HiJackThis - Analisi Log - leggere Regole di Sezione - Pagina 75

Codename47 · 07-03-2006, 14:45

Quote:

Originariamente inviato da juninho85

passali un pò di siti pornazzi....al resto ci pensiamo noi

Già oggi gli telefono e gli dico qualche sito "giusto", così è troppo pulito il suo pc, addirittura ha detto che nell'elenco delle connessioni ora non ha più quelle con le iniziali xxx!

(zar)sheva · 07-03-2006, 15:10

mi date una controllata al log seguente grazie:
Logfile of HijackThis v1.99.1
Scan saved at 16.07.03, on 07/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\Programmi\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Windows Media Player\wmplayer.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\File Vari\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avast.com/i_kat_207.php?lang=ENG
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {9E8D69E3-1A91-E0A5-E4EC-6A6E2BCECF30} - C:\DOCUME~1\manuel\DATIAP~1\Curbooze\Bash Exit.exe (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [four grid] C:\DOCUME~1\manuel\DATIAP~1\SITENA~1\city comp.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1139763570875
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.filelodge.com/ImageUploader3.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido anti-malware\ewidoguard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe

juninho85 · 07-03-2006, 15:14

Quote:

Originariamente inviato da (zar)sheva

O2 - BHO: (no name) - {9E8D69E3-1A91-E0A5-E4EC-6A6E2BCECF30} - C:\DOCUME~1\manuel\DATIAP~1\Curbooze\Bash Exit.exe (file missing)
O4 - HKCU\..\Run: [four grid] C:\DOCUME~1\manuel\DATIAP~1\SITENA~1\city comp.exe

elimina

(zar)sheva · 07-03-2006, 15:19

Quote:

Originariamente inviato da juninho85

elimina

fatto grazie il resto e' pulito?

juninho85 · 07-03-2006, 15:23

si

(zar)sheva · 07-03-2006, 19:49

mi date una controllatina,questo e' il mio quello di oggi era di mio fratello:
ogfile of HijackThis v1.99.1
Scan saved at 20.48.13, on 07/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
E:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\Programmi\Canon\MultiPASS4\MPSERVIC.EXE
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmi\Raxco\PerfectDisk\PDSched.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ASUS\Probe\ASUSPROB.EXE
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Canon\MultiPASS4\MPDBMgr.exe
C:\Programmi\Internet Explorer\iexplore.exe
E:\FILE VARI\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] E:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - RES://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - E:\PROGRAMMI\BELKIN\SOFTWARE BLUETOOTH\BTSENDTO_IE_CTX.HTM
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\PROGRAMMI\BELKIN\SOFTWARE BLUETOOTH\BTSENDTO_IE.HTM
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\PROGRAMMI\BELKIN\SOFTWARE BLUETOOTH\BTSENDTO_IE.HTM
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1159562153828
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - F:\Programmi\Belkin\Software Bluetooth\bin\btwdins.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - E:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MpService - Canon Inc. - C:\Programmi\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: Creative PD0620 RunApp Service (PD0620Srv) - Creative Technology Ltd. - C:\WINDOWS\system32\P0620Srv.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - E:\Programmi\Sygate\SPF\smc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

wgator · 07-03-2006, 20:11

Ciao,

log regolare. Non cancellare il file missing relativo al bluetooth.

juninho85 · 07-03-2006, 20:13

Quote:

Originariamente inviato da (zar)sheva

.

pulito

gmarck · 07-03-2006, 20:25

Ciao a tutti,
Ho avuto di recente un po’ di problemi con Adware vari l’ultimo rimasto secondo Ewido è MidAddle, riesco a togliere tutte le chiavi infette in due scansioni, ma poi quando riavvio me le ritrovo tutte 72!
Naturalmente ho disabilitato il ripristino configurazione del sistema.
Dopo averlo tolto con ewido mi sono collegato ad internet e mi è entrata una valanga di pocheria forse c’è qualcos’altro.
Se mi potete dare una mano questo è il log di Hijeackthis
Grazie in anticipo

