HiJackThis - Analisi Log - leggere Regole di Sezione - Pagina 81

andorra24 · 09-03-2006, 22:41

Quote:

Originariamente inviato da furettone

ci sono dei modo per bloccare svchost.exe o lssa.exe
oppure come eliminarli senza formattare??
oppure ancora bisogna formattare senza nessun'altra scelta?

svchost.exe e' un legittimo processo di sistema se si trova dentro la cartella system32. Negli altri casi e' un malware e va rimosso.
lssa.exe e' scritto proprio cosi o ti confondi con lsass.exe? lsass.exe e' anch'esso legittimo se si trova in system32, nelle altre posizioni e' un malware.

Se vuoi puoi scansionare quei 2 processi su www.virustotal.com per capire se sono puliti oppure no.

furettone · 09-03-2006, 22:49

se mi occupano tantissimo di cpu 995 li devo eliminare?e come?
grazie tutto questo senza formattare
si è lsass.exe
ciao

andorra24 · 09-03-2006, 22:56

Quote:

Originariamente inviato da furettone

se mi occupano tantissimo di cpu 995 li devo eliminare?e come?
grazie tutto questo senza formattare
si è lsass.exe
ciao

Ma hai controllato in che directory si trovano? Come ti ho detto sopra se si trovano in C:\Windows\System32 sono legittimi processi del sistema operativo.

juninho85 · 09-03-2006, 23:08

Quote:

Originariamente inviato da andorra24

Ma hai controllato in che directory si trovano? Come ti ho detto sopra se si trovano in C:\Windows\System32 sono legittimi processi del sistema operativo.

non necessariamente...possono anche essere stati infettati

andorra24 · 09-03-2006, 23:21

Quote:

Originariamente inviato da juninho85

non necessariamente...possono anche essere stati infettati

Se hai letto gli ho consigliato di scansionarli su www.virustotal.com

juninho85 · 09-03-2006, 23:26

Quote:

Originariamente inviato da andorra24

Se hai letto gli ho consigliato di scansionarli su www.virustotal.com

si....

manga81 · 10-03-2006, 08:25

Quote:

Originariamente inviato da andorra24

Se hai letto gli ho consigliato di scansionarli su www.virustotal.com

cosa fa questo programma?

juninho85 · 10-03-2006, 08:27

Quote:

Originariamente inviato da manga81

cosa fa questo programma?

non è un programma....è un sito che permette di far scansionare il file prescelto dai migliori motori di scansione antivirus in commercio

furettone · 10-03-2006, 09:15

salve vi aiutate ciao andorra 24

Logfile of HijackThis v1.99.1
Scan saved at 10.13.21, on 10/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\Rar$EX00.094\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Programmi\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BearShare] "C:\Programmi\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmi\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmi\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe

che ne dite?
grazie mille siete formidabili

juninho85 · 10-03-2006, 09:17

Quote:

Originariamente inviato da furettone

.

pulito e ottimizzato...volendo puoi anche togliere ctfmon e nerocheck

andorra24 · 10-03-2006, 09:39

Quote:

Originariamente inviato da furettone

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmi\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmi\PartyGaming\PartyPoker\RunApp.exe (file missing)

Volendo puoi togliere queste 2 voci. E aggiorna java sun all'ultima versione.

furettone · 10-03-2006, 09:50

in modalità provvisoria li devo eliminare?

poi un'altra domanda se svchost.exe e lsass.exe occupano quasi tuta la cpu e si trovano non in system 32 si deve a tuti i coti formattare o si può fare altro'
grazie mille ragazzi

juninho85 · 10-03-2006, 09:51

Quote:

Originariamente inviato da furettone

in modalità provvisoria li devo eliminare?

