|
|||||||
|
|
|
 |
|
|
Strumenti |
15-04-2006, 03:15
|
#2021 | |
|
Senior Member
Iscritto dal: Mar 2004
Città: piombino-santa tecla
Messaggi: 377
|
Quote:
Scan saved at 3.12.40, on 15/04/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Sygate\SPF\smc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\cisvc.exe C:\Programmi\ewido anti-malware\ewidoctrl.exe C:\Programmi\ewido anti-malware\ewidoguard.exe C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\mqsvc.exe C:\WINDOWS\system32\rundll32.exe C:\Programmi\ONSPEED\onspeedcore.exe C:\Programmi\QuickTime\qttask.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\System32\mqtgsvc.exe C:\Programmi\Synaptics\SynTP\SynTPLpr.exe C:\Programmi\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe C:\Programmi\ONSPEED\onspeedgui.exe C:\Programmi\OpenOffice.org 2.0\program\soffice.exe C:\Programmi\OpenOffice.org 2.0\program\soffice.BIN C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\Programmi\Mozilla Firefox\firefox.exe C:\Programmi\WinRAR\WinRAR.exe C:\DOCUME~1\andrea\IMPOST~1\Temp\Rar$EX00.047\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Programmi\ONSPEED\PBHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: ONSPEED - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Programmi\ONSPEED\Toolband.dll O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [SlipStream] "C:\Programmi\ONSPEED\onspeedcore.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programmi\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: ONSPEED.lnk = C:\Programmi\ONSPEED\onspeedgui.exe O8 - Extra context menu item: Mostra immagine originale - res://C:\Programmi\ONSPEED\gui_resource.dll/328 O8 - Extra context menu item: Mostra le immagini originali - res://C:\Programmi\ONSPEED\gui_resource.dll/327 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{F164C3A6-C100-40EB-8D45-D30C2507EF1B}: NameServer = 212.245.255.2 212.141.84.12 O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido anti-malware\ewidoguard.exe O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Sygate Personal Firewall Pro - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe O23 - Service: Windows Log - Unknown - C:\WINDOWS\system32\nvsvcd.exe ..va bene cosi?...scusate ragazzi ma sono inesperto al massimo per queste cose....è questo quello che dovevo postare?
__________________
non è che mi faccia paura la morte.solo che non voglio esserci quando succederà.....w l'america... |
|
|
|
|
15-04-2006, 03:27
|
#2022 | |
|
Senior Member
Iscritto dal: Mar 2004
Città: piombino-santa tecla
Messaggi: 377
|
Quote:
__________________
non è che mi faccia paura la morte.solo che non voglio esserci quando succederà.....w l'america... |
|
|
|
|
|
15-04-2006, 09:31
|
#2023 |
|
Senior Member
Iscritto dal: Mar 2006
Città: Saluzzo (Cuneo) - Trattative ok: 51
Messaggi: 3656
|
nn me ne inendo di queste cose ma era capitato anche a me un pasticcio del genere
 pero nn saprei dirti cosa puoi eliminare... quell'ssms.exe xo nn mi convince.... pero nn so assicurarti che sia quello prova a fare una scansione in modalità provvisoria con nod32 trial... a me aveva aiutato a eliminare qualcosa 
|
|
|
|
|
15-04-2006, 12:14
|
#2024 | |
|
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28983
|
Quote:
|
|
|
|
|
|
15-04-2006, 12:15
|
#2025 | |
|
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28983
|
Quote:
|
|
|
|
|
|
15-04-2006, 12:27
|
#2026 | |
|
Senior Member
Iscritto dal: Sep 2005
Città: Opinions are like assholes: anybody has one...