Logfile of HijackThis v1.99.1
Scan saved at 21.14.42, on 07/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Programmi\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Siemens\Step7\S7BIN\s7asysvx.exe
C:\Programmi\File comuni\Siemens\S7IEPG\s7oiehsx.exe
C:\Programmi\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\sim9sync.exe
C:\WINDOWS\System32\carpserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\HPQ\One-Touch\OneTouch.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Iomega\AutoDisk\ADService.exe
C:\Programmi\File comuni\Siemens\sws\almsrv\almsrvx.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Iomega\AutoDisk\ADUserMon.exe
C:\Programmi\Iomega\DriveIcons\ImgIcon.exe
C:\Programmi\File comuni\Siemens\S7ubtoox\s7ubtstx.exe
C:\Programmi\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Programmi\Java\jre1.5.0\bin\jusched.exe
C:\Programmi\Softwin\BitDefender8\bdmcon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Microsoft Office\Office\OSA.EXE
C:\Programmi\Telecom Italia Media\Fast 800-840 Tin.it\dslmon.exe
C:\Programmi\Nikon\NkView4\NkVwMon.exe
C:\Programmi\Microsoft Office\Office\FINDFAST.EXE
C:\Programmi\StopDialers\StopDialers.exe
C:\PROGRAMMI\FILE COMUNI\SIEMENS\SQLANY\dbsrv7.exe
C:\Programmi\Microsoft Office\Office\Winword.exe
C:\Documents and Settings\me\Desktop\Documenti Tecnici\Installazioni\HiJack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [QT4HPOT] C:\Programmi\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Display Settings] C:\Programmi\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programmi\File comuni\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\disgwe.exe
O4 - HKLM\..\Run: [OEM32 Tools] sres32.exe
O4 - HKLM\..\Run: [Windows System Configuration] C:\WINDOWS\SYSCFG16.EXE
O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINDOWS\SYSCFG16.EXE
O4 - HKLM\..\Run: [Sepate Security Firewall] sepate.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Programmi\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Programmi\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Programmi\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [S7UB Start] "C:\Programmi\File comuni\Siemens\S7ubtoox\s7ubtstx.exe" -StartDB
O4 - HKLM\..\Run: [OrderReminder] C:\Programmi\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [system_service] drivers32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Programmi\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\RunServices: [Microsoft Fileroller Manager] fileroller.exe
O4 - HKLM\..\RunServices: [Start Uppings] mssupdate.exe
O4 - HKLM\..\RunServices: [Sepate Security Firewall] sepate.exe
O4 - HKLM\..\RunServices: [OEM32 Tools] sres32.exe
O4 - HKLM\..\RunServices: [system_service] drivers32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Fileroller Manager] fileroller.exe
O4 - HKCU\..\Run: [Start Uppings] mssupdate.exe
O4 - HKCU\..\Run: [OEM32 Tools] sres32.exe
O4 - HKCU\..\Run: [Sepate Security Firewall] sepate.exe
O4 - HKCU\..\Run: [services32] C:\Programmi\File comuni\Windows\mc-110-12-0000228.exe
O4 - HKCU\..\Run: [ioqr] C:\PROGRA~1\FILECO~1\ioqr\ioqrm.exe
O4 - HKCU\..\RunServices: [Start Uppings] mssupdate.exe
O4 - Startup: Stop Dialers.lnk = C:\Programmi\StopDialers\StopDialers.exe
O4 - Global Startup: Avvio Office.lnk = C:\Programmi\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: DSLMON.lnk = C:\Programmi\Telecom Italia Media\Fast 800-840 Tin.it\dslmon.exe
O4 - Global Startup: NkVwMon.exe.lnk = C:\Programmi\Nikon\NkView4\NkVwMon.exe
O4 - Global Startup: Ricerca rapida.lnk = C:\Programmi\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: updspl.lnk = C:\Programmi\PDF4free\updspl\updspl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h20278.www2.hp.com/HPISWeb/C...ataManager.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: stibo - {FFAD3420-6D61-44F6-BA25-293F17152D79} - C:\Programmi\File comuni\Stibo\RS_ProtocolHandler.dll
O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-316290B5B738} - (no file)
O23 - Service: Automation License Manager Service (almservice) - SIEMENS AG - C:\Programmi\File comuni\Siemens\sws\almsrv\almsrvx.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Li4\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Programmi\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: OPCEnum (OpcEnum) - Unknown owner - C:\Programmi\File comuni\OPC Foundation\OPCENUM.EXE (file missing)
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: S7 Global Services (s7asysvx) - SIEMENS AG - C:\Siemens\Step7\S7BIN\s7asysvx.exe
O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\Programmi\File comuni\Siemens\S7IEPG\s7oiehsx.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SIMATIC NET Synchronization Service (Sim9Sync) - Siemens AG - C:\WINDOWS\System32\sim9sync.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Programmi\Iomega\AutoDisk\ADService.exe

(zar)sheva · 07-03-2006, 20:39

Quote:

Originariamente inviato da wgator

Ciao,

log regolare. Non cancellare il file missing relativo al bluetooth.