poi un'altra domanda se svchost.exe e lsass.exe occupano quasi tuta la cpu e si trovano non in system 32 si deve a tuti i coti formattare o si può fare altro'
grazie mille ragazzi

non c'è bisogno di formattare,nè di eliminare in modalità provvisoria quelle chiavi visto che non si tratta di malware

furettone · 10-03-2006, 09:53

no mi comapre a task manager non al mio computer ma ad un altro che svchost.exe occupa 99% della cpu che fare?
formattare o usare HiJackThis?
grazie

juninho85 · 10-03-2006, 09:56

Quote:

Originariamente inviato da furettone

no mi comapre a task manager non al mio computer ma ad un altro che svchost.exe occupa 99% della cpu che fare?
formattare o usare HiJackThis?
grazie

prima bisogna capire il perchè stia al 99%

andorra24 · 10-03-2006, 10:00

Quote:

Originariamente inviato da furettone

in modalità provvisoria li devo eliminare?

Puoi eliminare quelle 2 voci in modalita' normale, ma non sono nocive, sono soltanto voci mancanti.

Quote:

Originariamente inviato da furettone

poi un'altra domanda se svchost.exe e lsass.exe occupano quasi tuta la cpu e si trovano non in system 32 si deve a tuti i coti formattare o si può fare altro'
grazie mille ragazzi

Se si trovano in posizioni diverse da system32 allora sono malware e vanno eliminati. Puoi farlo manualmente o tramite scansione antivirus o tramite killbox:
http://www.bleepingcomputer.com/files/killbox.php

ps: fai una scansione antivirus di controllo.

furettone · 10-03-2006, 10:02

questo computer ha il sp1
non so perchè sta al 99%
che posso fare?
ciao

furettone · 10-03-2006, 10:04

manualmente da dove li elimino e con quale programma?
ciao

andorra24 · 10-03-2006, 10:05

Quote:

Originariamente inviato da furettone

questo computer ha il sp1
non so perchè sta al 99%
che posso fare?
ciao

Ma hai provato con una scansione antivirus? E' stato installato qualcosa prima di avere queste impennate di cpu?

furettone · 10-03-2006, 10:09

ho messo avast dopodichè mi diceva attacco da ip ...............
e taskmanager svchost.exe 99%

