HiJackThis - Analisi Log - leggere Regole di Sezione

[tavano10]

Quote:

Originariamente inviato da wizard1993

io lo uso, non è male, apparte 117 mb di memoria usata; comunque

un po'pesantino...me ne sono accorto..
tra avg e f-secure su cosa resteresti?

[nExOo]

Quote:

Originariamente inviato da giannola

allora il rootkit è un altro si chiama pe386 meglio conosciuto come rustock

usa questo tool in modalità provvisoria http://www.suspectfile.com/upload/fi...s/Rustbfix.exe

poi cerca

rosdsswn.exe
aojmlcpi.exe
lzx32.sys

Cancella poi questa chiave di registro:
HKEY_LOCAL_MACHINE\system\controlset001\services\rxprdoex

Il tool ha rilevato e rimosso il rootkit. Sembra essere tutto a posto.

Sei il mio salvatore... grazie mille!!!

[giannola]

Quote:

Originariamente inviato da tavano10

un po'pesantino...me ne sono accorto..
tra avg e f-secure su cosa resteresti?

io uso avg av + antispyware e superantispyware.

[avalu81]

Giannola quindi cosa dovrei fare con quello che mi hai inidividuato...O2BHO?

scusate ma è la prima volta che faccio sto procediemtno e non so come muovermi

[giannola]

Quote:

Originariamente inviato da avalu81

Giannola quindi cosa dovrei fare con quello che mi hai inidividuato...O2BHO?

scusate ma è la prima volta che faccio sto procediemtno e non so come muovermi

tipo magari spuntare la casellina e premere il tasto fix ?

[cicciuzzo15]

chi mi da gentilmente una controllata al log?è alcuni giorni che ho ogni tanto svchost all 99% dal task manager.....ho usato l'analizzatore ma mi dice tutto pulito ke a me sinceramente mi sembra strano....ne nod32 nè spybot da modalità provvisoria trovano nulla.x favore AIUTATEMI!!!!!

Logfile of HijackThis v1.99.1
Scan saved at 9.45.12, on 09/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\CTHELPER.EXE
C:\Programmi\digicom\Michelangelo USB ADSL\CnxDslTb.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
c:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\Programmi\SEC\MagicTune3.6_Client_pivot\GammaTray.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\ALESSA~1\IMPOST~1\Temp\Rar$EX08.828\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Programmi\digicom\Michelangelo USB ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /M "Stylus Photo R220" /EF "HKCU"
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: MagicTune3.6.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferito portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/m...s/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1153216761318
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8BCD8B8-61D5-4EAF-8305-058D18DC1E54}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe

[giannola]

Quote:

Originariamente inviato da cicciuzzo15

chi mi da gentilmente una controllata al log?è alcuni giorni che ho ogni tanto svchost all 99% dal task manager.....ho usato l'analizzatore ma mi dice tutto pulito ke a me sinceramente mi sembra strano....ne nod32 nè spybot da modalità provvisoria trovano nulla.x favore AIUTATEMI!!!!!

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab

[cicciuzzo15]

quindi ora cosa devo fare?quindi svchost è apposto, e xkè a volte quando sto su explorer e apro un video cn media player svchost schizza a 100% e mi blocca tutto il sistema e dopo 1 minuto magicamente torna tutto a posto?ho letto tutti i vari topic ma tutti hanno sintomi diversi da me e hanno adottato soluzioni ke a me nn funzionano tipo disabilitare gli aggiornamenti automatici ecc.....dammi una mano per favore te ne sarò grato a vita!!!

[cicciuzzo15]

nessuno sa aiutarmi?? vi riposto il log dopo aver corretto gli errori!

