HiJackThis - Analisi Log - leggere Regole di Sezione - Pagina 147

giustinoni · 31-07-2006, 09:36

Quote:

Originariamente inviato da juninho85

mi ricorda qualcuno un paio di anni fa

strano comunque che nè avast nè ewido abbiano rilevato il trojan.....hai provato a fare qualche scansione da modalità provvisoria?

Non ho capito la prima frase...Io un paio di anni fa non conoscevo HiJackThis o quasi, non penso di aver mai postato in questo Thread....

Si, ho fatto tutte le scansioni in modalità provvisoria, comunque sia avast che ewido continuavano a trovare un malware e un dialer ma non li cancellava in pratica..Nel senso che ogni volta ritornavano (e io ogni volta "Clean and quarantine" per ewido..mentre per avast "cancella")

juninho85 · 31-07-2006, 09:50

Quote:

Originariamente inviato da giustinoni

Non ho capito la prima frase...Io un paio di anni fa non conoscevo HiJackThis o quasi, non penso di aver mai postato in questo Thread....

era riferita al sottoscritto

giustinoni · 31-07-2006, 10:27

Quote:

Originariamente inviato da juninho85

era riferita al sottoscritto

Ah ecco ci ho pensato ma non ero sicuro

harry potter 87 · 31-07-2006, 18:03

lanciando hijackthis
mi dà queste voci,gli dareste un'occhiata?

Logfile of HijackThis v1.99.1
Scan saved at 18.58.29, on 31/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\Agnitum\Outpost Firewall\outpost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
D:\Programmi\VMware\VMware Workstation\vmware-authd.exe
C:\Programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Programmi\Winamp\winamp.exe
C:\PROGRA~1\MOZILL~2\THUNDE~1.EXE
C:\Programmi\SpeedFan\speedfan.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\gino\IMPOST~1\Temp\Rar$EX00.813\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Programmi\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Outpost Firewall Pro Regolazione rapida - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Programmi\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4ADAC531-79D2-4A2A-B510-C488DE509FF2}: NameServer = 192.168.1.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: msgplusloader.dll C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Programmi\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Programmi\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

sul sito mi dà
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe Check with an antivirus scanner Unknown
Unknown running process. (AcroRd32Info.exe)

Visitor's assessment: 4.25 (Safe) This is a unknown process
gli altri sono tutti verdi
che faccio?

andorra24 · 31-07-2006, 18:43

harry potter 87 il log e' pulito. Quella voce su cui hai dei dubbi e' legittima.

harry potter 87 · 31-07-2006, 18:50

Quote:

Originariamente inviato da andorra24

harry potter 87 il log e' pulito. Quella voce su cui hai dei dubbi e' legittima.

ok grazie mille

ad-aware e spy bot devo continuare ad usarli?

andorra24 · 31-07-2006, 18:55

Quote:

Originariamente inviato da harry potter 87

ok grazie mille

ad-aware e spy bot devo continuare ad usarli?

Adaware puoi toglierlo sicuramente e lo sostituisci con ewido:
http://www.ewido.net/
Spybot se vuoi lasciarlo lascialo, ha l'immunizzazione e altre opzioni ancora utili.

harry potter 87 · 31-07-2006, 20:23

Quote:

Originariamente inviato da andorra24

Adaware puoi toglierlo sicuramente e lo sostituisci con ewido:
http://www.ewido.net/
Spybot se vuoi lasciarlo lascialo, ha l'immunizzazione e altre opzioni ancora utili.

ok metto quello grazie

ho avg come antvirus (domani metto avast),firewall outpost, spy bot e HiJackThis ed ewido (tra un'attimo

)

diciamo che in 3 giorni ho fatto progressi (avevo solo avg e il "firewall" di xp sp2

)

andorra24 · 31-07-2006, 21:56

Quote:

Originariamente inviato da harry potter 87

ok metto quello grazie

ho avg come antvirus (domani metto avast),firewall outpost, spy bot e HiJackThis ed ewido (tra un'attimo

)

diciamo che in 3 giorni ho fatto progressi (avevo solo avg e il "firewall" di xp sp2

)

Mi sembra che il tuo equipaggiamento vada bene adesso.

giustinoni · 01-08-2006, 17:43

Ciao, sono ancora qui a rompervi per un log di una mia amica...Potete darci un'occhiata?
Grazie

