|
|||||||
|
|
|
 |
|
|
Strumenti |
03-05-2006, 14:31
|
#2201 |
|
Senior Member
Iscritto dal: Mar 2006
Città: Saluzzo (Cuneo) - Trattative ok: 51
Messaggi: 3656
|
C:\Programmi\File comuni\Ahead\lib\NMIndexStoreSvr.exe
l'analizzatore trova questo file sconosciuto che cos'e? |
|
|
|
03-05-2006, 14:37
|
#2202 |
|
Senior Member
Iscritto dal: Feb 2004
Città: /media/ValSusa
Messaggi: 3607
|
Sia con Viruss total che jotti me lo da pulito.
chiudendolo da taskmanager non fa storie e si chiude subito. Può essere invece che quel file potrebbe essere facilmente attaccato da quel worm e che quindi hijackthis me lo segnala sospetto da eliminare? Se fosse così è normale che nemmeno ewido trovi nulla. Ma poi, perchè tanto allarmismo su internet? Cerchi con google quel processo ed è la fine del mondo.... 
|
|
|
|
|
03-05-2006, 15:48
|
#2203 |
|
Senior Member
Iscritto dal: Sep 2005
Città: Opinions are like assholes: anybody has one...
Messaggi: 34290
|
mi sembra un processo di nero....
__________________
Ну давай !! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Cina, bugiardo - stolen conto: non paghi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . NON CERCO PIU' UN ALIMENTATORE DECENTE ----------------> LINK |
|
|
|
|
03-05-2006, 21:36
|
#2204 |
|
Senior Member
Iscritto dal: May 2005
Messaggi: 444
|
potreste dirmi cosa fixare?
Logfile of HijackThis v1.99.1 Scan saved at 22.41.35, on 03/05/2006 Platform: Windows 2000 SP3 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\SYSTEM32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe C:\Programmi\Alwil Software\Avast4\ashServ.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\PROGRA~1\Adaptec\DirectCD\directcd.exe C:\WINNT\System32\ezSP_Px.exe C:\Programmi\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Programmi\File comuni\Real\Update_OB\realsched.exe C:\Programmi\MessengerPlus! 3\MsgPlus.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe C:\Programmi\File comuni\AOL\1124438848\ee\AOLHostManager.exe C:\Programmi\File comuni\AOL\1124438848\ee\AOLServiceHost.exe C:\WINNT\system32\internat.exe C:\Programmi\MSN Messenger\msnmsgr.exe C:\Programmi\File comuni\AOL\1124438848\ee\AOLServiceHost.exe C:\Programmi\Alwil Software\Avast4\ashWebSv.exe C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe C:\Programmi\ewido anti-malware\ewidoguard.exe C:\Programmi\ewido anti-malware\ewidoctrl.exe C:\Programmi\ewido anti-malware\SecuritySuite.exe C:\Programmi\hijackthis\HijackThis.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchbar.findthewebsiteyouneed.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchwww.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.findthewebsiteyouneed.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchwww.com/search.cgi?s=%s R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Programmi\AOL\AOL Toolbar 2.0\aoltb.dll O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programmi\NewDotNet\newdotnet7_22.dll (file missing) O2 - BHO: BRedObj Class - {63CF97E8-4133-438a-A831-CC9C6D47D673} - c:\Program Files\Reg2\Reg2.dll (file missing) O2 - BHO: BRedObj Class - {665ACD90-4541-4836-9FE4-062386BB8F05} - C:\Programmi\Flt\Flt.dll (file missing) O2 - BHO: BRedObj Class - {7371F073-AC0F-4b80-BB2F-96A488CEFB32} - c:\Program Files\Xmod\xm320.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programmi\AOL\AOL Toolbar 2.0\aoltb.dll O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Programmi\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Programmi\Viewpoint\Viewpoint Toolbar\ViewBar.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programmi\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\Adaptec\DirectCD\directcd.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [RVP] "C:\Programmi\RVP\bpc.exe" O4 - HKLM\..\Run: [blss] C:\Programmi\blss\blss.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINNT\System32\ezSP_Px.exe O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Programmi\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain O4 - HKLM\..