Logfile of HijackThis v1.99.1
Scan saved at 10.45.07, on 09/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\CTHELPER.EXE
C:\Programmi\digicom\Michelangelo USB ADSL\CnxDslTb.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
c:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\Programmi\SEC\MagicTune3.6_Client_pivot\GammaTray.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\Alessandro\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Programmi\digicom\Michelangelo USB ADSL\CnxDslTb.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /M "Stylus Photo R220" /EF "HKCU"
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: MagicTune3.6.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferito portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/m...s/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1153216761318
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8BCD8B8-61D5-4EAF-8305-058D18DC1E54}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe

[giannola]

Quote:

Originariamente inviato da cicciuzzo15

quindi ora cosa devo fare?quindi svchost è apposto, e xkè a volte quando sto su explorer e apro un video cn media player svchost schizza a 100% e mi blocca tutto il sistema e dopo 1 minuto magicamente torna tutto a posto?ho letto tutti i vari topic ma tutti hanno sintomi diversi da me e hanno adottato soluzioni ke a me nn funzionano tipo disabilitare gli aggiornamenti automatici ecc.....dammi una mano per favore te ne sarò grato a vita!!!

ok cedimi un quinto del tuo stipendio e della tua pensione.

svchost è usato per molti servizi infatti nel task manager tu hai più processi con tale nome.

http://support.microsoft.com/kb/314056

http://www.windowserver.it/LinkClick...bid=53&mid=365

questi due ti dovrebbero fare un po di chiarezza ed aiutare a scoprire quali sono i programmi che usano svchost in modo da trovare eventualmente quello incriminato.

Cmq poichè dici che la cosa non è continuata ma occasionale io ritengo che sia semplicemente un problema di uso delle risorse.

[cicciuzzo15]

ti allego una schermata dei servizi attivi su svchost!!mi potresti aiutare a trovare quelli incriminati visto ke in materia sn un profano?per il quinto della pensione ok , dello stipendio no xkè ancora nn ce l'ho mi dispiace
grazie mille per il tuo aiuto

[Xanty]

Ciao ragazzi,ho bisogno del vostro aiuto per un pc virato e non solo.
ho i log di hijack prima e dopo aver fatto un fissaggio.Ma mi sono accorta di aver eliminato un valore importante forse ip del router poichè, dal computer in questione ,non si puo piu accedere ad internet mentre dagli altri pc connessi in rete si .
Dunque dovrei eliminare questi trojan e ripristinare la connessione ad internet

vi posto i log

prima del fissaggio:

Logfile of HijackThis v1.99.1
Scan saved at 0.20.51, on 01/01/2001
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAMMI\FILE COMUNI\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
C:\PROGRAMMI\FILE COMUNI\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\SCANJET\PRECISIONSCANLT\HPPWRSAV.EXE
C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAMMI\CLAMWIN\BIN\CLAMTRAY.EXE
C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\PROGRAMMI\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAMMI\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAMMI\SPYWARE DOCTOR\SWDOCTOR.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\VEXPLITE\VIRITEXP.EXE
C:\PROGRAMMI\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F1 - win.ini: run=hpfsched
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Magic Install...] D:\SETUP.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exe
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\FILECO~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAMMI\FILE COMUNI\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
O4 - HKLM\..\RunServices: [avast!] C:\Programmi\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAMMI\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmi\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\RunServices: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\RunServices: [SpySweeper] C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\RunServices: [msnmsgr] "C:\PROGRAMMI\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\RunServices: [Spyware Doctor] "C:\Programmi\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - http://ricercaperfetta.com/ (file missing)
O9 - Extra 'Tools' menuitem: Loghi e suonerie - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - http://ricercaperfetta.com/ (file missing)
O9 - Extra button: Sfondi Computer - {FF4D2994-6575-4F03-A5C6-6559C8793A06} - c:\Sfondi Computer.exe (file missing)
O9 - Extra 'Tools' menuitem: Sfondi Computer - {FF4D2994-6575-4F03-A5C6-6559C8793A06} - c:\Sfondi Computer.exe (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 212.216.172.62,212.216.112.112



dopo il fissaggio:


