HiJackThis - Analisi Log - leggere Regole di Sezione

[juninho85]

Quote:

Originariamente inviato da demone76

.

pulito

[andorra24]

Quote:

Originariamente inviato da hrxn

oK grazie.

Prego.

[luchy]

ragazzi o trovato questo :da qui
semba strutturata bene
fonte
pace

[Stev-O]

era stata postata anche in un'altro thread

[andorra24]

Quote:

Originariamente inviato da luchy

ragazzi o trovato questo :da qui
semba strutturata bene
fonte
pace

E' fatta molto bene. Comunque nel primo post del thread c'e' gia' un'ottima guida molto esauriente:
http://www.ilsoftware.it/articoli.asp?ID=2459&pag=0

[(zar)sheva]

mi date bun occhiata grazie!

Logfile of HijackThis v1.99.1
Scan saved at 12.29.12, on 07/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\HP\Digital Imaging\bin\hpqgalry.exe
C:\File Vari\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avast.com/i_kat_207.php?lang=ENG
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {9E8D69E3-1A91-E0A5-E4EC-6A6E2BCECF30} - C:\DOCUME~1\manuel\DATIAP~1\Curbooze\Bash Exit.exe (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [four grid] C:\DOCUME~1\manuel\DATIAP~1\SITENA~1\city comp.exe
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1139763570875
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1142195018078
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.filelodge.com/ImageUploader3.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

[andorra24]

Fixa:

O2 - BHO: (no name) - {9E8D69E3-1A91-E0A5-E4EC-6A6E2BCECF30} - C:\DOCUME~1\manuel\DATIAP~1\Curbooze\Bash Exit.exe (file missing)
O4 - HKCU\..\Run: [four grid] C:\DOCUME~1\manuel\DATIAP~1\SITENA~1\city comp.exe

[(zar)sheva]

Quote:

Originariamente inviato da andorra24

Fixa:

O2 - BHO: (no name) - {9E8D69E3-1A91-E0A5-E4EC-6A6E2BCECF30} - C:\DOCUME~1\manuel\DATIAP~1\Curbooze\Bash Exit.exe (file missing)
O4 - HKCU\..\Run: [four grid] C:\DOCUME~1\manuel\DATIAP~1\SITENA~1\city comp.exe

perfetto grazie mille, velocissima come sempre!!!
pensavo peggio essendo il pc della ditta che usa anche mio fratello,con ewido spywareblaster e spybot s&d con i quali immunizzo,non capisco perche' continuano ad uscire finestre indesidderate,piu' o meno sempre le stesse,eppure cose strane non ne ha dentro quanto pare!!

[andorra24]

Quote:

Originariamente inviato da (zar)sheva

perfetto grazie mille, velocissima come sempre!!!
pensavo peggio essendo il pc della ditta che usa anche mio fratello,con ewido spywareblaster e spybot s&d con i quali immunizzo,non capisco perche' continuano ad uscire finestre indesidderate,piu' o meno sempre le stesse,eppure cose strane non ne ha dentro quanto pare!!

Naviga con Firefox

[Night82]

Oggi ho provato Windows Worms Doors Cleaner. Quando lo apro mi da la seguente schermata.

Uso regolarmente ewido e Antivir.
Il log è:
Logfile of HijackThis v1.99.1
Scan saved at 11.34.30, on 08/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Programmi\Sygate\SPF\smc.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\kiosk\usbtapnp.exe
D:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
D:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
D:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
D:\Programmi\D-Tools\daemon.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
D:\Programmi\SSC Service Utility\ssc_serv.exe
D:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Programmi\Winamp\winampa.exe
D:\Programmi\QuickTime\qttask.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Programmi\SSC Service Utility\ssc_serv.exe
D:\Programmi\Apache Group\Apache2\bin\ApacheMonitor.exe
D:\Programmi\Thunderbird-Tray\TBTray.exe
D:\Programmi\VIA\RAID\raid_tool.exe
D:\Programmi\FreePOPs\freepopsd.exe
D:\Programmi\Mozilla Thunderbird\thunderbird.exe
D:\Programmi\AntiVir PersonalEdition Classic\sched.exe
D:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
D:\Programmi\Apache Group\Apache2\bin\Apache.exe
D:\Programmi\ewido anti-malware\ewidoctrl.exe
D:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Programmi\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
D:\Programmi\Apache Group\Apache2\bin\Apache.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\Programmi\VMware\VMware Server\vmware-authd.exe
D:\Programmi\VMware\VMware Server\vmserverdWin32.exe
D:\WINDOWS\system32\vmnat.exe
D:\WINDOWS\system32\vmnetdhcp.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Programmi\Mozilla Firefox\firefox.exe
E:\Programmi utilità vari\Sicurezza\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [USBTA] D:\kiosk\usbtapnp.exe
O4 - HKLM\..\Run: [RemoteControl] D:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avgnt] "D:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [SSC Service Utility] D:\Programmi\SSC Service Utility\ssc_serv.exe /s
O4 - HKLM\..\Run: [Samsung LBP SM] "D:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] D:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - Startup: FreePOPs.lnk = D:\Programmi\FreePOPs\freepopsd.exe
O4 - Global Startup: Monitor Apache Servers.lnk = D:\Programmi\Apache Group\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: TB-Tray.lnk = D:\Programmi\Thunderbird-Tray\TBTray.exe
O4 - Global Startup: VIA RAID TOOL.lnk = D:\Programmi\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Clean Traces - D:\Programmi\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Programmi\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{6BF26D4A-D41D-4C4D-9001-983EA294230B}: NameServer = 62.211.69.150 212.48.4.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{89A7C06F-5A15-41E9-A2A4-5A70269D8EEE}: NameServer = 192.168.0.1
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - D:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - D:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apache - Unknown owner - D:\Programmi\Apache Group\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: Apache2 - Unknown owner - D:\Programmi\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: ewido security suite control - ewido networks - D:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySQL - Unknown owner - D:\Programmi\MySQL\MySQL.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Programmi\Sygate\SPF\smc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Programmi\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - D:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - D:\Programmi\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - D:\WINDOWS\system32\vmnat.exe