\Run: [ViewMgr] C:\Programmi\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HostManager] C:\Programmi\File comuni\AOL\1124438848\ee\AOLHostManager.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe -r O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\MSN Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AIM] C:\Programmi\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [JavaUpdate0.07] C:\WINNT\system32\bygqrnz.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [BitComet Accelerator] "C:\Programmi\BitComet Accelerator\BitComet Accelerator.exe" -tray O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background O4 - Startup: A Smaller Note 99.lnk = C:\smaller note\note.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &AIM Search - res://C:\Programmi\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &AOL Toolbar Search - c:\programmi\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: &Viewpoint Search - res://C:\Programmi\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Programmi\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programmi\AIM\aim.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\MSN Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\MSN Messenger\MSMSGS.EXE O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Programmi\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O10 - Broken Internet access because of LSP provider 'c:\programmi\newdotnet\newdotnet7_22.dll' missing O16 - DPF: ConferenceRoom Java Client - http://irc.net36.com:8080/java/cr.cab O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://66.240.140.63/cart/x/deskcartx2.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {086A694F-91FB-4068-B44C-124FB69BF05D} - http://www.searchwww.com/search.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {1EDF25DE-DFB2-40CA-AA83-30AE7DA8C203} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/506769.exe O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} - http://www.sponsoradulto.com/en/SysWebTelecom.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://deposito.hostance.net/dialer/604990.exe O16 - DPF: {FFFF0029-0001-101A-A3C9-08002B2F49FB} - http://www.tesinecopiate.com/v/8STU19.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{0E856658-C5D8-4DB7-AB47-244E907033D5}: NameServer = 212.216.112.112,212.216.172.62 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = TIN.IT O17 - HKLM\System\CS1\Services\Tcpip\..\{0E856658-C5D8-4DB7-AB47-244E907033D5}: NameServer = 212.216.112.112,212.216.172.62 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = TIN.IT O17 - HKLM\System\CS2\Services\Tcpip\..\{0E856658-C5D8-4DB7-AB47-244E907033D5}: NameServer = 212.216.112.112,212.216.172.62 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = TIN.IT O17 - HKLM\System\CS3\Services\Tcpip\..\{0E856658-C5D8-4DB7-AB47-244E907033D5}: NameServer = 212.216.112.112,212.216.172.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = TIN.IT O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido anti-malware\ewidoguard.exe |
|
|
|
|
03-05-2006, 22:28
|
#2205 |
|
Senior Member
Iscritto dal: Sep 2005
Città: Opinions are like assholes: anybody has one...
Messaggi: 34290
|
fixa
 R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchbar.findthewebsiteyouneed.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchwww.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.findthewebsiteyouneed.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchwww.com/search.cgi?s=%s O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programmi\NewDotNet\newdotnet7_22.dll (file missing) O2 - BHO: BRedObj Class - {63CF97E8-4133-438a-A831-CC9C6D47D673} - c:\Program Files\Reg2\Reg2.dll (file missing) O2 - BHO: BRedObj Class - {665ACD90-4541-4836-9FE4-062386BB8F05} - C:\Programmi\Flt\Flt.dll (file missing) O2 - BHO: BRedObj Class - {7371F073-AC0F-4b80-BB2F-96A488CEFB32} - c:\Program Files\Xmod\xm320.dll O4 - HKLM\..