Logfile of HijackThis v1.99.1
Scan saved at 2.06.25, on 01/01/2001
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAMMI\FILE COMUNI\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
C:\PROGRAMMI\FILE COMUNI\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\SCANJET\PRECISIONSCANLT\HPPWRSAV.EXE
C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAMMI\CLAMWIN\BIN\CLAMTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\PROGRAMMI\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAMMI\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAMMI\SPYWARE DOCTOR\SWDOCTOR.EXE
C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASHSIMPL.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAMMI\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F1 - win.ini: run=hpfsched
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Magic Install...] D:\SETUP.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exe
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\FILECO~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAMMI\FILE COMUNI\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
O4 - HKLM\..\RunServices: [avast!] C:\Programmi\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAMMI\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmi\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\RunServices: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\RunServices: [SpySweeper] C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\RunServices: [msnmsgr] "C:\PROGRAMMI\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\RunServices: [Spyware Doctor] "C:\Programmi\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL



vi posto anche il resoconto di virt:
VirIT Lite Monitor: Lista dei programmi e servizi in esecuzione automatica

Sistema Operativo: Microsoft Windows ME

1 - 01/01/2001 - 00:13:12
0
TaskMonitor
C:\WINDOWS\taskmon.exe
Stato: File TROVATO

2 - 01/01/2001 - 00:13:12
0
PCHealth
C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
Stato: File TROVATO

3 - 01/01/2001 - 00:13:12
0
SystemTray
SysTray.Exe
Stato: File TROVATO

4 - 01/01/2001 - 00:13:12
0
LoadPowerProfile
Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
Stato: File TROVATO

5 - 01/01/2001 - 00:13:12
0
Magic Install...
D:\SETUP.EXE
Stato: File NON trovato

6 - 01/01/2001 - 00:13:12
0
SoundMan
SOUNDMAN.EXE
Stato: File TROVATO

7 - 01/01/2001 - 00:13:12
0
LVComs
C:\WINDOWS\SYSTEM\LVComS.exe
Stato: File TROVATO

8 - 01/01/2001 - 00:13:12
0
hppwrsav
C:\SCANJET\PrecisionScanLT\hppwrsav.exe
Stato: File TROVATO

9 - 01/01/2001 - 00:13:12
0
!!!011

Stato: File NON trovato

10 - 01/01/2001 - 00:13:12
0
avast! Web Scanner
C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
Stato: File TROVATO

11 - 01/01/2001 - 00:13:12
0
LoadQM
loadqm.exe
Stato: File TROVATO

12 - 01/01/2001 - 00:13:12
0
ClamWin
"C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
Stato: File TROVATO

13 - 01/01/2001 - 00:13:12
0
MSConfigReminder
C:\WINDOWS\SYSTEM\msconfig.exe /reminder
Stato: File TROVATO

14 - 01/01/2001 - 00:13:12
0
ashMaiSv
C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
Stato: File TROVATO

15 - 01/01/2001 - 00:13:12
0
VIRIT LITE MONITOR
C:\VEXPLITE\MONLITE.EXE
Stato: File TROVATO

16 - 01/01/2001 - 00:13:12
3
LoadPowerProfile
Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
Stato: File TROVATO

17 - 01/01/2001 - 00:13:12
3
SchedulingAgent
mstask.exe
Stato: File TROVATO

18 - 01/01/2001 - 00:13:12
3
SSDPSRV
C:\WINDOWS\SYSTEM\ssdpsrv.exe
Stato: File TROVATO

19 - 01/01/2001 - 00:13:12
3
*StateMgr
C:\WINDOWS\System\Restore\StateMgr.exe
Stato: File TROVATO

20 - 01/01/2001 - 00:13:12
3
MOSearch
C:\PROGRA~1\FILECO~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
Stato: File TROVATO

21 - 01/01/2001 - 00:13:12
3
MDM7
"C:\PROGRAMMI\FILE COMUNI\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
Stato: File TROVATO