grazie mille sempre efficientissimi

andorra24 · 07-03-2006, 20:42

X gmarck

Fixa:
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\disgwe.exe
O4 - HKLM\..\Run: [OEM32 Tools] sres32.exe
O4 - HKLM\..\Run: [Windows System Configuration] C:\WINDOWS\SYSCFG16.EXE
O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINDOWS\SYSCFG16.EXE
O4 - HKLM\..\Run: [Sepate Security Firewall] sepate.exe
O4 - HKLM\..\Run: [system_service] drivers32.exe
O4 - HKLM\..\RunServices: [Microsoft Fileroller Manager] fileroller.exe
O4 - HKLM\..\RunServices: [Start Uppings] mssupdate.exe
O4 - HKLM\..\RunServices: [Sepate Security Firewall] sepate.exe
O4 - HKLM\..\RunServices: [OEM32 Tools] sres32.exe
O4 - HKLM\..\RunServices: [system_service] drivers32.exe
O4 - HKCU\..\Run: [Microsoft Fileroller Manager] fileroller.exe
O4 - HKCU\..\Run: [Start Uppings] mssupdate.exe
O4 - HKCU\..\Run: [OEM32 Tools] sres32.exe
O4 - HKCU\..\Run: [Sepate Security Firewall] sepate.exe
O4 - HKCU\..\Run: [services32] C:\Programmi\File comuni\Windows\mc-110-12-0000228.exe
O4 - HKCU\..\Run: [ioqr] C:\PROGRA~1\FILECO~1\ioqr\ioqrm.exe
O4 - HKCU\..\RunServices: [Start Uppings] mssupdate.exe
O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-316290B5B738} - (no file)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Li4\command.exe (file missing)
O23 - Service: OPCEnum (OpcEnum) - Unknown owner - C:\Programmi\File comuni\OPC Foundation\OPCENUM.EXE (file missing)
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe (file missing)

juninho85 · 07-03-2006, 20:44

Quote:

Originariamente inviato da gmarck

O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\disgwe.exe
O4 - HKLM\..\Run: [OEM32 Tools] sres32.exe
O4 - HKLM\..\Run: [Windows System Configuration] C:\WINDOWS\SYSCFG16.EXE
O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINDOWS\SYSCFG16.EXE
O4 - HKLM\..\Run: [Sepate Security Firewall] sepate.exe

O4 - HKLM\..\RunServices: [Microsoft Fileroller Manager] fileroller.exe
O4 - HKLM\..\RunServices: [Start Uppings] mssupdate.exe
O4 - HKLM\..\RunServices: [Sepate Security Firewall] sepate.exe
O4 - HKLM\..\RunServices: [OEM32 Tools] sres32.exe
O4 - HKLM\..\RunServices: [system_service] drivers32.exe
O4 - HKCU\..\Run: [Microsoft Fileroller Manager] fileroller.exe
O4 - HKCU\..\Run: [Start Uppings] mssupdate.exe
O4 - HKCU\..\Run: [OEM32 Tools] sres32.exe
O4 - HKCU\..\Run: [Sepate Security Firewall] sepate.exe
O4 - HKCU\..\Run: [services32] C:\Programmi\File comuni\Windows\mc-110-12-0000228.exe
O4 - HKCU\..\Run: [ioqr] C:\PROGRA~1\FILECO~1\ioqr\ioqrm.exe
O4 - HKCU\..\RunServices: [Start Uppings] mssupdate.exe
O
O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-316290B5B738} - (no file)

bel putanun

Stev-O · 07-03-2006, 22:08

Quote:

Originariamente inviato da gmarck

Ciao a tutti,
Ho avuto di recente un po’ di problemi con Adware vari l’ultimo rimasto secondo Ewido è MidAddle, riesco a togliere tutte le chiavi infette in due scansioni, ma poi quando riavvio me le ritrovo tutte 72!
Naturalmente ho disabilitato il ripristino configurazione del sistema.
Dopo averlo tolto con ewido mi sono collegato ad internet e mi è entrata una valanga di pocheria forse c’è qualcos’altro.
Se mi potete dare una mano...

chissà perchè wgator si dilegua sempre quando ci sono questi logs

wgator · 08-03-2006, 07:32

Quote:

Originariamente inviato da Stev-O

chissà perchè wgator si dilegua sempre quando ci sono questi logs

Ciao,

devo controllare due sezioni (in una sono solo), leggo (quasi) tutti i thread con relativi post (centinaia di messaggi al giorno in Networking), devo rispondere a 5/6 pvt al giorno (non sempre riesco con tutti) devo anche lavorare e in più ho una famiglia con moglie annessa...

I log, se non li analizzate prima voi, nel giro di qualche ora lo faccio io... ma come ripeto, se Andorra ci riesce in 3 minuti, a me ci vuole un quarto d'ora, tanto ci ho messo ieri sera a controllare quello di gmarck. Naturalmente quando sono andato per rispondere, prima ho fatto il refresh ed ho trovato i posts di Andorra e di juninho85...

Volete il mio sangue? Dove sta scritto che un mod deve essere un martire? Nel regolamento?