è questa la situazione di questo mio amico più svchost.exe in task al 99%

Logfile of HijackThis
Logfile of HijackThis v1.99.1
Scan saved at 13.09.01, on 09/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\sysnx32.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Programmi\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\ntey32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\ubmo\ahit.exe
C:\Programmi\?ymbols\r?gsvr32.exe
C:\Programmi\ARESCOM\Modem Telindus Arescom ND220\dslmon.exe
C:\Programmi\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Programmi\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE
C:\WINDOWS\TEMP\winFD2.tmp.exe
C:\WINDOWS\TEMP\winFD5.tmp.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\ddd\Impostazioni locali\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\xirpx.dll/sp.html#87649%
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xirpx.dll/sp.html#87649%
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\xirpx.dll/sp.html#87649%
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\xirpx.dll/sp.html#87649%
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xirpx.dll/sp.html#87649%
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\xirpx.dll/sp.html#87649%
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\xirpx.dll/sp.html#87649%
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.virgilio.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {0B570AC4-B5AE-18C7-4C96-21B9FF50309E} - C:\WINDOWS\system32\addae.dll
O2 - BHO: Class - {33F82FBF-D6E2-9367-3679-7A93E711C4EE} - C:\WINDOWS\mfcpd.dll (file missing)
O2 - BHO: (no name) - {430B8B42-F27B-B848-94E9-4B27B55D77FF} - (no file)
O2 - BHO: Class - {5B9DD78B-6805-11A5-818B-723A508CBC0D} - C:\WINDOWS\crba.dll (file missing)
O2 - BHO: Class - {62AD4EF2-C738-EB7A-35B8-F6BCD27B9F70} - C:\WINDOWS\ntey32.dll
O2 - BHO: (no name) - {88F58E91-2349-CEB7-A893-765E5171E648} - (no file)
O2 - BHO: Class - {B74D7ADF-0D9A-236B-88D0-5341D065D6CE} - C:\WINDOWS\system32\iekp32.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {F042AD18-E71C-6ECD-7132-91145956736C} - C:\WINDOWS\sysok32.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [CXMon] "C:\Programmi\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [MSPluginSrvc] p3.exe
O4 - HKLM\..\Run: [SvcH0st] C:\WINDOWS\shch.exe /i
O4 - HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [refcf] C:\WINDOWS\refcf.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [FSH] C:\WINDOWS\system32\svcnva.exe home
O4 - HKLM\..\Run: [AdService] C:\WINDOWS\System32\AdService.dll
O4 - HKLM\..\Run: [d3xi.exe] C:\WINDOWS\system32\d3xi.exe
O4 - HKLM\..\Run: [10.tmp] C:\DOCUME~1\ddd\IMPOST~1\Temp\10.tmp.exe
O4 - HKLM\..\Run: [11.tmp] C:\DOCUME~1\ddd\IMPOST~1\Temp\11.tmp.exe
O4 - HKLM\..\Run: [11.tmp.exe] C:\DOCUME~1\ddd\IMPOST~1\Temp\11.tmp.exe
O4 - HKLM\..\Run: [10.tmp.exe] C:\DOCUME~1\ddd\IMPOST~1\Temp\10.tmp.exe
O4 - HKLM\..\Run: [ipjg32.exe] C:\WINDOWS\ipjg32.exe
O4 - HKLM\..\Run: [appet32.exe] C:\WINDOWS\system32\appet32.exe
O4 - HKLM\..\Run: [apisb32.exe] C:\WINDOWS\apisb32.exe
O4 - HKLM\..\Run: [BE.tmp] C:\DOCUME~1\ddd\IMPOST~1\Temp\BE.tmp.exe
O4 - HKLM\..\Run: [BE.tmp.exe] C:\DOCUME~1\ddd\IMPOST~1\Temp\BE.tmp.exe
O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\ddd\Dati applicazioni\sgrunt\IE4321.exe
O4 - HKLM\..\Run: [mfcwj.exe] C:\WINDOWS\system32\mfcwj.exe
O4 - HKLM\..\Run: [ntey32.exe] C:\WINDOWS\ntey32.exe
O4 - HKLM\..\RunServices: [MSPluginSrvc] p3.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Ewoo] "C:\Programmi\ubmo\ahit.exe" -vt yax
O4 - HKCU\..\Run: [Vzc] C:\Programmi\?ymbols\r?gsvr32.exe
O4 - Startup: Registration-Studio 8.lnk = C:\Programmi\Pinnacle\Studio 8\Register\RegTool.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Porta Symantec Fax Starter Edition.lnk = C:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.skymasters.biz
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6.../bridge-c18.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...467&clcid=0x409
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://dialers.dialoff.com/100241/it/adult1/adult1.exe
O16 - DPF: {5D7334F5-CF58-4F22-8502-6CC0ACB2FEFF} - http://www.dialer-shop.com/protected/code/axrbpt.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...b?1098528516093
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/Yazz....cab?refid=1123
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/active...free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/606731.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E1AB8FA-C361-4578-9047-CB48178A3783}: NameServer = 85.37.17.51 85.38.28.97
O20 - Winlogon Notify: style32 - C:\WINDOWS\
O20 - Winlogon Notify: wineay32 - C:\WINDOWS\SYSTEM32\wineay32.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\sysnx32.exe" /s (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe

09-03-2006, 22:49	#1602
furettone Senior Member Iscritto dal: Sep 2005 Messaggi: 336	se mi occupano tantissimo di cpu 995 li devo eliminare?e come? grazie tutto questo senza formattare si è lsass.exe ciao