22 - 01/01/2001 - 00:13:12
3
avast!
C:\Programmi\Alwil Software\Avast4\ashServ.exe
Stato: File TROVATO

23 - 01/01/2001 - 00:13:12
5
ctfmon.exe
ctfmon.exe
Stato: File TROVATO

24 - 01/01/2001 - 00:13:12
5
SpySweeper
C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe /0
Stato: File TROVATO

25 - 01/01/2001 - 00:13:12
5
msnmsgr
"C:\PROGRAMMI\MSN MESSENGER\MSNMSGR.EXE" /background
Stato: File TROVATO

26 - 01/01/2001 - 00:13:12
5
Spyware Doctor
"C:\Programmi\Spyware Doctor\swdoctor.exe" /Q
Stato: File TROVATO

27 - 01/01/2001 - 00:13:12
7

"%1" %*
Stato: File NON trovato

28 - 01/01/2001 - 00:13:12
8

"%1" %*
Stato: File NON trovato

29 - 01/01/2001 - 00:13:12
9

"%1" %*
Stato: File NON trovato

30 - 01/01/2001 - 00:13:12
10

"%1" %*
Stato: File NON trovato

31 - 01/01/2001 - 00:13:12
11

"%1" /S
Stato: File NON trovato

32 - 01/01/2001 - 00:13:12
24
WebCheck
C:\WINDOWS\SYSTEM\WEBCHECK.DLL
Stato: File TROVATO

33 - 01/01/2001 - 00:13:12
24
UPnPMonitor
C:\WINDOWS\SYSTEM\UPNPUI.DLL
Stato: File TROVATO

34 - 01/01/2001 - 00:13:12
24
AUHook
C:\WINDOWS\SYSTEM\AUHOOK.DLL
Stato: File TROVATO

35 - 01/01/2001 - 00:13:12
34
{8E718888-423F-11D2-876E-00A0C9082467}
C:\WINDOWS\SYSTEM\MSDXM.OCX
Stato: File TROVATO

36 - 01/01/2001 - 00:13:12
35
{438755C2-A8BA-11D1-B96B-00A0C90312E1}
C:\WINDOWS\SYSTEM\BROWSEUI.DLL
Stato: File TROVATO

37 - 01/01/2001 - 00:13:12
35
{8C7461EF-2B13-11d2-BE35-3078302C2030}
C:\WINDOWS\SYSTEM\BROWSEUI.DLL
Stato: File TROVATO

38 - 01/01/2001 - 00:13:12
23
Microsoft XML Parser for Java
file://C:\WINDOWS\Java\classes\xmldso4.cab
Stato: File NON trovato

39 - 01/01/2001 - 00:13:12
23
DirectAnimation Java Classes
file://C:\WINDOWS\SYSTEM\dajava.cab
Stato: File NON trovato

40 - 01/01/2001 - 00:13:12
25
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
C:\PROGRAMMI\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
Stato: File TROVATO

41 - 01/01/2001 - 00:13:12
25
{53707962-6F74-2D53-2644-206D7942484F}
C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
Stato: File TROVATO

42 - 01/01/2001 - 00:13:12
25
{B56A7D7D-6927-48C8-A975-17DF180C71AC}
C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
Stato: File TROVATO

43 - 01/01/2001 - 00:13:12
25
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}
C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
Stato: File TROVATO

44 - 01/01/2001 - 00:13:12
26
000000000001
C:\WINDOWS\SYSTEM\rnr20.dll
Stato: File TROVATO

45 - 01/01/2001 - 00:13:12
27
000000000001
C:\WINDOWS\SYSTEM\mswsosp.dll
Stato: File TROVATO

46 - 01/01/2001 - 00:13:12
27
000000000002
C:\WINDOWS\SYSTEM\msafd.dll
Stato: File TROVATO