Logfile of HijackThis v1.99.1
Scan saved at 18.38.22, on 01/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\ahead\InCD\InCD.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\IEHost34.exe
C:\WINDOWS\system32\vidctrl\vidctrl.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE
C:\Programmi\Reality Fusion\Reality Fusion GameCam SE\Program\RFTRay.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Francy\Desktop\Hjack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\SearchBar.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.virgilio.it/free
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.search-exe.com/nph-sea...ook=stmpl1&fw=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.search-exe.com/nph-sea...ook=stmpl1&fw=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-sea...ook=stmpl1&fw=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
R3 - URLSearchHook: (no name) - {B80FD673-33C8-6811-BEB4-43B6A9952993} - C:\WINDOWS\system32\vaii.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: Band Class - {00027925-0017-4faf-9539-90E4AC0B9EC5} - C:\WINDOWS\eltt.dll (file missing)
O2 - BHO: WebBho Class - {00041A26-7033-432C-94C7-6371DE343822} - C:\Programmi\se\v11\se.DLL (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: SmartPops Class - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} - C:\Programmi\Recommended Hotfix - 421701D\v15\RH.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: IE5BarLauncherBHO Class - {1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4} - C:\Programmi\e-zshopper\BarLcher.dll (file missing)
O2 - BHO: InstaFinder - {4E7BD74F-2B8D-469E-DCF7-F96DA086B434} - C:\WINDOWS\DOWNLO~1\instafin.dll
O2 - BHO: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~2\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: LinkTracker Class - {85A77577-A8CA-41b7-AA1E-DDAD4C0B12B1} - C:\WINDOWS\system32\hlwin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {911A1534-8E65-448E-92AE-E22D49F870C4} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {B80FD673-33C8-6811-BEB4-43B6A9952993} - C:\WINDOWS\system32\vaii.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O2 - BHO: CPub Object - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINDOWS\system32\bmbho.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Programmi\webHancer\programs\whiehlpr.dll
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Programmi\PeDevice\PeDev.dll
O2 - BHO: WebBar Class - {EE392A64-F30B-47C8-A363-CDA1CEC7DC1B} - C:\PROGRA~1\APPLIE~1\Bar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: e-zshopper 1.200 - {3D782BB3-F2A5-11D3-BF4C-000000000000} - C:\Programmi\e-zshopper\BarLcher.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Programmi\TheSearchAccelerator\UCMTSAIE.dll
O4 - HKLM\..\Run: [C-Media Speaker Configuration] C:\PROGRA~2\C-Media\WIN_ME\Setup.exe /SPEAKER
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Search-Exe] "C:\Programmi\se\v11\se.EXE" /H
O4 - HKLM\..\Run: [Prein] C:\DOCUME~1\tiffi\IMPOST~1\Temp\app4.tmp
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Programmi\Hotbar\bin\4.5.1.0\WeatherOnTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost34.exe
O4 - HKLM\..\Run: [Hotbar] C:\Programmi\Hotbar\bin\4.5.1.0\HbInst.exe /Upgrade
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\system32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Startup: Utilità controllo supporti di Cyber-shot Viewer.lnk = C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Porta Symantec Fax Starter Edition.lnk = C:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE
O4 - Global Startup: Reality Fusion GameCam SE.lnk = ?
O4 - Global Startup: updater.lnk = C:\Programmi\Common Files\updater\wupdater.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesit.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesit.dll
O9 - Extra button: eZshopper - {BFA03761-5565-41b3-93D9-82B354C0A8EC} - SHDOCVW.DLL (file missing)
O9 - Extra 'Tools' menuitem: e-zshopper - {BFA03761-5565-41b3-93D9-82B354C0A8EC} - SHDOCVW.DLL (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Broken Internet access because of LSP provider 'bmnet.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.virgilio.it/free
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: Yahoo! Chat 1.3 - http://jcs.chat.dcn.yahoo.com/c174/chat.cab
O16 - DPF: {00C7C2A0-8B82-11D1-8B57-00A0C98CD92B} (ActiveReports Viewer) - http://www.online.spal.it/arviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3B02AAA2-327C-40ED-A849-4BE819AE5385} (ImgSizer Control) - file://C:\Documents and Settings\tiffi\Impostazioni locali\Temp\~DlfnTmp0\imgSizer.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://stat.trafficadvance.net/dialer/304070.exe
O16 - DPF: {FFFF003C-0001-101A-A3C9-08002B2F49FB} - http://www.download-italia.com/60a001.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - {03974811-C15F-462c-B6B0-2D2336AA57D0} - C:\WINDOWS\system32\hlwin.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\rundll.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe

andorra24 · 01-08-2006, 18:08

giustinoni ma questa tua amica ha mai fatto una scansione in vita sua? Il suo log e' un macello.

Bisogna eliminare tutte queste voci:

C:\WINDOWS\System32\IEHost34.exe
C:\WINDOWS\system32\vidctrl\vidctrl.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\SearchBar.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.search-exe.com/nph-se...look=stmpl1&fw=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.search-exe.com/nph-se...look=stmpl1&fw=
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-se...look=stmpl1&fw=
R3 - URLSearchHook: (no name) - {B80FD673-33C8-6811-BEB4-43B6A9952993} - C:\WINDOWS\system32\vaii.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: Band Class - {00027925-0017-4faf-9539-90E4AC0B9EC5} - C:\WINDOWS\eltt.dll (file missing)
O2 - BHO: WebBho Class - {00041A26-7033-432C-94C7-6371DE343822} - C:\Programmi\se\v11\se.DLL (file missing)
O2 - BHO: SmartPops Class - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} - C:\Programmi\Recommended Hotfix - 421701D\v15\RH.DLL (file missing)
O2 - BHO: IE5BarLauncherBHO Class - {1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4} - C:\Programmi\e-zshopper\BarLcher.dll (file missing)
O2 - BHO: InstaFinder - {4E7BD74F-2B8D-469E-DCF7-F96DA086B434} - C:\WINDOWS\DOWNLO~1\instafin.dll
O2 - BHO: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~2\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: LinkTracker Class - {85A77577-A8CA-41b7-AA1E-DDAD4C0B12B1} - C:\WINDOWS\system32\hlwin.dll
O2 - BHO: (no name) - {911A1534-8E65-448E-92AE-E22D49F870C4} - (no file)
O2 - BHO: (no name) - {B80FD673-33C8-6811-BEB4-43B6A9952993} - C:\WINDOWS\system32\vaii.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Programmi\webHancer\programs\whiehlpr.dll
O2 - BHO: WebBar Class - {EE392A64-F30B-47C8-A363-CDA1CEC7DC1B} - C:\PROGRA~1\APPLIE~1\Bar.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: e-zshopper 1.200 - {3D782BB3-F2A5-11D3-BF4C-000000000000} - C:\Programmi\e-zshopper\BarLcher.dll (file missing)
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Programmi\TheSearchAccelerator\UCMTSAIE.dll
O4 - HKLM\..\Run: [Search-Exe] "C:\Programmi\se\v11\se.EXE" /H
O4 - HKLM\..\Run: [Prein] C:\DOCUME~1\tiffi\IMPOST~1\Temp\app4.tmp
O4 - HKLM\..\Run: [WeatherOnTray] C:\Programmi\Hotbar\bin\4.5.1.0\WeatherOnTray.exe
O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost34.exe
O4 - HKLM\..\Run: [Hotbar] C:\Programmi\Hotbar\bin\4.5.1.0\HbInst.exe /Upgrade
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\system32\vidctrl\vidctrl.exe
O4 - Global Startup: updater.lnk = C:\Programmi\Common Files\updater\wupdater.exe (se non conosci questa voce eliminala)
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing)
O9 - Extra button: eZshopper - {BFA03761-5565-41b3-93D9-82B354C0A8EC} - SHDOCVW.DLL (file missing)
O9 - Extra 'Tools' menuitem: e-zshopper - {BFA03761-5565-41b3-93D9-82B354C0A8EC} - SHDOCVW.DLL (file missing)
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Broken Internet access because of LSP provider 'bmnet.dll' missing
O16 - DPF: {3B02AAA2-327C-40ED-A849-4BE819AE5385} (ImgSizer Control) - file://C:\Documents and Settings\tiffi\Impostazioni locali\Temp\~DlfnTmp0\imgSizer.ocx
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://stat.trafficadvance.net/dialer/304070.exe