[andorra24]

Non vedo virus nel tuo log. Fai una scansione con bitdefender free:
http://www.bitdefender.com/site/Down...adFile/340/EN/

[Silvermoon]

ho fatto una scansione e ho fixato facendo l'analisi sul sito .ma mi si ripresentano ogni volta determinati punti..anche fixati..coem fare?? mi date un occhiata al log per favore che mi dite?

Logfile of HijackThis v1.99.1
Scan saved at 11.59.26, on 08/04/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\ewido\security suite\ewidoctrl.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Agnitum\Outpost Firewall\outpost.exe
C:\WINDOWS\System32\CAPRPCSN.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\2\CAPPSWN.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe
C:\Programmi\Arovax Shield\ArovaxShield.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\MOZILL~2\FIREFOX.EXE
C:\Programmi\eMule\emule.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Marko\Desktop\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programmi\SiteAdvisor\saIE.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programmi\SiteAdvisor\saIE.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\System32\Spool\Drivers\w32x86\2\CAPONN.EXE
O4 - HKLM\..\Run: [9xadiras] 9xadiras.exe
O4 - HKLM\..\Run: [2kadiras] 2kadiras.exe
O4 - HKLM\..\Run: [Arovax Shield] C:\Programmi\Arovax Shield\ArovaxShield.exe -tray
O4 - HKLM\..\Run: [Outpost Firewall] C:\Programmi\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [KAV50] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0 -chkss
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Outpost Firewall Pro Regolazione rapida - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC185D44-F334-449D-84A8-B88D41531513}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Programmi\Agnitum\Outpost Firewall\outpost.exe

[andorra24]

Silvermoon il tuo log e' pulito.

[Silvermoon]

grazie mille ..una cosa è normale che bit defender mi da 5 ore come tempo di scansione e che nn si schioda da 3 % ? ho pochi gb occupati

[andorra24]

Quote:

Originariamente inviato da Silvermoon

grazie mille ..una cosa è normale che bit defender mi da 5 ore come tempo di scansione e che nn si schioda da 3 % ? ho pochi gb occupati

La scansione con bitdefender e' molto lenta,soprattutto nelle prime fasi, poi inizia a velocizzare. Comunque 5 ore ovviamente e' troppo.

[Alex-Murei]

Ciao volevo sapere se qui vedete qualche problema ?

Logfile of HijackThis v1.99.1
Scan saved at 13.47.57, on 08/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Creative\Shared Files\Module Loader\DLLML.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE
C:\Programmi\Creative\ShareDLL\CADI\NotiMan.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Alex\Documenti\File Utili\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programmi\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programmi\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [CTDVDDET] "C:\Programmi\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Programmi\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [VolPanel] "C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1142904043593
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe



GRAZIE

[andorra24]

Alex-Murei il log e' pulito. Comunque puoi fixare questa voce inutile:

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

[Alex-Murei]

Quote:

Originariamente inviato da andorra24

Alex-Murei il log e' pulito. Comunque puoi fixare questa voce inutile:

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

Ok fatto grazie ,solo per capire a cosa si riferiva quella voce?

[andorra24]

Quote:

Originariamente inviato da Alex-Murei

Ok fatto grazie ,solo per capire a cosa si riferiva quella voce?

Niente di particolare, era semplicemente il messaggio di invio segnalazione errori di windows. Se lo desideri puoi disattivare il servizio di segnalazione errori andando su strumenti di amministrazione/servizi e impostandolo su tipo di avvio disabilitato.

[juninho85]

Quote:

Originariamente inviato da Night82

.

effettivamente hai troppa roba aperta....prova ad chiudere le porte dopo aver fatto l'avvio con i soli componenti di windows,senza programmi di terze parti in autorun