Mathasu · 08-03-2006, 09:19

Sono inesperto, questo è il mio log.
Mi sapreste dire se è tutto ok?
Grazie
-------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10.12.04, on 08/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Artel\Arca2000SqlLM\ArcaSqlLM.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\Programmi\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\System32\svchost.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmi\RealVNC\VNC4\WinVNC4.exe
C:\Programmi\File comuni\System\MSSearch\Bin\mssearch.exe
C:\Programmi\Trend Micro\OfficeScan Client\ofcdog.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Microsoft Firewall Client\ISATRAY.EXE
C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\MICROS~4\OFFICE11\OUTLOOK.EXE
C:\Programmi\Microsoft Office2003\OFFICE11\WINWORD.EXE
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\Messenger\msmsgs.exe
C:\PROGRA~1\MICROS~3\Office\MSACCESS.EXE
C:\totalcmd\TOTALCMD.EXE
C:\WINDOWS\System32\dllhost.exe
C:\Programmi\Microsoft Visual Studio\Vfp98\VFP6.EXE
\?\C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Alberto\Microdesign\Utility\Sicurezza\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.11:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: Manuali.net toolbar - {4a418b38-1af6-4a36-9745-c4a63c10761d} - C:\Programmi\Manuali.net\tbManu.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programmi\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [msnappau] "C:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Eventi.lnk = ?
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Programmi\Microsoft Firewall Client\ISATRAY.EXE
O4 - Global Startup: Gestione servizi.lnk = C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Google Search - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Programmi\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1118386664165
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = microdesign.local
O17 - HKLM\Software\..\Telephony: DomainName = microdesign.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = microdesign.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = microdesign.local
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O23 - Service: Arca Evolution Licenser (ArcaEvolutionLicenser) - Artel Software House - C:\Programmi\Artel\Arca2000SqlLM\ArcaSqlLM.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programmi\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Programmi\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programmi\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

juninho85 · 08-03-2006, 09:25

Quote:

Originariamente inviato da Mathasu

O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab

elimina

Mathasu · 08-03-2006, 09:33

Quote:

Originariamente inviato da juninho85

elimina

Fatto.
Il resto, tutto ok?

juninho85 · 08-03-2006, 09:43

Quote:

Originariamente inviato da Mathasu

Fatto.
Il resto, tutto ok?

si

juninho85 · 08-03-2006, 10:06

link utile

steam-roller · 08-03-2006, 11:00

Ciao a tutti!
Ho effettuato le scansioni con i seguenti programmi: Spybot S&D, Lavasoft Ad-Aware, Microsoft AntiSpyware, Ewido Anti-Malware, Avg Free antivirus;
tali software non hanno riscontrato nessuna minaccia. Vorrei aver la certezza di non essere infetto. Questo è il log di hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 11.41.16, on 08/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Programmi\USB Storage RW\shwicon.exe
C:\HP\KBD\KBD.EXE
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\programmi\softwin\bitdefender8\bdnagent.exe
C:\WINDOWS\System32\LVComS.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\Shareaza\Shareaza.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.aliceadsl.it/home
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Toolbar Suite\TB\02.05.0000.1082\it-it\msntb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Toolbar Suite\TB\02.05.0000.1082\it-it\msntb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Programmi\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmi\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmi\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmi\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [gcasServ] "C:\Programmi\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [BDNewsAgent] "c:\programmi\softwin\bitdefender8\bdnagent.exe"
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKCU\..\RunOnce: [Index Washer] C:\Programmi\Webroot\Washer\WashIdx.exe "Proprietario"
O4 - Global Startup: hp center.lnk = C:\Programmi\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Programmi\MSN Toolbar Suite\DS\02.05.0001.1119\it-it\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Programmi\MSN Toolbar Suite\TB\02.05.0000.1082\it-it\msntb.dll/search.htm
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\MSN Toolbar Suite\TAB\02.05.0001.1119\it-it\msntabres.dll/230?11316cf24ea34272a9be50c0dca02059
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\MSN Toolbar Suite\TAB\02.05.0001.1119\it-it\msntabres.dll/229?11316cf24ea34272a9be50c0dca02059
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con il Wizard di LeechGet - file://C:\Programmi\LeechGet 2005\\Wizard.html
O8 - Extra context menu item: Scarica con LeechGet - file://C:\Programmi\LeechGet 2005\\AddUrl.html
O8 - Extra context menu item: Scarica pagina con LeechGet - file://C:\Programmi\LeechGet 2005\\Parser.html
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra button: Alice - {B4EC20D1-AE4A-4FE6-955D-12C3FF1BB0E7} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1131205226812
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F143F5B-82F1-4C1A-8CE8-B2A111AAD787}: NameServer = 85.37.17.11 85.38.28.69
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB2023EA-F40F-4982-A795-25AA7119C0BF}: NameServer = 217.141.250.206,151.99.125.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3F143F5B-82F1-4C1A-8CE8-B2A111AAD787}: NameServer = 85.37.17.11 85.38.28.69
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PMService - Unknown owner - C:\Programmi\richcomm\PowerManagerII\PMService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