Bisogna fare un po' di scansioni:
http://www.grisoft.cz/softw/70/filed...4.0.0.172c.exe
http://www.superantispyware.com/down...NTISPYWAREFREE
ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe

Nephis · 01-08-2006, 18:08

//-----------------------------------------------------------------
//
// Product: BitDefender 8 Free Edition
// Version: 8.0
//
// Created on: 09/07/2006 15:23:44
//
//-----------------------------------------------------------------

Statistics

Scan path : C:\
Folders : 2072
Files : 498892
Archives : 2525
Packed files : 75425
Identified viruses : 0
Infected files : 0
Warnings : 0
Suspect files : 0
Disinfected files : 0
Deleted files : 0
Copied files : 0
Moved files : 0
Renamed files : 0
I/O errors : 25
Scan time : 00:51:01
Scan speed (files/sec) : 162

Virus definitions : 187164
Scan plugins : 13
Archive plugins : 39
Unpack plugins : 4
Mail plugins : 6
System plugins : 1

Scan options

Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user

Scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: vscan.log
[ ] Append to existing report

andorra24 · 01-08-2006, 18:11

Nephis in questo thread non c'entra nulla il log di bitdefender.

giustinoni · 01-08-2006, 18:45

Quote:

Originariamente inviato da andorra24

giustinoni ma questa tua amica ha mai fatto una scansione in vita sua? Il suo log e' un macello.

Si, da ignorante in materia di log di questo sw l'avevo capito anch'io...
Purtroppo usa Norton, AdAware è installato ma non so se lo faceva andare e stop...Almeno ultimamente usava FireFox

1000 grazie per il tempo che ci hai dedicato

andorra24 · 01-08-2006, 18:56

Quote:

Originariamente inviato da giustinoni

1000 grazie per il tempo che ci hai dedicato

Prego.

E mi raccomando di farle fare tutte le scansioni che ho indicato nel post precedente.

nonno_62 · 01-08-2006, 19:43

Nessuno mi controlla il log a pagina 140.

Ho ancora il problema con la cartella link che mi compare nei preferiti.

Nessuno ne sa nulla?

Saluti Nonno

juninho85 · 01-08-2006, 20:41

Quote:

Originariamente inviato da nonno_62

Nessuno mi controlla il log a pagina 140.

Ho ancora il problema con la cartella link che mi compare nei preferiti.

Nessuno ne sa nulla?

Saluti Nonno

ripostalo

673781 · 01-08-2006, 21:34

raga ho scoperto da poco il vostro programmino ecco il mio log..

qlk1 ke mi trova qlk cosa di nocivo al pc? processi inutile?? ecc
Logfile of HijackThis v1.99.1
Scan saved at 22.31.46, on 01/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
D:\eMule\emule.exe
C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\update.exe
C:\Programmi\StreamerOne\StreamerOne.exe
C:\Programmi\StreamerOne\StreamerOne.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE
C:\DOCUME~1\Snake\IMPOST~1\Temp\Rar$EX00.266\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ig?hl=it
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Programmi\Xi\NetTransport 2\NTIEHelper.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SmartGuardian] C:\Programmi\ITE\Smart Guardian\ITESmart.exe
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Programmi\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Update 4300C] C:\Programmi\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\update.exe 4300C+
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] D:\eMule\emule.exe -AutoStart
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Salva oggetto con Net Transport - C:\Programmi\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Salva tutti gli oggetti con Net Transport - C:\Programmi\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EDEF802B-E8A4-4C5D-BD1A-88E5E7D001B4}: NameServer = 213.205.36.70 213.205.32.70
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: kavsvc - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

andorra24 · 01-08-2006, 22:04

673781 il log e' pulito.

nonno_62 · 03-08-2006, 21:33

Eccovi accontentati: RIPOSTATO

-------------------------------
Il problema persiste è di nuovo apparsa la cartella link nei preferiti

Vi mostro lo schermo

http://img61.imageshack.us/img61/5830/schermo6hh.jpg

Vi riposto il listato di hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 2.03.53, on 15/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Programmi\SAMSUNG\FW LiveUpdate\Liveupdate.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Programmi\Trust\Ami Mouse 250S Cordless\Amoumain.exe
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Creative\MediaSource\Detector\CTDetect.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\Windows Media Player\wmplayer.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Stefanoy\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [Name of App] C:\Programmi\SAMSUNG\FW LiveUpdate\Liveupdate.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [EPSON Stylus C42 Series (Copia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P33 "EPSON Stylus C42 Series (Copia 1)" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Programmi\Creative\MediaSource\Detector\CTDetect.exe /R
O17 - HKLM\System\CCS\Services\Tcpip\..\{38B87982-3C0C-428C-9E46-A8E566614D9A}: NameServer = 62.211.69.150,212.48.4.15
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Ethernet Packet Service (npacketservice) - Nokia - C:\WINDOWS\system32\npacketsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe

Idee? .... Potrebbe essere la libreria shell32.dll?

per ultimo vi mostro la situazione di porte attive e dei task attivi con e senza internet explorer aperto:

--------------------------------------------------------------
15/07/2004 problema di apertura cartella link su preferiti
explorer non attivato

Connessioni attive

Proto Indirizzo locale Indirizzo esterno Stato PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1132
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:1030 0.0.0.0:0 LISTENING 684
TCP 127.0.0.1:1034 0.0.0.0:0 LISTENING 2864
TCP 192.168.1.63:139 0.0.0.0:0 LISTENING 4
UDP 0.0.0.0:445 *:* 4
UDP 0.0.0.0:500 *:* 892
UDP 0.0.0.0:1025 *:* 1324
UDP 0.0.0.0:1060 *:* 1324
UDP 0.0.0.0:1138 *:* 1324
UDP 0.0.0.0:1216 *:* 1324
UDP 0.0.0.0:4500 *:* 892
UDP 127.0.0.1:123 *:* 1196
UDP 127.0.0.1:1900 *:* 1492
UDP 192.168.1.63:123 *:* 1196
UDP 192.168.1.63:137 *:* 4
UDP 192.168.1.63:138 *:* 4
UDP 192.168.1.63:1900 *:* 1492
UDP 192.168.1.63:2051 *:* 420

Nome immagine PID Servizi
========================= ====== =============================================
System Idle Process 0 N/D
System 4 N/D
SMSS.EXE 536 N/D
CSRSS.EXE 808 N/D
WINLOGON.EXE 832 N/D
SERVICES.EXE 880 Eventlog, PlugPlay
LSASS.EXE 892 PolicyAgent, ProtectedStorage, SamSs
ATI2EVXX.EXE 1044 Ati HotKey Poller
SVCHOST.EXE 1060 DcomLaunch, TermService
SVCHOST.EXE 1132 RpcSs
SVCHOST.EXE 1196 AudioSrv, Browser, CryptSvc, Dhcp, dmserver,
ERSvc, EventSystem,
FastUserSwitchingCompatibility, helpsvc,
lanmanserver, lanmanworkstation, Netman,
Nla, RasMan, Schedule, seclogon, SENS,
SharedAccess, ShellHWDetection, srservice,
TapiSrv, Themes, TrkWks, W32Time, winmgmt,
wscsvc, wuauserv, WZCSVC
SVCHOST.EXE 1324 Dnscache
SVCHOST.EXE 1492 LmHosts, RemoteRegistry, SSDPSRV, WebClient
EXPLORER.EXE 1516 N/D
SPOOLSV.EXE 1812 Spooler
AVGAMSVR.EXE 1948 Avg7Alrt
AVGUPSVC.EXE 2024 Avg7UpdSvc
SVCHOST.EXE 284 BthServ
SAgent2.exe 420 EPSONStatusAgent2
INETINFO.EXE 684 IISADMIN
SMAgent.exe 752 SoundMAX Agent Service (default)
SVCHOST.EXE 1244 stisvc
VSMON.EXE 1604 vsmon
Liveupdate.exe 1644 N/D
ZLCLIENT.EXE 1652 N/D
Amoumain.exe 1696 N/D
TRAYAP~1.EXE 1856 N/D
GSICON.EXE 936 N/D
DSLAGENT.EXE 164 N/D
DATALA~1.EXE 188 N/D
RUNDLL32.EXE 160 N/D
AVGCC.EXE 216 N/D
ATIPTAXX.EXE 256 N/D
CTFMON.EXE 280 N/D
CTDetect.exe 440 N/D
SERVIC~1.EXE 612 N/D
alg.exe 2864 ALG
cmd.exe 2132 N/D
NOTEPAD.EXE 3632 N/D
tasklist.exe 3928 N/D
wmiprvse.exe 3716 N/D

15/07/2004 problema di apertura cartella link su preferiti
explorer attivato

Proto Indirizzo locale Indirizzo esterno Stato PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1132
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:1030 0.0.0.0:0 LISTENING 684
TCP 127.0.0.1:1034 0.0.0.0:0 LISTENING 2864
TCP 192.168.1.63:139 0.0.0.0:0 LISTENING 4
TCP 192.168.1.63:1632 66.249.91.104:80 ESTABLISHED 4028
TCP 192.168.1.63:1636 66.249.85.99:80 ESTABLISHED 4028
TCP 192.168.1.63:1637 38.99.76.17:80 TIME_WAIT 0
TCP 192.168.1.63:1647 38.99.76.77:80 TIME_WAIT 0
UDP 0.0.0.0:445 *:* 4
UDP 0.0.0.0:500 *:* 892
UDP 0.0.0.0:1025 *:* 1324
UDP 0.0.0.0:1060 *:* 1324
UDP 0.0.0.0:1138 *:* 1324
UDP 0.0.0.0:1216 *:* 1324
UDP 0.0.0.0:4500 *:* 892
UDP 127.0.0.1:123 *:* 1196
UDP 127.0.0.1:1627 *:* 4028
UDP 127.0.0.1:1900 *:* 1492
UDP 192.168.1.63:123 *:* 1196
UDP 192.168.1.63:137 *:* 4
UDP 192.168.1.63:138 *:* 4
UDP 192.168.1.63:1900 *:* 1492
UDP 192.168.1.63:2051 *:* 420