Messaggi: 34290
|
Quote:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400 O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w O23 - Service: Windows Log - Unknown - C:\WINDOWS\system32\nvsvcd.exe e poi visto che mi sono imbattuto nella ricerca in un caso analogo leggi qui e vedi se ti può aiutare: http://www.p2pforum.it/forum/showpos...36&postcount=8
__________________
Ну давай !! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Cina, bugiardo - stolen conto: non paghi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . NON CERCO PIU' UN ALIMENTATORE DECENTE ----------------> LINK |
|
|
|
|
|
15-04-2006, 12:44
|
#2027 |
|
Senior Member
Iscritto dal: May 2005
Messaggi: 444
|
problema con ewido
ciao...ho qualche problema con ewido perchè , intanto nn riesco a fare gli aggiornamenti , mi dice impossibile la connessione , o qualcosa del genere , e poi ogni volta che faccio la scansione mi trova almeno 25 file infetti anche se dovrebbe avermeli puliti tutti , tra l'altro credo che siano sempre gli stessi file.... come posso fare?
|
|
|
|
|
15-04-2006, 14:53
|
#2028 |
|
Bannato
Iscritto dal: Nov 2005
Città: Vergate sul Membro
Messaggi: 445
|
Non capisco una voce è la quarta "R 0".
Dalla guida che ho trovata linkata qui le R 0, mi sembra che stanno a indicare le pagine iniziale del browser. Ma la pagina iniziale di IE è sempre google, così come è sempre stata (anche se io uso praticamente sempre Firefox). Il nome sembra indicare una toolbar, ma io non ne vedo e non ne ho mai intallata alcuna ne su IE ne su FF. Le scansioni con antivirus (KAV personal 5.0.391 e Bitdefender 8 free) non segnalano nulla e nemmeno Ewido. Anche le O 16 non mi sono chiare i non ho nessun antivirus della Symantec non l'ho mai avuto. Che faccio fixo o non fixo ?  Grazie.Ciao. Logfile of HijackThis v1.99.1 Scan saved at 14.40.27, on 15/04/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programmi\ewido\security suite\ewidoctrl.exe C:\WINDOWS\System32\GEARSec.exe C:\Programmi\Symantec\Norton Ghost\Agent\PQV2iSvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\dslagent.exe C:\WINDOWS\system32\GSICON.EXE C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programmi\Softwin\BitDefender8\bdmcon.exe C:\Programmi\Softwin\BitDefender8\bdnagent.exe C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe C:\Programmi\Raxco\PerfectDisk\PDSched.exe C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe C:\WINDOWS\system32\wuauclt.exe C:\Programmi\Mozilla Firefox\firefox.exe C:\Documents and Settings\Luca\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender8\bdmcon.exe" O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programmi\Softwin\BitDefender8\bdnagent.exe" O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{108523CE-B95C-4795-8B41-17AE48055C7E}: NameServer = 85.37.17.4 85.38.28.70 O17 - HKLM\System\CS1\Services\Tcpip\..\{108523CE-B95C-4795-8B41-17AE48055C7E}: NameServer = 85.37.17.4 85.38.28.70 O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: kavsvc - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Programmi\Symantec\Norton Ghost\Agent\PQV2iSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDSched.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) Ultima modifica di Babbo Natale : 15-04-2006 alle 15:05. |
|
|
|
|
15-04-2006, 17:42
|
#2029 | |
|
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28983
|
Quote:
|
|
|
|
|
|
15-04-2006, 21:18
|
#2030 |
|
Senior Member
Iscritto dal: Oct 2005
Messaggi: 1395
|
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
Abbastanza sospetto Abbastanza sospetto Questa pagina potrebbe essere nociva. Voto dei visitatori: 3 (Neutral) mi dite se è da fixare questa voce? grazie |
|
|
|
|
15-04-2006, 22:02
|
#2031 | |
|
Senior Member
Iscritto dal: Mar 2004
Città: piombino-santa tecla
Messaggi: 377
|
Quote:
__________________
non è che mi faccia paura la morte.solo che non voglio esserci quando succederà.....w l'america... |
|
|
|
|
|
15-04-2006, 23:47
|
#2032 | |
|
Senior Member
Iscritto dal: Sep 2005
Città: Opinions are like assholes: anybody has one...
Messaggi: 34290
|
Quote:
ce l'ho anch'io.... è normale.... l'analizzatore on line lo si prenda con beneficio....
__________________
Ну давай !! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Cina, bugiardo - stolen conto: non paghi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . NON CERCO PIU' UN ALIMENTATORE DECENTE ----------------> LINK |
|
|
|
|
|
15-04-2006, 23:48
|
#2033 | |
|
Senior Member
Iscritto dal: Sep 2005
Città: Opinions are like assholes: anybody has one...