07-03-2006, 15:10	#1482
(zar)sheva Senior Member Iscritto dal: Jan 2006 Città: Lainate(Mi) Messaggi: 5645	mi date una controllata al log seguente grazie: Logfile of HijackThis v1.99.1 Scan saved at 16.07.03, on 07/03/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe C:\Programmi\Alwil Software\Avast4\ashServ.exe C:\Programmi\ewido anti-malware\ewidoctrl.exe C:\Programmi\ewido anti-malware\ewidoguard.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe c:\progra~1\intern~1\iexplore.exe C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\Programmi\Alwil Software\Avast4\ashWebSv.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\system32\HPZipm12.exe C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Programmi\MSN Messenger\msnmsgr.exe C:\Programmi\Windows Media Player\wmplayer.exe C:\Programmi\eMule\emule.exe C:\Programmi\Internet Explorer\iexplore.exe C:\File Vari\hijackthis_199\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avast.com/i_kat_207.php?lang=ENG R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {9E8D69E3-1A91-E0A5-E4EC-6A6E2BCECF30} - C:\DOCUME~1\manuel\DATIAP~1\Curbooze\Bash Exit.exe (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKCU\..\Run: [four grid] C:\DOCUME~1\manuel\DATIAP~1\SITENA~1\city comp.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: officejet 6100.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1139763570875 O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.filelodge.com/ImageUploader3.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido anti-malware\ewidoguard.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe __________________ PSN: gian73ska

07-03-2006, 19:49	#1486
(zar)sheva Senior Member Iscritto dal: Jan 2006 Città: Lainate(Mi) Messaggi: 5645	mi date una controllatina,questo e' il mio quello di oggi era di mio fratello: ogfile of HijackThis v1.99.1 Scan saved at 20.48.13, on 07/03/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe E:\Programmi\Sygate\SPF\smc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe C:\Programmi\Alwil Software\Avast4\ashServ.exe E:\Programmi\ewido anti-malware\ewidoctrl.exe C:\Programmi\Canon\MultiPASS4\MPSERVIC.EXE C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Programmi\Raxco\PerfectDisk\PDSched.exe C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programmi\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\ASUS\Probe\ASUSPROB.EXE C:\Programmi\Outlook Express\msimn.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\Canon\MultiPASS4\MPDBMgr.exe C:\Programmi\Internet Explorer\iexplore.exe E:\FILE VARI\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SmcService] E:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O8 - Extra context menu item: E&sporta in Microsoft Excel - RES://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Invia a &Bluetooth - E:\PROGRAMMI\BELKIN\SOFTWARE BLUETOOTH\BTSENDTO_IE_CTX.HTM O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\PROGRAMMI\BELKIN\SOFTWARE BLUETOOTH\BTSENDTO_IE.HTM O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\PROGRAMMI\BELKIN\SOFTWARE BLUETOOTH\BTSENDTO_IE.HTM O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1159562153828 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Bluetooth Service (btwdins) - Unknown owner - F:\Programmi\Belkin\Software Bluetooth\bin\btwdins.exe (file missing) O23 - Service: ewido security suite control - ewido networks - E:\Programmi\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: MpService - Canon Inc. - C:\Programmi\Canon\MultiPASS4\MPSERVIC.EXE O23 - Service: Creative PD0620 RunApp Service (PD0620Srv) - Creative Technology Ltd. - C:\WINDOWS\system32\P0620Srv.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDSched.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - E:\Programmi\Sygate\SPF\smc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe __________________ PSN: gian73ska

07-03-2006, 20:11	#1487
wgator Senior Member Iscritto dal: Mar 2004 Città: Rimini Messaggi: 10296	Ciao, log regolare. Non cancellare il file missing relativo al bluetooth. __________________ sometimes they come back * Life Happens! - (Professionista I.T. - Tecnico Telecomunicazioni) Latitude E6420 I7 2760QM SSD Crucial M4-512GB --- Tecra R840 I5 2520M SSD Samsung 830-256GB --- Macbook Pro 13,3"** I5 2435M SSD Samsung 830-256GB