\Run: [RVP] "C:\Programmi\RVP\bpc.exe" O4 - HKLM\..\Run: [blss] C:\Programmi\blss\blss.exe O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Programmi\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O4 - HKCU\..\Run: [JavaUpdate0.07] C:\WINNT\system32\bygqrnz.exe O4 - Startup: A Smaller Note 99.lnk = C:\smaller note\note.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O10 - Broken Internet access because of LSP provider 'c:\programmi\newdotnet\newdotnet7_22.dll' missing O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://66.240.140.63/cart/x/deskcartx2.exe O16 - DPF: {086A694F-91FB-4068-B44C-124FB69BF05D} - http://www.searchwww.com/search.cab O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/506769.exe O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} - http://www.sponsoradulto.com/en/SysWebTelecom.cab O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://deposito.hostance.net/dialer/604990.exe O16 - DPF: {FFFF0029-0001-101A-A3C9-08002B2F49FB} - http://www.tesinecopiate.com/v/8STU19.exe congratulazioni. il log più incarognito degli ultimi tempi 
__________________
Ну давай !! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Cina, bugiardo - stolen conto: non paghi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . NON CERCO PIU' UN ALIMENTATORE DECENTE ----------------> LINK Ultima modifica di Stev-O : 05-05-2006 alle 00:24. |
|
|
|
|
05-05-2006, 00:14
|
#2206 | |
|
Senior Member
Iscritto dal: Jul 2005
Messaggi: 895
|
Quote:
Dai lo dico solo per esser puntiglioso ma non ma ne preoccupo come mi hai detto credo sia un processo legittimo. Grazie mille della disponibilità  
|
|
|
|
|
|
05-05-2006, 00:23
|
#2207 |
|
Senior Member
Iscritto dal: Sep 2005
Città: Opinions are like assholes: anybody has one...
Messaggi: 34290
|
ah ma guarda che lo puoi anche fixare non credo che caschi il mondo
mi sembra il residuo di un autoinstallante hp, tipo cd allegato alla confezione o qualcosa del genere
__________________
Ну давай !! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Cina, bugiardo - stolen conto: non paghi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . NON CERCO PIU' UN ALIMENTATORE DECENTE ----------------> LINK |
|
|
|
|
05-05-2006, 16:19
|
#2208 |
|
Senior Member
Iscritto dal: Jan 2006
Città: Lainate(Mi)
Messaggi: 5645
|
un'occhiatina ragazzi per il pc di mia moglie? grazie
Logfile of HijackThis v1.99.1 Scan saved at 16.22.40, on 05/05/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Symantec AntiVirus\DefWatch.exe C:\Programmi\Symantec AntiVirus\SavRoam.exe C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programmi\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\Explorer.EXE C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\vsnpstd.exe C:\Programmi\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Programmi\File comuni\Real\Update_OB\realsched.exe C:\Programmi\File comuni\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Programmi\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Programmi\File comuni\Microsoft Shared\DAO\svchost.exe C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Messenger\msmsgs.exe C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe C:\PROGRA~1\Webshots\webshots.scr C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe C:\Programmi\ewido anti-malware\ewidoguard.exe C:\Programmi\ewido anti-malware\ewidoctrl.exe C:\MXW2000\TaskBuilder.exe C:\Programmi\MSN Messenger\msnmsgr.exe C:\MXW2000\TaskBuilder.exe C:\Programmi\Outlook Express\msimn.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\PROGRA~1\WinZip\winzip32.exe C:\DOCUME~1\WS15~1.VEG\IMPOST~1\Temp\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Programmi\Outlook Express\msimn.exe" R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [MMTray] "C:\Programmi\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [mmtask] "C:\Programmi\Musicmatch\Musicmatch Jukebox\mmtask.exe" O4 - HKLM\..