Nome immagine PID Servizi
========================= ====== =============================================
System Idle Process 0 N/D
System 4 N/D
SMSS.EXE 536 N/D
CSRSS.EXE 808 N/D
WINLOGON.EXE 832 N/D
SERVICES.EXE 880 Eventlog, PlugPlay
LSASS.EXE 892 PolicyAgent, ProtectedStorage, SamSs
ATI2EVXX.EXE 1044 Ati HotKey Poller
SVCHOST.EXE 1060 DcomLaunch, TermService
SVCHOST.EXE 1132 RpcSs
SVCHOST.EXE 1196 AudioSrv, Browser, CryptSvc, Dhcp, dmserver,
ERSvc, EventSystem,
FastUserSwitchingCompatibility, helpsvc,
lanmanserver, lanmanworkstation, Netman,
Nla, RasMan, Schedule, seclogon, SENS,
SharedAccess, ShellHWDetection, srservice,
TapiSrv, Themes, TrkWks, W32Time, winmgmt,
wscsvc, wuauserv, WZCSVC
SVCHOST.EXE 1324 Dnscache
SVCHOST.EXE 1492 LmHosts, RemoteRegistry, SSDPSRV, WebClient
EXPLORER.EXE 1516 N/D
SPOOLSV.EXE 1812 Spooler
AVGAMSVR.EXE 1948 Avg7Alrt
AVGUPSVC.EXE 2024 Avg7UpdSvc
SVCHOST.EXE 284 BthServ
SAgent2.exe 420 EPSONStatusAgent2
INETINFO.EXE 684 IISADMIN
SMAgent.exe 752 SoundMAX Agent Service (default)
SVCHOST.EXE 1244 stisvc
VSMON.EXE 1604 vsmon
Liveupdate.exe 1644 N/D
ZLCLIENT.EXE 1652 N/D
Amoumain.exe 1696 N/D
TRAYAP~1.EXE 1856 N/D
GSICON.EXE 936 N/D
DSLAGENT.EXE 164 N/D
DATALA~1.EXE 188 N/D
RUNDLL32.EXE 160 N/D
AVGCC.EXE 216 N/D
ATIPTAXX.EXE 256 N/D
CTFMON.EXE 280 N/D
CTDetect.exe 440 N/D
SERVIC~1.EXE 612 N/D
alg.exe 2864 ALG
NOTEPAD.EXE 3632 N/D
IEXPLORE.EXE 4028 N/D
cmd.exe 800 N/D
NOTEPAD.EXE 1348 N/D
tasklist.exe 3352 N/D
wmiprvse.exe 3788 N/D
------------------------------------------------

Saluti Nonno

31-07-2006, 18:03	#2924
harry potter 87 Member Iscritto dal: Jul 2006 Messaggi: 38	lanciando hijackthis mi dà queste voci,gli dareste un'occhiata? Logfile of HijackThis v1.99.1 Scan saved at 18.58.29, on 31/07/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Programmi\Agnitum\Outpost Firewall\outpost.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe D:\Programmi\VMware\VMware Workstation\vmware-authd.exe C:\Programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe C:\WINDOWS\system32\vmnat.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\WINDOWS\Explorer.EXE C:\Programmi\Synaptics\SynTP\SynTPLpr.exe C:\Programmi\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\VTtrayp.exe C:\WINDOWS\system32\VTTimer.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe C:\Programmi\MSN Messenger\msnmsgr.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Programmi\Winamp\winamp.exe C:\PROGRA~1\MOZILL~2\THUNDE~1.EXE C:\Programmi\SpeedFan\speedfan.exe C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe C:\Programmi\WinRAR\WinRAR.exe C:\DOCUME~1\gino\IMPOST~1\Temp\Rar$EX00.813\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe /waitservice O4 - HKLM\..\Run: [OutpostFeedBack] C:\Programmi\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Outpost Firewall Pro Regolazione rapida - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Programmi\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{4ADAC531-79D2-4A2A-B510-C488DE509FF2}: NameServer = 192.168.1.1 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: msgplusloader.dll C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Programmi\Agnitum\Outpost Firewall\outpost.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDSched.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Programmi\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe sul sito mi dà C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe Check with an antivirus scanner Unknown Unknown running process. (AcroRd32Info.exe) Visitor's assessment: 4.25 (Safe) This is a unknown process gli altri sono tutti verdi che faccio? __________________