07-03-2006, 20:25	#1489
gmarck Member Iscritto dal: Oct 2004 Messaggi: 39	Log Ciao a tutti, Ho avuto di recente un po’ di problemi con Adware vari l’ultimo rimasto secondo Ewido è MidAddle, riesco a togliere tutte le chiavi infette in due scansioni, ma poi quando riavvio me le ritrovo tutte 72! Naturalmente ho disabilitato il ripristino configurazione del sistema. Dopo averlo tolto con ewido mi sono collegato ad internet e mi è entrata una valanga di pocheria forse c’è qualcos’altro. Se mi potete dare una mano questo è il log di Hijeackthis Grazie in anticipo Logfile of HijackThis v1.99.1 Scan saved at 21.14.42, on 07/03/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Programmi\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\system32\HPConfig.exe C:\Programmi\HPQ\Notebook Utilities\HPWirelessMgr.exe C:\PROGRA~1\Iomega\System32\AppServices.exe C:\WINDOWS\Explorer.EXE C:\Programmi\Norton AntiVirus\navapsvc.exe C:\Siemens\Step7\S7BIN\s7asysvx.exe C:\Programmi\File comuni\Siemens\S7IEPG\s7oiehsx.exe C:\Programmi\Norton AntiVirus\SAVScan.exe C:\WINDOWS\System32\sim9sync.exe C:\WINDOWS\System32\carpserv.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\HPQ\One-Touch\OneTouch.EXE C:\WINDOWS\System32\WLTRYSVC.EXE C:\Programmi\Synaptics\SynTP\SynTPLpr.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\System32\bcmwltry.exe C:\Programmi\Synaptics\SynTP\SynTPEnh.exe C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programmi\Iomega\AutoDisk\ADService.exe C:\Programmi\File comuni\Siemens\sws\almsrv\almsrvx.exe C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Programmi\File comuni\Symantec Shared\ccApp.exe C:\Programmi\Iomega\AutoDisk\ADUserMon.exe C:\Programmi\Iomega\DriveIcons\ImgIcon.exe C:\Programmi\File comuni\Siemens\S7ubtoox\s7ubtstx.exe C:\Programmi\Hewlett-Packard\OrderReminder\OrderReminder.exe C:\Programmi\Java\jre1.5.0\bin\jusched.exe C:\Programmi\Softwin\BitDefender8\bdmcon.exe C:\WINDOWS\System32\ctfmon.exe C:\Programmi\Messenger\msmsgs.exe C:\Programmi\Microsoft Office\Office\OSA.EXE C:\Programmi\Telecom Italia Media\Fast 800-840 Tin.it\dslmon.exe C:\Programmi\Nikon\NkView4\NkVwMon.exe C:\Programmi\Microsoft Office\Office\FINDFAST.EXE C:\Programmi\StopDialers\StopDialers.exe C:\PROGRAMMI\FILE COMUNI\SIEMENS\SQLANY\dbsrv7.exe C:\Programmi\Microsoft Office\Office\Winword.exe C:\Documents and Settings\me\Desktop\Documenti Tecnici\Installazioni\HiJack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [QT4HPOT] C:\Programmi\HPQ\One-Touch\OneTouch.EXE O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Display Settings] C:\Programmi\HPQ\Notebook Utilities\hptasks.exe /s O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programmi\File comuni\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\disgwe.exe O4 - HKLM\..\Run: [OEM32 Tools] sres32.exe O4 - HKLM\..\Run: [Windows System Configuration] C:\WINDOWS\SYSCFG16.EXE O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINDOWS\SYSCFG16.EXE O4 - HKLM\..\Run: [Sepate Security Firewall] sepate.exe O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [ADUserMon] C:\Programmi\Iomega\AutoDisk\ADUserMon.exe O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Programmi\Iomega\DriveIcons\ImgIcon.exe O4 - HKLM\..\Run: [Deskup] C:\Programmi\Iomega\DriveIcons\deskup.exe /IMGSTART O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [S7UB Start] "C:\Programmi\File comuni\Siemens\S7ubtoox\s7ubtstx.exe" -StartDB O4 - HKLM\..\Run: [OrderReminder] C:\Programmi\Hewlett-Packard\OrderReminder\OrderReminder.exe O4 - HKLM\..\Run: [system_service] drivers32.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [UnlockerAssistant] C:\Programmi\Unlocker\UnlockerAssistant.exe O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender8\bdmcon.exe" O4 - HKLM\..\RunServices: [Microsoft Fileroller Manager] fileroller.exe O4 - HKLM\..\RunServices: [Start Uppings] mssupdate.exe O4 - HKLM\..\RunServices: [Sepate Security Firewall] sepate.exe O4 - HKLM\..\RunServices: [OEM32 Tools] sres32.exe O4 - HKLM\..\RunServices: [system_service] drivers32.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Microsoft Fileroller Manager] fileroller.exe O4 - HKCU\..\Run: [Start Uppings] mssupdate.exe O4 - HKCU\..\Run: [OEM32 Tools] sres32.exe O4 - HKCU\..\Run: [Sepate Security Firewall] sepate.exe O4 - HKCU\..\Run: [services32] C:\Programmi\File comuni\Windows\mc-110-12-0000228.exe O4 - HKCU\..\Run: [ioqr] C:\PROGRA~1\FILECO~1\ioqr\ioqrm.exe O4 - HKCU\..\RunServices: [Start Uppings] mssupdate.exe O4 - Startup: Stop Dialers.lnk = C:\Programmi\StopDialers\StopDialers.exe O4 - Global Startup: Avvio Office.lnk = C:\Programmi\Microsoft Office\Office\OSA.EXE O4 - Global Startup: DSLMON.lnk = C:\Programmi\Telecom Italia Media\Fast 800-840 Tin.it\dslmon.exe O4 - Global Startup: NkVwMon.exe.lnk = C:\Programmi\Nikon\NkView4\NkVwMon.exe O4 - Global Startup: Ricerca rapida.lnk = C:\Programmi\Microsoft Office\Office\FINDFAST.EXE O4 - Global Startup: updspl.lnk = C:\Programmi\PDF4free\updspl\updspl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h20278.www2.hp.com/HPISWeb/C...ataManager.CAB O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O18 - Protocol: stibo - {FFAD3420-6D61-44F6-BA25-293F17152D79} - C:\Programmi\File comuni\Stibo\RS_ProtocolHandler.dll O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-316290B5B738} - (no file) O23 - Service: Automation License Manager Service (almservice) - SIEMENS AG - C:\Programmi\File comuni\Siemens\sws\almsrv\almsrvx.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Li4\command.exe (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Programmi\HPQ\Notebook Utilities\HPWirelessMgr.exe O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe O23 - Service: OPCEnum (OpcEnum) - Unknown owner - C:\Programmi\File comuni\OPC Foundation\OPCENUM.EXE (file missing) O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe (file missing) O23 - Service: S7 Global Services (s7asysvx) - SIEMENS AG - C:\Siemens\Step7\S7BIN\s7asysvx.exe O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\Programmi\File comuni\Siemens\S7IEPG\s7oiehsx.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: SIMATIC NET Synchronization Service (Sim9Sync) - Siemens AG - C:\WINDOWS\System32\sim9sync.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Programmi\Iomega\AutoDisk\ADService.exe