10-03-2006, 09:15	#1609
furettone Senior Member Iscritto dal: Sep 2005 Messaggi: 336	salve vi aiutate ciao andorra 24 Logfile of HijackThis v1.99.1 Scan saved at 10.13.21, on 10/03/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\Explorer.EXE C:\Programmi\WinRAR\WinRAR.exe C:\DOCUME~1\FRANCE~1\IMPOST~1\Temp\Rar$EX00.094\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [NVMixerTray] "C:\Programmi\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe" O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [BearShare] "C:\Programmi\BearShare\BearShare.exe" /pause O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmi\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmi\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe che ne dite? grazie mille siete formidabili

10-03-2006, 09:50	#1612
furettone Senior Member Iscritto dal: Sep 2005 Messaggi: 336	in modalità provvisoria li devo eliminare? poi un'altra domanda se svchost.exe e lsass.exe occupano quasi tuta la cpu e si trovano non in system 32 si deve a tuti i coti formattare o si può fare altro' grazie mille ragazzi

10-03-2006, 09:53	#1614
furettone Senior Member Iscritto dal: Sep 2005 Messaggi: 336	no mi comapre a task manager non al mio computer ma ad un altro che svchost.exe occupa 99% della cpu che fare? formattare o usare HiJackThis? grazie

10-03-2006, 10:02	#1617
furettone Senior Member Iscritto dal: Sep 2005 Messaggi: 336	questo computer ha il sp1 non so perchè sta al 99% che posso fare? ciao

10-03-2006, 10:04	#1618
furettone Senior Member Iscritto dal: Sep 2005 Messaggi: 336	manualmente da dove li elimino e con quale programma? ciao