\Run: [WinService32] svchost O4 - HKLM\..\Run: [WinLiveUpdate] C:\Programmi\File comuni\Microsoft Shared\DAO\system32_\svchost.exe O4 - HKLM\..\Run: [Windows LSASS Service] C:\Programmi\File comuni\Microsoft Shared\DAO\svchost.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Webshots.lnk = C:\Programmi\Webshots\Launcher.exe O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = VEGLASDOMAIN O17 - HKLM\Software\..\Telephony: DomainName = VEGLASDOMAIN O17 - HKLM\System\CCS\Services\Tcpip\..\{0343B7BA-FCFA-420F-B429-5F149A9E9408}: NameServer = 10.186.35.2,213.140.2.21 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = VEGLASDOMAIN O17 - HKLM\System\CS1\Services\Tcpip\..\{0343B7BA-FCFA-420F-B429-5F149A9E9408}: NameServer = 10.186.35.2,213.140.2.21 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = VEGLASDOMAIN O17 - HKLM\System\CS2\Services\Tcpip\..\{0343B7BA-FCFA-420F-B429-5F149A9E9408}: NameServer = 10.186.35.2,213.140.2.21 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programmi\Symantec AntiVirus\DefWatch.exe O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido anti-malware\ewidoguard.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programmi\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programmi\Symantec AntiVirus
__________________
PSN: gian73ska |
|
|
|
|
05-05-2006, 16:28
|
#2209 |
|
Senior Member
Iscritto dal: Jan 2006
Città: Lainate(Mi)
Messaggi: 5645
|
sorry hanno gia' risposto nell'altro 3d fate come se non avessi fatto niente
__________________
PSN: gian73ska |
|
|
|
|
05-05-2006, 19:24
|
#2210 |
|
Senior Member
Iscritto dal: Sep 2005
Città: Opinions are like assholes: anybody has one...
Messaggi: 34290
|
tra le altre cose gli O17 li toglierei per certo
se servono a qualcosa di utile ritornano da soli
__________________
Ну давай !! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Cina, bugiardo - stolen conto: non paghi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . NON CERCO PIU' UN ALIMENTATORE DECENTE ----------------> LINK |
|
|
|
|
08-05-2006, 14:50
|
#2211 |
|
Senior Member
Iscritto dal: May 2005
Città: Trieste
Messaggi: 3434
|
Che dite, sono pulito?
eventualmente mi potete dire cosa posso togliere per migliorare le prestazioni e ridurre le risorse occupate??? Logfile of HijackThis v1.99.1 Scan saved at 15.49.33, on 08/05/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Sygate\SPF\smc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programmi\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe C:\HP\KBD\KBD.EXE C:\Programmi\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\fxredir.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programmi\Skype\Phone\Skype.exe C:\Programmi\MSN Messenger\MsnMsgr.Exe C:\Programmi\eMule\emule.exe C:\Programmi\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe C:\Programmi\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\cisvc.exe C:\Programmi\Canon\MultiPASS4\MPSERVIC.EXE C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe C:\Programmi\Alwil Software\Avast4\ashWebSv.exe C:\Programmi\ATI Technologies\ATI.ACE\cli.exe C:\Programmi\ATI Technologies\ATI.ACE\cli.exe C:\Programmi\Canon\MultiPASS4\monitr32.exe C:\WINDOWS\system32\cidaemon.exe C:\Programmi\Mozilla Firefox\firefox.exe C:\Documents and Settings\Motomobile\Documenti\cureit.exe C:\DOCUME~1\MOTOMO~1\IMPOST~1\Temp\RarSFX0\_start.exe C:\DOCUME~1\MOTOMO~1\IMPOST~1\Temp\RarSFX0\cureit.exe C:\Documents and Settings\Motomobile\Documenti\Motomobile\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/oggi/index.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [Yahoo! Widget Engine] C:\Programmi\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [fxredir] C:\WINDOWS\system32\fxredir.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [monitr32] C:\Programmi\Canon\MultiPASS4\monitr32.exe I O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programmi\eMule\emule.exe -AutoStart O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: MpService - Canon Inc - C:\Programmi\Canon\MultiPASS4\MPSERVIC.EXE O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programmi\TuneUp Utilities 2006\WinStylerThemeSvc.exe