08-03-2006, 09:19	#1495
Mathasu Junior Member Iscritto dal: Mar 2006 Messaggi: 2	Il mio log Sono inesperto, questo è il mio log. Mi sapreste dire se è tutto ok? Grazie ------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 10.12.04, on 08/03/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Artel\Arca2000SqlLM\ArcaSqlLM.exe C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe C:\Programmi\Trend Micro\OfficeScan Client\ntrtscan.exe C:\WINDOWS\System32\svchost.exe C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Programmi\Trend Micro\OfficeScan Client\tmlisten.exe C:\WINDOWS\system32\wdfmgr.exe C:\Programmi\RealVNC\VNC4\WinVNC4.exe C:\Programmi\File comuni\System\MSSearch\Bin\mssearch.exe C:\Programmi\Trend Micro\OfficeScan Client\ofcdog.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Programmi\Trend Micro\OfficeScan Client\pccntmon.exe C:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Microsoft Firewall Client\ISATRAY.EXE C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\PROGRA~1\MICROS~4\OFFICE11\OUTLOOK.EXE C:\Programmi\Microsoft Office2003\OFFICE11\WINWORD.EXE C:\Programmi\Outlook Express\msimn.exe C:\Programmi\Messenger\msmsgs.exe C:\PROGRA~1\MICROS~3\Office\MSACCESS.EXE C:\totalcmd\TOTALCMD.EXE C:\WINDOWS\System32\dllhost.exe C:\Programmi\Microsoft Visual Studio\Vfp98\VFP6.EXE \?\C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Alberto\Microdesign\Utility\Sicurezza\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.11:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.5000.1021\it\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.5000.1021\it\msntb.dll O3 - Toolbar: Manuali.net toolbar - {4a418b38-1af6-4a36-9745-c4a63c10761d} - C:\Programmi\Manuali.net\tbManu.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programmi\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [msnappau] "C:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Eventi.lnk = ? O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Programmi\Microsoft Firewall Client\ISATRAY.EXE O4 - Global Startup: Gestione servizi.lnk = C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: &Google Search - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Si&milar Pages - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Programmi\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1118386664165 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = microdesign.local O17 - HKLM\Software\..\Telephony: DomainName = microdesign.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = microdesign.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = microdesign.local O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll O23 - Service: Arca Evolution Licenser (ArcaEvolutionLicenser) - Artel Software House - C:\Programmi\Artel\Arca2000SqlLM\ArcaSqlLM.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing) O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programmi\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Programmi\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programmi\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

07-03-2006, 15:23	#1485
juninho85 Bannato Iscritto dal: Mar 2004 Città: Galapagos Attenzione:utente flautolente,tienilo a mente Messaggi: 28978	si