47 - 01/01/2001 - 00:13:12
27
000000000003
C:\WINDOWS\SYSTEM\msafd.dll
Stato: File TROVATO

48 - 01/01/2001 - 00:13:12
27
000000000004
C:\WINDOWS\SYSTEM\msafd.dll
Stato: File TROVATO

49 - 01/01/2001 - 00:13:12
27
000000000005
C:\WINDOWS\SYSTEM\rsvpsp.dll
Stato: File TROVATO

50 - 01/01/2001 - 00:13:12
27
000000000006
C:\WINDOWS\SYSTEM\rsvpsp.dll
Stato: File TROVATO

51 - 01/01/2001 - 00:13:12
30
C:\WINDOWS\Menu Avvio\Programmi\Esecuzione automatica\Microsoft Office.lnk
C:\Programmi\Microsoft Office\Office10\OSA.EXE
Stato: File TROVATO

52 - 01/01/2001 - 00:13:13
40
Default_Page_URL
http://www.microsoft.com/isapi/redi...=5.5&ar=msnhome
Stato: File NON trovato

53 - 01/01/2001 - 00:13:13
41
Default_Search_URL
http://www.microsoft.com/isapi/redi...=ie&ar=iesearch
Stato: File NON trovato

54 - 01/01/2001 - 00:13:13
43
Search Page
http://www.microsoft.com/isapi/redi...=ie&ar=iesearch
Stato: File NON trovato

55 - 01/01/2001 - 00:13:13
44
Start Page
http://www.google.it
Stato: File NON trovato

56 - 01/01/2001 - 00:13:13
45
CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
Stato: File NON trovato

57 - 01/01/2001 - 00:13:13
46
SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
Stato: File NON trovato

58 - 01/01/2001 - 00:13:13
48
Default_Search_URL
about:blank
Stato: File NON trovato

59 - 01/01/2001 - 00:13:13
49
Search Bar
about:blank
Stato: File NON trovato

60 - 01/01/2001 - 00:13:13
50
Search Page
http://www.microsoft.com/isapi/redi...=ie&ar=iesearch
Stato: File NON trovato

61 - 01/01/2001 - 00:13:13
51
Start Page
http://www.google.it
Stato: File NON trovato

[giannola]

Quote:

Originariamente inviato da cicciuzzo15

ti allego una schermata dei servizi attivi su svchost!!mi potresti aiutare a trovare quelli incriminati visto ke in materia sn un profano?per il quinto della pensione ok , dello stipendio no xkè ancora nn ce l'ho mi dispiace
grazie mille per il tuo aiuto

fai una scansione con superantispyware.

[giannola]

Quote:

Originariamente inviato da Xanty

Ciao ragazzi,ho bisogno del vostro aiuto per un pc virato e non solo.
ho i log di hijack prima e dopo aver fatto un fissaggio.Ma mi sono accorta di aver eliminato un valore importante forse ip del router poichè, dal computer in questione ,non si puo piu accedere ad internet mentre dagli altri pc connessi in rete si .
Dunque dovrei eliminare questi trojan e ripristinare la connessione ad internet

O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\FILECO~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE


O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - http://ricercaperfetta.com/ (file missing)

O9 - Extra 'Tools' menuitem: Loghi e suonerie - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - http://ricercaperfetta.com/ (file missing)


O9 - Extra button: Sfondi Computer - {FF4D2994-6575-4F03-A5C6-6559C8793A06} - c:\Sfondi Computer.exe (file missing)

O9 - Extra 'Tools' menuitem: Sfondi Computer - {FF4D2994-6575-4F03-A5C6-6559C8793A06} - c:\Sfondi Computer.exe (file missing)

[Xanty]

Quote:

Originariamente inviato da giannola

O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\FILECO~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE


O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - http://ricercaperfetta.com/ (file missing)

O9 - Extra 'Tools' menuitem: Loghi e suonerie - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - http://ricercaperfetta.com/ (file missing)