__________________
CASE: Antec Solo II | MOBO: Asus Sabertooth Z87 | CPU: Intel i7 4790K | COOLER: Noctua NH-D15 | RAM: G Skill 16Gb | GPU: nVidia GTX-1070 G1 | ROUTER: AVM7530 PSU: Seasonic P520 | AUDIO: Asus STX II | STORAGE: HDD ST2000DM001 + SSD 850 PRO 512Gb + DVDRAM LG GH24NS50 | LCD: Sony SDM-X72 | TV: Sony 32W4000 AMP: Marantz PM-KI Pearl | SPKR: Vienna Mozart Grand | DAC: Yulong DA8 | CABLE: WW Electra Platinum - Tasker C276 & RG59 BU - Chord Clearway Analogue
|
|
|
|
|
08-05-2006, 15:08
|
#2212 |
|
Senior Member
Iscritto dal: Mar 2006
Città: Saluzzo (Cuneo) - Trattative ok: 51
Messaggi: 3656
|
tutto ok
|
|
|
|
|
09-05-2006, 19:18
|
#2213 |
|
Member
Iscritto dal: Apr 2006
Messaggi: 105
|
Salve gente! L'ultima scansione del nod 32 mi ha dato un responso tremendo, segnalandomi più di un trojan
 . Essendo abbastanza inesperto non so più che pesci prendere...lo stesso nod non mi da opportunità!!! Mi consigliate qualche programma che sia veramente efficace o (dato che sicuramente tra voi ci sono persone molto esperte) c'è qualcosa da fare se non formattare il tutto??? Grazie 
|
|
|
|
|
09-05-2006, 19:28
|
#2214 |
|
Senior Member
Iscritto dal: Mar 2006
Città: Saluzzo (Cuneo) - Trattative ok: 51
Messaggi: 3656
|
posta il log di hijackthis che diamo 1occhiata
|
|
|
|
|
09-05-2006, 22:24
|
#2215 |
|
Member
Iscritto dal: Jun 2004
Città: reggio emilia
Messaggi: 186
|
controllo
Volevo chiedere a Stev_o su Emulesecurity ma visto che sei anche qui' ne approfitto Anticipo che non riesco piu' ad usare Esegui e Cerca quindi presumo sia un virus (credo ce ne sia qualcuno che da questi problemi)
A voi la sentenza Logfile of HijackThis v1.99.1 Scan saved at 23.15.02, on 09/05/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Avast4\aswUpdSv.exe C:\Programmi\Avast4\ashServ.exe C:\Programmi\cFosSpeed\spd.exe C:\Programmi\Executive Software\Diskeeper\DkService.exe C:\Programmi\Kerio\Personal Firewall 4\kpf4ss.exe C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programmi\Avast4\ashMaiSv.exe C:\Programmi\Avast4\ashWebSv.exe C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe C:\PROGRA~1\Avast4\ashDisp.exe C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe C:\Programmi\Analog Devices\SoundMAX\Smax4.exe C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe C:\Programmi\MessengerPlus! 3\MsgPlus.exe C:\Programmi\ASUSTek\ASUSDVD\PDVDServ.exe C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programmi\cFosSpeed\cfos_speed.exe C:\Programmi\Skype\Phone\Skype.exe C:\Programmi\Messenger\msmsgs.exe C:\Programmi\Logitech\SetPoint\SetPoint.exe C:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\paolo\Desktop\sicurezza\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\ASUSTek\ASUSDVD\PDVDServ.exe O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmi\Executive Software\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [cFosSpeed] C:\Programmi\cFosSpeed\cfos_speed.exe O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - Startup: Diskeeper 9 Professional Edition Registration.lnk = C:\Programmi\Diskeeper\ESIRegister.exe O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programmi\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Browser Adjustment - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1120289686937 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0A44DD32-8B24-45EF-ADB6-65842B378754}: NameServer = 193.70.192.25,193.70.152.25 O17 - HKLM\System\CS1\Services\Tcpip\..\{0A44DD32-8B24-45EF-ADB6-65842B378754}: NameServer = 193.70.192.25,193.70.152.25 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Programmi\cFosSpeed\spd.exe" -service (file missing) O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmi\Executive Software\Diskeeper\DkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Programmi\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe |
|
|
|
|
09-05-2006, 22:44
|
#2216 |
|
Member
Iscritto dal: Apr 2006
Messaggi: 94
|
aiuto
perfavore date un occhiata a questo log e ditemi cosa devo fixare
Logfile of HijackThis v1.99.1 Scan saved at 23.34.24, on 09/05/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe C:\WINDOWS\explorer.exe C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Programmi\ewido anti-malware\ewidoctrl.exe C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programmi\Eset\nod32krn.exe C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programmi\File comuni\Symantec Shared\ccApp.exe C:\Programmi\Eset\nod32kui.exe C:\Programmi\Messenger\msmsgs.exe C:\Programmi\VoipStunt.com\VoipStunt\VoipStunt.exe C:\Programmi\Corel\CorelDRAW Graphics Suite 13\Programs\CorelDRW.exe C:\Programmi\Skype\Phone\Skype.exe C:\Documents and Settings\Enzo\Documenti\My Skype Received Files\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.it R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR F2 - REG:system.ini: Shell=explorer.exe "C:\Programmi\File comuni\Microsoft Shared\Web Folders\ibm00001.exe" O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [VoipStunt] "C:\Programmi\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized O8 - Extra context menu item: &Cerca con Google - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Traduci parola in italiano - res://C:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Link a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O15 - Trusted Zone: www.1987324.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{07CEEF96-2B2A-4608-9D99-1326D268731B}: NameServer = 194.183.2.143 O17 - HKLM\System\CS1\Services\Tcpip\..\{07CEEF96-2B2A-4608-9D99-1326D268731B}: NameServer = 194.183.2.143 O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe |
|
|
|
|
09-05-2006, 23:38
|
#2217 |
|
Senior Member
Iscritto dal: Sep 2005
Città: Opinions are like assholes: anybody has one...
Messaggi: 34290
|
conred, il log è pulito almeno a quest'ora
 il problema potrebbe essere derivato da qualche installazione software: hai per caso installato framework?
__________________
Ну давай !! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Cina, bugiardo - stolen conto: non paghi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . NON CERCO PIU' UN ALIMENTATORE DECENTE ----------------> LINK |
|
|
|
|
09-05-2006, 23:42
|
#2218 |
|
Senior Member
Iscritto dal: Sep 2005
Città: Opinions are like assholes: anybody has one...
Messaggi: 34290
|
tequila fixa questi:
F2 - REG:system.ini: Shell=explorer.exe "C:\Programmi\File comuni\Microsoft Shared\Web Folders\ibm00001.exe" O15 - Trusted Zone: www.1987324.com O17 - HKLM\System\CCS\Services\Tcpip\..\{07CEEF96-2B2A-4608-9D99-1326D268731B}: NameServer = 194.183.2.143 O17 - HKLM\System\CS1\Services\Tcpip\..\{07CEEF96-2B2A-4608-9D99-1326D268731B}: NameServer = 194.183.2.143 il reo principale è il primo: http://www.liutilities.com/products/...rary/ibm00001/
__________________
Ну давай !! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Cina, bugiardo - stolen conto: non paghi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . NON CERCO PIU' UN ALIMENTATORE DECENTE ----------------> LINK |
|
|
|
|
10-05-2006, 10:22
|
#2219 |
|
Member
Iscritto dal: Apr 2006
Messaggi: 94
|
tante grazie Stev-O
ancora una cosa perfavore... il fix si fa in modalità provvisoria? o basta spuntare il quadratino corrispontente e dare il comando fix? grazie ancora
|
|
|
|
|
10-05-2006, 12:54
|
#2220 |
|
Senior Member
Iscritto dal: Mar 2006
Città: Saluzzo (Cuneo) - Trattative ok: 51
Messaggi: 3656
|
io lo faccio in modalità normale e poi si riavvia il sistema ed è tutto ok
|
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 04:31.