07-03-2006, 20:42	#1491
andorra24 Senior Member Iscritto dal: May 2005 Città: Palermo Messaggi: 6390	X gmarck Fixa: O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\disgwe.exe O4 - HKLM\..\Run: [OEM32 Tools] sres32.exe O4 - HKLM\..\Run: [Windows System Configuration] C:\WINDOWS\SYSCFG16.EXE O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINDOWS\SYSCFG16.EXE O4 - HKLM\..\Run: [Sepate Security Firewall] sepate.exe O4 - HKLM\..\Run: [system_service] drivers32.exe O4 - HKLM\..\RunServices: [Microsoft Fileroller Manager] fileroller.exe O4 - HKLM\..\RunServices: [Start Uppings] mssupdate.exe O4 - HKLM\..\RunServices: [Sepate Security Firewall] sepate.exe O4 - HKLM\..\RunServices: [OEM32 Tools] sres32.exe O4 - HKLM\..\RunServices: [system_service] drivers32.exe O4 - HKCU\..\Run: [Microsoft Fileroller Manager] fileroller.exe O4 - HKCU\..\Run: [Start Uppings] mssupdate.exe O4 - HKCU\..\Run: [OEM32 Tools] sres32.exe O4 - HKCU\..\Run: [Sepate Security Firewall] sepate.exe O4 - HKCU\..\Run: [services32] C:\Programmi\File comuni\Windows\mc-110-12-0000228.exe O4 - HKCU\..\Run: [ioqr] C:\PROGRA~1\FILECO~1\ioqr\ioqrm.exe O4 - HKCU\..\RunServices: [Start Uppings] mssupdate.exe O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-316290B5B738} - (no file) O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Li4\command.exe (file missing) O23 - Service: OPCEnum (OpcEnum) - Unknown owner - C:\Programmi\File comuni\OPC Foundation\OPCENUM.EXE (file missing) O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe (file missing)

08-03-2006, 10:06	#1499
juninho85 Bannato Iscritto dal: Mar 2004 Città: Galapagos Attenzione:utente flautolente,tienilo a mente Messaggi: 28978	link utile

08-03-2006, 11:00	#1500
steam-roller Senior Member Iscritto dal: Dec 2005 Messaggi: 310	Ciao a tutti! Ho effettuato le scansioni con i seguenti programmi: Spybot S&D, Lavasoft Ad-Aware, Microsoft AntiSpyware, Ewido Anti-Malware, Avg Free antivirus; tali software non hanno riscontrato nessuna minaccia. Vorrei aver la certezza di non essere infetto. Questo è il log di hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 11.41.16, on 08/03/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Programmi\ewido anti-malware\ewidoctrl.exe C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\wwSecure.exe C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\Programmi\USB Storage RW\shwicon.exe C:\HP\KBD\KBD.EXE C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe C:\programmi\softwin\bitdefender8\bdnagent.exe C:\WINDOWS\System32\LVComS.exe C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Programmi\Shareaza\Shareaza.exe C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe C:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.aliceadsl.it/home R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it7.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Toolbar Suite\TB\02.05.0000.1082\it-it\msntb.dll O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Toolbar Suite\TB\02.05.0000.1082\it-it\msntb.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [KYE_Showicon] "C:\Programmi\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW" O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [StorageGuard] "C:\Programmi\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmi\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmi\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [gcasServ] "C:\Programmi\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [BDNewsAgent] "c:\programmi\softwin\bitdefender8\bdnagent.exe" O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon O4 - HKCU\..\RunOnce: [Index Washer] C:\Programmi\Webroot\Washer\WashIdx.exe "Proprietario" O4 - Global Startup: hp center.lnk = C:\Programmi\hp center\137903\Program\BackWeb-137903.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: officejet 6100.lnk = ? O4 - Global Startup: Windows Desktop Search.lnk = C:\Programmi\MSN Toolbar Suite\DS\02.05.0001.1119\it-it\bin\WindowsSearch.exe O8 - Extra context menu item: &MSN Search - res://C:\Programmi\MSN Toolbar Suite\TB\02.05.0000.1082\it-it\msntb.dll/search.htm O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\MSN Toolbar Suite\TAB\02.05.0001.1119\it-it\msntabres.dll/230?11316cf24ea34272a9be50c0dca02059 O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\MSN Toolbar Suite\TAB\02.05.0001.1119\it-it\msntabres.dll/229?11316cf24ea34272a9be50c0dca02059 O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Scarica con il Wizard di LeechGet - file://C:\Programmi\LeechGet 2005\\Wizard.html O8 - Extra context menu item: Scarica con LeechGet - file://C:\Programmi\LeechGet 2005\\AddUrl.html O8 - Extra context menu item: Scarica pagina con LeechGet - file://C:\Programmi\LeechGet 2005\\Parser.html O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE O9 - Extra button: Alice - {B4EC20D1-AE4A-4FE6-955D-12C3FF1BB0E7} - http://gw.aliceadsl.it/alice (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home O15 - Trusted Zone: http://download.windowsupdate.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1131205226812 O17 - HKLM\System\CCS\Services\Tcpip\..\{3F143F5B-82F1-4C1A-8CE8-B2A111AAD787}: NameServer = 85.37.17.11 85.38.28.69 O17 - HKLM\System\CCS\Services\Tcpip\..\{FB2023EA-F40F-4982-A795-25AA7119C0BF}: NameServer = 217.141.250.206,151.99.125.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{3F143F5B-82F1-4C1A-8CE8-B2A111AAD787}: NameServer = 85.37.17.11 85.38.28.69 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: PMService - Unknown owner - C:\Programmi\richcomm\PowerManagerII\PMService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Strumenti
Mostra una versione stampabile Invia questa pagina per email