01-08-2006, 17:43	#2930
giustinoni Senior Member Iscritto dal: Feb 2004 Messaggi: 2147	Ciao, sono ancora qui a rompervi per un log di una mia amica...Potete darci un'occhiata? Grazie Logfile of HijackThis v1.99.1 Scan saved at 18.38.22, on 01/08/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\bmwebcfg.exe C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe C:\Programmi\Norton AntiVirus\navapsvc.exe C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDll32.exe C:\Programmi\ahead\InCD\InCD.exe C:\WINDOWS\AGRSMMSG.exe C:\Programmi\File comuni\Symantec Shared\ccApp.exe C:\WINDOWS\System32\IEHost34.exe C:\WINDOWS\system32\vidctrl\vidctrl.exe C:\WINDOWS\system32\rundll32.exe C:\Programmi\Messenger\msmsgs.exe C:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE C:\Programmi\Reality Fusion\Reality Fusion GameCam SE\Program\RFTRay.exe C:\WINDOWS\system32\wuauclt.exe C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\taskmgr.exe C:\Documents and Settings\Francy\Desktop\Hjack this\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\SearchBar.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.virgilio.it/free R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.search-exe.com/nph-sea...ook=stmpl1&fw= R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.search-exe.com/nph-sea...ook=stmpl1&fw= R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-sea...ook=stmpl1&fw= R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll R3 - URLSearchHook: (no name) - {B80FD673-33C8-6811-BEB4-43B6A9952993} - C:\WINDOWS\system32\vaii.dll R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com O2 - BHO: Band Class - {00027925-0017-4faf-9539-90E4AC0B9EC5} - C:\WINDOWS\eltt.dll (file missing) O2 - BHO: WebBho Class - {00041A26-7033-432C-94C7-6371DE343822} - C:\Programmi\se\v11\se.DLL (file missing) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: SmartPops Class - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} - C:\Programmi\Recommended Hotfix - 421701D\v15\RH.DLL (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: IE5BarLauncherBHO Class - {1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4} - C:\Programmi\e-zshopper\BarLcher.dll (file missing) O2 - BHO: InstaFinder - {4E7BD74F-2B8D-469E-DCF7-F96DA086B434} - C:\WINDOWS\DOWNLO~1\instafin.dll O2 - BHO: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~2\BHO\INCFIN~1.DLL (file missing) O2 - BHO: LinkTracker Class - {85A77577-A8CA-41b7-AA1E-DDAD4C0B12B1} - C:\WINDOWS\system32\hlwin.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {911A1534-8E65-448E-92AE-E22D49F870C4} - (no file) O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: (no name) - {B80FD673-33C8-6811-BEB4-43B6A9952993} - C:\WINDOWS\system32\vaii.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll O2 - BHO: CPub Object - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINDOWS\system32\bmbho.dll O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Programmi\webHancer\programs\whiehlpr.dll O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Programmi\PeDevice\PeDev.dll O2 - BHO: WebBar Class - {EE392A64-F30B-47C8-A363-CDA1CEC7DC1B} - C:\PROGRA~1\APPLIE~1\Bar.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file) O3 - Toolbar: e-zshopper 1.200 - {3D782BB3-F2A5-11D3-BF4C-000000000000} - C:\Programmi\e-zshopper\BarLcher.dll (file missing) O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Programmi\TheSearchAccelerator\UCMTSAIE.dll O4 - HKLM\..\Run: [C-Media Speaker Configuration] C:\PROGRA~2\C-Media\WIN_ME\Setup.exe /SPEAKER O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [InCD] C:\Programmi\ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [Search-Exe] "C:\Programmi\se\v11\se.EXE" /H O4 - HKLM\..\Run: [Prein] C:\DOCUME~1\tiffi\IMPOST~1\Temp\app4.tmp O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [WeatherOnTray] C:\Programmi\Hotbar\bin\4.5.1.0\WeatherOnTray.exe O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost34.exe O4 - HKLM\..\Run: [Hotbar] C:\Programmi\Hotbar\bin\4.5.1.0\HbInst.exe /Upgrade O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\system32\vidctrl\vidctrl.exe O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar O4 - HKCU\..\Run: [msnmsgr] ~"C:\Programmi\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - Startup: Utilità controllo supporti di Cyber-shot Viewer.lnk = C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Porta Symantec Fax Starter Edition.lnk = C:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE O4 - Global Startup: Reality Fusion GameCam SE.lnk = ? O4 - Global Startup: updater.lnk = C:\Programmi\Common Files\updater\wupdater.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing) O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing) O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesit.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesit.dll O9 - Extra button: eZshopper - {BFA03761-5565-41b3-93D9-82B354C0A8EC} - SHDOCVW.DLL (file missing) O9 - Extra 'Tools' menuitem: e-zshopper - {BFA03761-5565-41b3-93D9-82B354C0A8EC} - SHDOCVW.DLL (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer O10 - Broken Internet access because of LSP provider 'bmnet.dll' missing O14 - IERESET.INF: START_PAGE_URL=http://www.virgilio.it/free O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab O16 - DPF: Yahoo! Chat 1.3 - http://jcs.chat.dcn.yahoo.com/c174/chat.cab O16 - DPF: {00C7C2A0-8B82-11D1-8B57-00A0C98CD92B} (ActiveReports Viewer) - http://www.online.spal.it/arviewer.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll O16 - DPF: {3B02AAA2-327C-40ED-A849-4BE819AE5385} (ImgSizer Control) - file://C:\Documents and Settings\tiffi\Impostazioni locali\Temp\~DlfnTmp0\imgSizer.ocx O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://stat.trafficadvance.net/dialer/304070.exe O16 - DPF: {FFFF003C-0001-101A-A3C9-08002B2F49FB} - http://www.download-italia.com/60a001.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter: text/html - {03974811-C15F-462c-B6B0-2D2336AA57D0} - C:\WINDOWS\system32\hlwin.dll O20 - AppInit_DLLs: C:\WINDOWS\system32\rundll.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe __________________ i5-7500, Asrock H270M Pro4, Kingston DDR4 2133 16GB C14, Enermax Triathlor ECO ETL450AWT-M, SSD M.2 Samsung 950PRO 512GB, Dell 2408WFP

01-08-2006, 18:08	#2932
Nephis Junior Member Iscritto dal: Jun 2006 Città: Padova Messaggi: 16	Log //----------------------------------------------------------------- // // Product: BitDefender 8 Free Edition // Version: 8.0 // // Created on: 09/07/2006 15:23:44 // //----------------------------------------------------------------- Statistics Scan path : C:\ Folders : 2072 Files : 498892 Archives : 2525 Packed files : 75425 Identified viruses : 0 Infected files : 0 Warnings : 0 Suspect files : 0 Disinfected files : 0 Deleted files : 0 Copied files : 0 Moved files : 0 Renamed files : 0 I/O errors : 25 Scan time : 00:51:01 Scan speed (files/sec) : 162 Virus definitions : 187164 Scan plugins : 13 Archive plugins : 39 Unpack plugins : 4 Mail plugins : 6 System plugins : 1 Scan options Detection [X] Scan boot sectors [X] Scan archives [X] Scan packed files [X] Scan email File mask [ ] Programs [X] All files [ ] User defined extensions: [ ] Exclude extensions: ; Action Infected objects [ ] Ignore [X] Disinfect [ ] Delete [ ] Copy to quarantine [ ] Move to quarantine [ ] Rename [ ] Prompt user Second action [ ] Ignore [ ] Delete [ ] Copy to quarantine [X] Move to quarantine [ ] Rename [ ] Prompt user Scan options [X] Enable warnings [X] Enable heuristics [ ] Show all files in log [X] Report file: vscan.log [ ] Append to existing report