O9 - Extra button: Sfondi Computer - {FF4D2994-6575-4F03-A5C6-6559C8793A06} - c:\Sfondi Computer.exe (file missing)

O9 - Extra 'Tools' menuitem: Sfondi Computer - {FF4D2994-6575-4F03-A5C6-6559C8793A06} - c:\Sfondi Computer.exe (file missing)

grazie!

invece x risolvere il problema della connessione ??il pc,con il ruouter e connesso in rete cn altri pc, non accede piu ad internet.. forse xk ho fissato questo ? -------> O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 212.216.172.62,212.216.112.112

come ripristinarlo? nn ho eseguito backupe ho disabilitato il ripristino di sistema =_= ......... sistema operativo win ME

[winning]

Ciao ragazzi ecco il mio ultimo log con il programma. devo dire che negli ultimi giorni il pc è rallentato parecchio ma soprattutto all'avvio di windows, cioè ci mette molto a caricare le varie icone (a volte rimangono senza disegnino x 2 minuti circa), cosa può essere? e con che programma posso risolvere?
inoltre quali voci devo eliminare dal log e come posso evitare di farle ritornare?
Grazie mille

Logfile of HijackThis v1.99.1
Scan saved at 18.51.48, on 09/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\IPM\Adsl\DataWay\dslstat.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE
C:\Programmi\Alice ti aiuta\bin\mad.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\user\Documenti\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar5.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programmi\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar5.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Programmi\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [DSLSTATEXE] "C:\Programmi\IPM\Adsl\DataWay\dslstat.exe" icon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con FlashGet - C:\Programmi\FlashGet\jc_link.htm
O8 - Extra context menu item: Scarica tutto con FlashGet - C:\Programmi\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {1EDF25DE-DFB2-40CA-AA83-30AE7DA8C203} - http://appdirectory.messenger.msn.co...haringctrl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {CAFECAFE-0013-0001-0018-ABCDEFABCDEF} (JInitiator 1.3.1.18) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{07484DE0-24B4-4B29-B9B1-5D4F9855749A}: NameServer = 85.37.17.58 85.38.28.94
O17 - HKLM\System\CS1\Services\Tcpip\..\{07484DE0-24B4-4B29-B9B1-5D4F9855749A}: NameServer = 85.37.17.58 85.38.28.94
O17 - HKLM\System\CS2\Services\Tcpip\..\{07484DE0-24B4-4B29-B9B1-5D4F9855749A}: NameServer = 85.37.17.58 85.38.28.94
O17 - HKLM\System\CS3\Services\Tcpip\..\{07484DE0-24B4-4B29-B9B1-5D4F9855749A}: NameServer = 85.37.17.58 85.38.28.94
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe

[gerry722]

Io eliminerei C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE e anche O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
Cmq prima aspetta di leggere anche il consiglio di altri

[Xanty]

Quote:

Originariamente inviato da Xanty

grazie!

invece x risolvere il problema della connessione ??il pc,con il ruouter e connesso in rete cn altri pc, non accede piu ad internet.. forse xk ho fissato questo ? -------> O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 212.216.172.62,212.216.112.112

come ripristinarlo? nn ho eseguito backupe ho disabilitato il ripristino di sistema =_= ......... sistema operativo win ME

qualcuno mi aiuta please ?!!

[Rossi88]

mi è stato detto di postare il log di hijack in questa sezione, anche se il problema era un trojan e tale problema è stato risolto grazie ad avast posto lo stesso il log per maggiore sicurezza:

Logfile of HijackThis v1.99.1
Scan saved at 20.16.42, on 09/02/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Users\Michele\Desktop\hijackthis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice.it/oggi/indexbb.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\windows sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Ho windows Vista.
Un'ultima cosa a me sembra non vi sia nulla di strano nel log, chiedo conferma.

Ciao

[gerry722]

A me sembra che hai nel log un pò di cose che non vanno