10-03-2006, 10:09	#1620
furettone Senior Member Iscritto dal: Sep 2005 Messaggi: 336	ho messo avast dopodichè mi diceva attacco da ip ............... e taskmanager svchost.exe 99% è questa la situazione di questo mio amico più svchost.exe in task al 99% Logfile of HijackThis Logfile of HijackThis v1.99.1 Scan saved at 13.09.01, on 09/03/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\sysnx32.exe C:\Programmi\Norton AntiVirus\navapsvc.exe C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programmi\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe C:\Programmi\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe C:\Programmi\File comuni\Symantec Shared\ccApp.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe C:\WINDOWS\ntey32.exe C:\WINDOWS\System32\ctfmon.exe C:\Programmi\Messenger\msmsgs.exe C:\Programmi\ubmo\ahit.exe C:\Programmi\?ymbols\r?gsvr32.exe C:\Programmi\ARESCOM\Modem Telindus Arescom ND220\dslmon.exe C:\Programmi\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe C:\Programmi\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe C:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE C:\WINDOWS\TEMP\winFD2.tmp.exe C:\WINDOWS\TEMP\winFD5.tmp.exe C:\Programmi\Mozilla Firefox\firefox.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Documents and Settings\ddd\Impostazioni locali\Temp\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\xirpx.dll/sp.html#87649% R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xirpx.dll/sp.html#87649% R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\xirpx.dll/sp.html#87649% R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\xirpx.dll/sp.html#87649% R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xirpx.dll/sp.html#87649% R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\xirpx.dll/sp.html#87649% R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\xirpx.dll/sp.html#87649% R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.virgilio.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - Default URLSearchHook is missing O2 - BHO: Class - {0B570AC4-B5AE-18C7-4C96-21B9FF50309E} - C:\WINDOWS\system32\addae.dll O2 - BHO: Class - {33F82FBF-D6E2-9367-3679-7A93E711C4EE} - C:\WINDOWS\mfcpd.dll (file missing) O2 - BHO: (no name) - {430B8B42-F27B-B848-94E9-4B27B55D77FF} - (no file) O2 - BHO: Class - {5B9DD78B-6805-11A5-818B-723A508CBC0D} - C:\WINDOWS\crba.dll (file missing) O2 - BHO: Class - {62AD4EF2-C738-EB7A-35B8-F6BCD27B9F70} - C:\WINDOWS\ntey32.dll O2 - BHO: (no name) - {88F58E91-2349-CEB7-A893-765E5171E648} - (no file) O2 - BHO: Class - {B74D7ADF-0D9A-236B-88D0-5341D065D6CE} - C:\WINDOWS\system32\iekp32.dll (file missing) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll O2 - BHO: Class - {F042AD18-E71C-6ECD-7132-91145956736C} - C:\WINDOWS\sysok32.dll (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [CXMon] "C:\Programmi\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [MSPluginSrvc] p3.exe O4 - HKLM\..\Run: [SvcH0st] C:\WINDOWS\shch.exe /i O4 - HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [refcf] C:\WINDOWS\refcf.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [FSH] C:\WINDOWS\system32\svcnva.exe home O4 - HKLM\..\Run: [AdService] C:\WINDOWS\System32\AdService.dll O4 - HKLM\..\Run: [d3xi.exe] C:\WINDOWS\system32\d3xi.exe O4 - HKLM\..\Run: [10.tmp] C:\DOCUME~1\ddd\IMPOST~1\Temp\10.tmp.exe O4 - HKLM\..\Run: [11.tmp] C:\DOCUME~1\ddd\IMPOST~1\Temp\11.tmp.exe O4 - HKLM\..\Run: [11.tmp.exe] C:\DOCUME~1\ddd\IMPOST~1\Temp\11.tmp.exe O4 - HKLM\..\Run: [10.tmp.exe] C:\DOCUME~1\ddd\IMPOST~1\Temp\10.tmp.exe O4 - HKLM\..\Run: [ipjg32.exe] C:\WINDOWS\ipjg32.exe O4 - HKLM\..\Run: [appet32.exe] C:\WINDOWS\system32\appet32.exe O4 - HKLM\..\Run: [apisb32.exe] C:\WINDOWS\apisb32.exe O4 - HKLM\..\Run: [BE.tmp] C:\DOCUME~1\ddd\IMPOST~1\Temp\BE.tmp.exe O4 - HKLM\..\Run: [BE.tmp.exe] C:\DOCUME~1\ddd\IMPOST~1\Temp\BE.tmp.exe O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\ddd\Dati applicazioni\sgrunt\IE4321.exe O4 - HKLM\..\Run: [mfcwj.exe] C:\WINDOWS\system32\mfcwj.exe O4 - HKLM\..\Run: [ntey32.exe] C:\WINDOWS\ntey32.exe O4 - HKLM\..\RunServices: [MSPluginSrvc] p3.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Ewoo] "C:\Programmi\ubmo\ahit.exe" -vt yax O4 - HKCU\..\Run: [Vzc] C:\Programmi\?ymbols\r?gsvr32.exe O4 - Startup: Registration-Studio 8.lnk = C:\Programmi\Pinnacle\Studio 8\Register\RegTool.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: DSLMON.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Picture Package VCD Maker.lnk = ? O4 - Global Startup: Porta Symantec Fax Starter Edition.lnk = C:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE O15 - Trusted Zone: www.archiviosex.net O15 - Trusted Zone: www.redfunny.com O15 - Trusted Zone: www.skymasters.biz O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6.../bridge-c18.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...467&clcid=0x409 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://dialers.dialoff.com/100241/it/adult1/adult1.exe O16 - DPF: {5D7334F5-CF58-4F22-8502-6CC0ACB2FEFF} - http://www.dialer-shop.com/protected/code/axrbpt.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...b?1098528516093 O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/Yazz....cab?refid=1123 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/active...free/asinst.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/606731.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{7E1AB8FA-C361-4578-9047-CB48178A3783}: NameServer = 85.37.17.51 85.38.28.97 O20 - Winlogon Notify: style32 - C:\WINDOWS\ O20 - Winlogon Notify: wineay32 - C:\WINDOWS\SYSTEM32\wineay32.dll O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\sysnx32.exe" /s (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe

Strumenti
Mostra una versione stampabile Invia questa pagina per email