01-08-2006, 21:34	#2938
673781 Senior Member Iscritto dal: Dec 2005 Messaggi: 944	raga ho scoperto da poco il vostro programmino ecco il mio log.. qlk1 ke mi trova qlk cosa di nocivo al pc? processi inutile?? ecc Logfile of HijackThis v1.99.1 Scan saved at 22.31.46, on 01/08/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\CTHELPER.EXE C:\Programmi\ATI Technologies\ATI.ACE\cli.exe D:\eMule\emule.exe C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Programmi\ATI Technologies\ATI.ACE\cli.exe C:\Programmi\ATI Technologies\ATI.ACE\cli.exe C:\Programmi\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\update.exe C:\Programmi\StreamerOne\StreamerOne.exe C:\Programmi\StreamerOne\StreamerOne.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\Programmi\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE C:\DOCUME~1\Snake\IMPOST~1\Temp\Rar$EX00.266\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ig?hl=it R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Programmi\Xi\NetTransport 2\NTIEHelper.dll O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [SmartGuardian] C:\Programmi\ITE\Smart Guardian\ITESmart.exe O4 - HKLM\..\Run: [amd_dc_opt] "C:\Programmi\AMD\amd_dc_opt\amd_dc_opt.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [Update 4300C] C:\Programmi\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\update.exe 4300C+ O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [eMuleAutoStart] D:\eMule\emule.exe -AutoStart O4 - Global Startup: DSLMON.lnk = ? O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Salva oggetto con Net Transport - C:\Programmi\Xi\NetTransport 2\NTAddLink.html O8 - Extra context menu item: Salva tutti gli oggetti con Net Transport - C:\Programmi\Xi\NetTransport 2\NTAddList.html O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{EDEF802B-E8A4-4C5D-BD1A-88E5E7D001B4}: NameServer = 213.205.36.70 213.205.32.70 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing) O23 - Service: kavsvc - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe __________________ HO CONCLUSO OTTIMAMENTE CN FiScHia,Maerlin,The Nameless one,kondor32,khry,luposav,Shin82,ArTaX ThE ElF,Naufr4g0,BailA,The Doctor74,mnmjm,Crim_90,Fnac;

31-07-2006, 18:43	#2925
andorra24 Senior Member Iscritto dal: May 2005 Città: Palermo Messaggi: 6390	harry potter 87 il log e' pulito. Quella voce su cui hai dei dubbi e' legittima.

01-08-2006, 18:08	#2931
andorra24 Senior Member Iscritto dal: May 2005 Città: Palermo Messaggi: 6390	giustinoni ma questa tua amica ha mai fatto una scansione in vita sua? Il suo log e' un macello. Bisogna eliminare tutte queste voci: C:\WINDOWS\System32\IEHost34.exe C:\WINDOWS\system32\vidctrl\vidctrl.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\SearchBar.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.search-exe.com/nph-se...look=stmpl1&fw= R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.search-exe.com/nph-se...look=stmpl1&fw= R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-se...look=stmpl1&fw= R3 - URLSearchHook: (no name) - {B80FD673-33C8-6811-BEB4-43B6A9952993} - C:\WINDOWS\system32\vaii.dll R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com O2 - BHO: Band Class - {00027925-0017-4faf-9539-90E4AC0B9EC5} - C:\WINDOWS\eltt.dll (file missing) O2 - BHO: WebBho Class - {00041A26-7033-432C-94C7-6371DE343822} - C:\Programmi\se\v11\se.DLL (file missing) O2 - BHO: SmartPops Class - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} - C:\Programmi\Recommended Hotfix - 421701D\v15\RH.DLL (file missing) O2 - BHO: IE5BarLauncherBHO Class - {1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4} - C:\Programmi\e-zshopper\BarLcher.dll (file missing) O2 - BHO: InstaFinder - {4E7BD74F-2B8D-469E-DCF7-F96DA086B434} - C:\WINDOWS\DOWNLO~1\instafin.dll O2 - BHO: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~2\BHO\INCFIN~1.DLL (file missing) O2 - BHO: LinkTracker Class - {85A77577-A8CA-41b7-AA1E-DDAD4C0B12B1} - C:\WINDOWS\system32\hlwin.dll O2 - BHO: (no name) - {911A1534-8E65-448E-92AE-E22D49F870C4} - (no file) O2 - BHO: (no name) - {B80FD673-33C8-6811-BEB4-43B6A9952993} - C:\WINDOWS\system32\vaii.dll O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Programmi\webHancer\programs\whiehlpr.dll O2 - BHO: WebBar Class - {EE392A64-F30B-47C8-A363-CDA1CEC7DC1B} - C:\PROGRA~1\APPLIE~1\Bar.dll O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file) O3 - Toolbar: e-zshopper 1.200 - {3D782BB3-F2A5-11D3-BF4C-000000000000} - C:\Programmi\e-zshopper\BarLcher.dll (file missing) O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Programmi\TheSearchAccelerator\UCMTSAIE.dll O4 - HKLM\..\Run: [Search-Exe] "C:\Programmi\se\v11\se.EXE" /H O4 - HKLM\..\Run: [Prein] C:\DOCUME~1\tiffi\IMPOST~1\Temp\app4.tmp O4 - HKLM\..\Run: [WeatherOnTray] C:\Programmi\Hotbar\bin\4.5.1.0\WeatherOnTray.exe O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost34.exe O4 - HKLM\..\Run: [Hotbar] C:\Programmi\Hotbar\bin\4.5.1.0\HbInst.exe /Upgrade O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\system32\vidctrl\vidctrl.exe O4 - Global Startup: updater.lnk = C:\Programmi\Common Files\updater\wupdater.exe (se non conosci questa voce eliminala) O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing) O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing) O9 - Extra button: eZshopper - {BFA03761-5565-41b3-93D9-82B354C0A8EC} - SHDOCVW.DLL (file missing) O9 - Extra 'Tools' menuitem: e-zshopper - {BFA03761-5565-41b3-93D9-82B354C0A8EC} - SHDOCVW.DLL (file missing) O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer O10 - Broken Internet access because of LSP provider 'bmnet.dll' missing O16 - DPF: {3B02AAA2-327C-40ED-A849-4BE819AE5385} (ImgSizer Control) - file://C:\Documents and Settings\tiffi\Impostazioni locali\Temp\~DlfnTmp0\imgSizer.ocx O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://stat.trafficadvance.net/dialer/304070.exe Bisogna fare un po' di scansioni: http://www.grisoft.cz/softw/70/filed...4.0.0.172c.exe http://www.superantispyware.com/down...NTISPYWAREFREE ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe

01-08-2006, 18:11	#2933
andorra24 Senior Member Iscritto dal: May 2005 Città: Palermo Messaggi: 6390	Nephis in questo thread non c'entra nulla il log di bitdefender.