Messaggi: 34290
|
Quote:
ti avevo anche risposto http://www.hwupgrade.it/forum/showpo...postcount=2026
__________________
Ну давай !! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Cina, bugiardo - stolen conto: non paghi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . NON CERCO PIU' UN ALIMENTATORE DECENTE ----------------> LINK |
|
|
|
|
|
15-04-2006, 23:50
|
#2034 |
|
Senior Member
Iscritto dal: Sep 2005
Città: Opinions are like assholes: anybody has one...
Messaggi: 34290
|
2x
__________________
Ну давай !! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Cina, bugiardo - stolen conto: non paghi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . NON CERCO PIU' UN ALIMENTATORE DECENTE ----------------> LINK Ultima modifica di Stev-O : 16-04-2006 alle 14:49. |
|
|
|
|
15-04-2006, 23:51
|
#2035 | |
|
Senior Member
Iscritto dal: Sep 2005
Città: Opinions are like assholes: anybody has one...
Messaggi: 34290
|
Quote:
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k e disattivare la segnalazione errori di windows
__________________
Ну давай !! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Cina, bugiardo - stolen conto: non paghi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . NON CERCO PIU' UN ALIMENTATORE DECENTE ----------------> LINK |
|
|
|
|
|
15-04-2006, 23:51
|
#2036 | |
|
Senior Member
Iscritto dal: Sep 2005
Città: Opinions are like assholes: anybody has one...
Messaggi: 34290
|
Quote:
 
__________________
Ну давай !! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Cina, bugiardo - stolen conto: non paghi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . NON CERCO PIU' UN ALIMENTATORE DECENTE ----------------> LINK |
|
|
|
|
|
16-04-2006, 14:25
|
#2037 |
|
Senior Member
Iscritto dal: Mar 2004
Città: piombino-santa tecla
Messaggi: 377
|
...facendo la prova sygate ora....pensi che la porta 22 me la troverà chiusa ora?...poi mi hai detto una volta che il mio s.o. era un colabrodo...come posso rimediare a cio'?
__________________
non è che mi faccia paura la morte.solo che non voglio esserci quando succederà.....w l'america... |
|
|
|
|
16-04-2006, 14:48
|
#2038 |
|
Senior Member
Iscritto dal: Sep 2005
Città: Opinions are like assholes: anybody has one...
Messaggi: 34290
|
formattando & reinstallando il tutto
__________________
Ну давай !! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Cina, bugiardo - stolen conto: non paghi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . NON CERCO PIU' UN ALIMENTATORE DECENTE ----------------> LINK |
|
|
|
|
16-04-2006, 15:01
|
#2039 |
|
Member
Iscritto dal: Oct 2004
Messaggi: 39
|
Controllo log hijack
Scusatemi, mi avete già aiutato una volta, ora ho installato la sp2, mi date un'occhiata al log di hijackthis?
