - Toolbar: Vista HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Programmi\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton SystemWorks\Norton Antivirus\NavShExt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPHUPD05] C:\hp\tmp\src\psptr\Patch\Uninst\HPHupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [FLMBROWSEMOUSE] C:\Programmi\Trust\Ami Mouse 250S Series 2.0\mouse32a.exe O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [msnappau] "C:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe" O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Programmi\File comuni\InterVideo\SchSvr\SchSvr.exe" O4 - HKLM\..\Run: [WINREMOTE] C:\Programmi\InterVideo\Common\Bin\WinRemote.exe O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [PaperPort PTD] C:\Programmi\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Programmi\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [{4FD4C989-FA02-4743-A1FD-7FC2CABB244A}] "C:\Programmi\tin.it\Fast\bmoc" -d O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [HDAudio Driver] C:\WINDOWS\system32\otfgzjn.exe O4 - HKLM\..\Run: [Communicator] C:\WINDOWS\fw_304.exe /i O4 - HKLM\..\Run: [gcasServ] "C:\Programmi\Microsoft AntiSpyware\gcasServ.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BackupNotify] C:\Programmi\HP\Digital Imaging\bin\backupnotify.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'bmnet.dll' missing O14 - IERESET.INF: START_PAGE_URL=http://www.tin.it O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?Link...04&clcid=0x409 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/ca...ail/DASAct.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\SHARED\HPQWMI.exe O23 - Service: Servizio iPod (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton SystemWorks\Norton Antivirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton SystemWorks\Norton Antivirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
__________________
Le noci sono buone ma...prima bisogna aprirle! 
|
|
|
|
|
03-07-2005, 20:39
|
#15 | |
|
Senior Member
Iscritto dal: Nov 2001
Città: Varese
Messaggi: 1461
|
Quote:
cmq: C:\WINDOWS\system32\bmwebcfg.exe C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe C:\WINDOWS\vsnpstd.exe C:\WINDOWS\system32\otfgzjn.exe C:\WINDOWS\fw_304.exe C:\WINDOWS\fw_304.exe O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O3 - Toolbar: Vista HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Programmi\HP\Digital Imaging\bin\HPDTLK02.dll O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [HDAudio Driver] C:\WINDOWS\system32\otfgzjn.exe O4 - HKLM\..\Run: [Communicator] C:\WINDOWS\fw_304.exe /i O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe poi dai un occhiata a queste voci se hai dei software istallati che fanno riferimento a loro(sono due o tre stringhe) ok per il resto fixare tutto
__________________
Quando l'agnello aprì il quarto sigillo udì una voce che diceva vieni e apparve a lui un cavallo pallido il suo cavaliere si chiamava morte dietro di lui l'inferno... Le uniche donne che vengono sedotte sono quelle che non hanno desiderio di offrirsi
|
|
|
|
|
|
03-07-2005, 21:04
|
#16 |
|
Senior Member
Iscritto dal: May 2005
Città: Palermo
Messaggi: 6390
|
Fixa:
C:\WINDOWS\vsnpstd.exe C:\WINDOWS\system32\otfgzjn.exe C:\WINDOWS\fw_304.exe O3 - Toolbar: Vista HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Programmi\HP\Digital Imaging\bin\HPDTLK02.dll O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [HDAudio Driver] C:\WINDOWS\system32\otfgzjn.exe O4 - HKLM\..\Run: [Communicator] C:\WINDOWS\fw_304.exe /i O10 - Broken Internet access because of LSP provider 'bmnet.dll' missing Se non conosci queste 2 voci fixale: C:\WINDOWS\system32\bmwebcfg.exe O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe Ultima modifica di andorra24 : 03-07-2005 alle 21:06. |
|
|
|
|
03-07-2005, 21:52
|
#17 |
|
Junior Member
Iscritto dal: Jan 2005
Città: Trinacria
Messaggi: 7
|
Grazie per i consigli. Credo purtroppo di avere perso un msg privato. Se qlc mi ha postato potrebbe rifarlo. Grazie
__________________
Le noci sono buone ma...prima bisogna aprirle!
|
|
|
|
|
03-07-2005, 23:14
|
#19 | |
|
Senior Member
Iscritto dal: Jun 2003
Città: "Mantua me genuit" Trattative concluse: 1 fracco!!! Devianze: MacTard iMac 27" i5 2,8Ghz 4GB IPHONE 5 32GB Black Iscritto dal: Nov 2002
Messaggi: 4426
|
Quote:
 Se intendi "BHO" significa "Browser Helper Object" e identifica prog o file malevoli o benevoli che modificano la configurazione e le impostazioni del browser. |
|
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 18:13.