Appena ho tempo cerco di imparare a interpretarlo da solo. Grazie Logfile of HijackThis v1.99.1 Scan saved at 14.54.38, on 16/04/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe C:\Programmi\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\system32\HPConfig.exe C:\Programmi\HPQ\Notebook Utilities\HPWirelessMgr.exe C:\PROGRA~1\Iomega\System32\AppServices.exe C:\Programmi\Norton AntiVirus\navapsvc.exe C:\Siemens\Step7\S7BIN\s7asysvx.exe C:\Programmi\File comuni\Siemens\S7IEPG\s7oiehsx.exe C:\Programmi\Norton AntiVirus\SAVScan.exe C:\WINDOWS\System32\sim9sync.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\System32\bcmwltry.exe C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe C:\Programmi\Iomega\AutoDisk\ADService.exe C:\Programmi\File comuni\Siemens\sws\almsrv\almsrvx.exe C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\carpserv.exe C:\Programmi\HPQ\One-Touch\OneTouch.EXE C:\Programmi\Synaptics\SynTP\SynTPLpr.exe C:\Programmi\Synaptics\SynTP\SynTPEnh.exe C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Programmi\File comuni\Symantec Shared\ccApp.exe C:\Programmi\Iomega\AutoDisk\ADUserMon.exe C:\Programmi\Iomega\DriveIcons\ImgIcon.exe C:\Programmi\File comuni\Siemens\S7ubtoox\s7ubtstx.exe C:\Programmi\Hewlett-Packard\OrderReminder\OrderReminder.exe C:\Programmi\Java\jre1.5.0\bin\jusched.exe C:\Programmi\Softwin\BitDefender8\bdmcon.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Messenger\msmsgs.exe C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe C:\Programmi\File comuni\Siemens\S7ubtoox\S7ubtoox.exe C:\Programmi\Telecom Italia Media\Fast 800-840 Tin.it\dslmon.exe C:\Programmi\StopDialers\StopDialers.exe C:\PROGRAMMI\FILE COMUNI\SIEMENS\SQLANY\dbsrv7.exe C:\Documents and Settings\me\Desktop\Documenti Tecnici\Installazioni\HiJack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [QT4HPOT] C:\Programmi\HPQ\One-Touch\OneTouch.EXE O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Display Settings] C:\Programmi\HPQ\Notebook Utilities\hptasks.exe /s O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programmi\File comuni\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ADUserMon] C:\Programmi\Iomega\AutoDisk\ADUserMon.exe O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Programmi\Iomega\DriveIcons\ImgIcon.exe O4 - HKLM\..\Run: [Deskup] C:\Programmi\Iomega\DriveIcons\deskup.exe /IMGSTART O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [S7UB Start] "C:\Programmi\File comuni\Siemens\S7ubtoox\s7ubtstx.exe" -StartDB O4 - HKLM\..\Run: [OrderReminder] C:\Programmi\Hewlett-Packard\OrderReminder\OrderReminder.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender8\bdmcon.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Stop Dialers.lnk = C:\Programmi\StopDialers\StopDialers.exe O4 - Global Startup: DSLMON.lnk = C:\Programmi\Telecom Italia Media\Fast 800-840 Tin.it\dslmon.exe O4 - Global Startup: updspl.lnk = C:\Programmi\PDF4free\updspl\updspl.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h20278.www2.hp.com/HPISWeb/C...ataManager.CAB O17 - HKLM\System\CCS\Services\Tcpip\..\{1209619D-DBEE-436A-9589-95BBD227B70C}: NameServer = 212.151.136.246 130.244.127.169 O17 - HKLM\System\CS2\Services\Tcpip\..\{1209619D-DBEE-436A-9589-95BBD227B70C}: NameServer = 212.151.136.246 130.244.127.169 O18 - Protocol: stibo - {FFAD3420-6D61-44F6-BA25-293F17152D79} - C:\Programmi\File comuni\Stibo\RS_ProtocolHandler.dll O23 - Service: Automation License Manager Service (almservice) - SIEMENS AG - C:\Programmi\File comuni\Siemens\sws\almsrv\almsrvx.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe O23 - Service: windows file explorer (explorer) - Unknown owner - C:\WINDOWS\ssms.exe (file missing) O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Programmi\HPQ\Notebook Utilities\HPWirelessMgr.exe O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe O23 - Service: S7 Global Services (s7asysvx) - SIEMENS AG - C:\Siemens\Step7\S7BIN\s7asysvx.exe O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\Programmi\File comuni\Siemens\S7IEPG\s7oiehsx.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: SIMATIC NET Synchronization Service (Sim9Sync) - Siemens AG - C:\WINDOWS\System32\sim9sync.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Programmi\Iomega\AutoDisk\ADService.exe |
|
|
|
|
16-04-2006, 15:07
|
#2040 | |
|
Senior Member
Iscritto dal: Sep 2005
Città: Opinions are like assholes: anybody has one...
Messaggi: 34290
|
Quote:
O23 - Service: windows file explorer (explorer) - Unknown owner - C:\WINDOWS\ssms.exe (file missing) e aggiorna java runtime
__________________
Ну давай !! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Cina, bugiardo - stolen conto: non paghi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . NON CERCO PIU' UN ALIMENTATORE DECENTE ----------------> LINK |
|
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 17:01.