01-08-2006, 19:43	#2936
nonno_62 Junior Member Iscritto dal: Jul 2006 Messaggi: 25	Nessuno mi controlla il log a pagina 140. Ho ancora il problema con la cartella link che mi compare nei preferiti. Nessuno ne sa nulla? Saluti Nonno

01-08-2006, 22:04	#2939
andorra24 Senior Member Iscritto dal: May 2005 Città: Palermo Messaggi: 6390	673781 il log e' pulito.

03-08-2006, 21:33	#2940
nonno_62 Junior Member Iscritto dal: Jul 2006 Messaggi: 25	Eccovi accontentati: RIPOSTATO ------------------------------- Il problema persiste è di nuovo apparsa la cartella link nei preferiti Vi mostro lo schermo http://img61.imageshack.us/img61/5830/schermo6hh.jpg Vi riposto il listato di hijackthis Logfile of HijackThis v1.99.1 Scan saved at 2.03.53, on 15/07/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe C:\Programmi\SAMSUNG\FW LiveUpdate\Liveupdate.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe C:\Programmi\Trust\Ami Mouse 250S Cordless\Amoumain.exe C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE C:\WINDOWS\system32\GSICON.EXE C:\WINDOWS\system32\dslagent.exe C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Creative\MediaSource\Detector\CTDetect.exe C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE C:\Programmi\Windows Media Player\wmplayer.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Documents and Settings\Stefanoy\Desktop\HijackThis.exe O4 - HKLM\..\Run: [Name of App] C:\Programmi\SAMSUNG\FW LiveUpdate\Liveupdate.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE O4 - HKLM\..\Run: [EPSON Stylus C42 Series (Copia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P33 "EPSON Stylus C42 Series (Copia 1)" /O6 "USB001" /M "Stylus C42" O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Creative Detector] C:\Programmi\Creative\MediaSource\Detector\CTDetect.exe /R O17 - HKLM\System\CCS\Services\Tcpip\..\{38B87982-3C0C-428C-9E46-A8E566614D9A}: NameServer = 62.211.69.150,212.48.4.15 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe O23 - Service: Ethernet Packet Service (npacketservice) - Nokia - C:\WINDOWS\system32\npacketsvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe Idee? .... Potrebbe essere la libreria shell32.dll? per ultimo vi mostro la situazione di porte attive e dei task attivi con e senza internet explorer aperto: -------------------------------------------------------------- 15/07/2004 problema di apertura cartella link su preferiti explorer non attivato Connessioni attive Proto Indirizzo locale Indirizzo esterno Stato PID TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1132 TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:1030 0.0.0.0:0 LISTENING 684 TCP 127.0.0.1:1034 0.0.0.0:0 LISTENING 2864 TCP 192.168.1.63:139 0.0.0.0:0 LISTENING 4 UDP 0.0.0.0:445 : 4 UDP 0.0.0.0:500 : 892 UDP 0.0.0.0:1025 : 1324 UDP 0.0.0.0:1060 : 1324 UDP 0.0.0.0:1138 : 1324 UDP 0.0.0.0:1216 : 1324 UDP 0.0.0.0:4500 : 892 UDP 127.0.0.1:123 : 1196 UDP 127.0.0.1:1900 : 1492 UDP 192.168.1.63:123 : 1196 UDP 192.168.1.63:137 : 4 UDP 192.168.1.63:138 : 4 UDP 192.168.1.63:1900 : 1492 UDP 192.168.1.63:2051 : 420 Nome immagine PID Servizi ========================= ====== ============================================= System Idle Process 0 N/D System 4 N/D SMSS.EXE 536 N/D CSRSS.EXE 808 N/D WINLOGON.EXE 832 N/D SERVICES.EXE 880 Eventlog, PlugPlay LSASS.EXE 892 PolicyAgent, ProtectedStorage, SamSs ATI2EVXX.EXE 1044 Ati HotKey Poller SVCHOST.EXE 1060 DcomLaunch, TermService SVCHOST.EXE 1132 RpcSs SVCHOST.EXE 1196 AudioSrv, Browser, CryptSvc, Dhcp, dmserver, ERSvc, EventSystem, FastUserSwitchingCompatibility, helpsvc, lanmanserver, lanmanworkstation, Netman, Nla, RasMan, Schedule, seclogon, SENS, SharedAccess, ShellHWDetection, srservice, TapiSrv, Themes, TrkWks, W32Time, winmgmt, wscsvc, wuauserv, WZCSVC SVCHOST.EXE 1324 Dnscache SVCHOST.EXE 1492 LmHosts, RemoteRegistry, SSDPSRV, WebClient EXPLORER.EXE 1516 N/D SPOOLSV.EXE 1812 Spooler AVGAMSVR.EXE 1948 Avg7Alrt AVGUPSVC.EXE 2024 Avg7UpdSvc SVCHOST.EXE 284 BthServ SAgent2.exe 420 EPSONStatusAgent2 INETINFO.EXE 684 IISADMIN SMAgent.exe 752 SoundMAX Agent Service (default) SVCHOST.EXE 1244 stisvc VSMON.EXE 1604 vsmon Liveupdate.exe 1644 N/D ZLCLIENT.EXE 1652 N/D Amoumain.exe 1696 N/D TRAYAP~1.EXE 1856 N/D GSICON.EXE 936 N/D DSLAGENT.EXE 164 N/D DATALA~1.EXE 188 N/D RUNDLL32.EXE 160 N/D AVGCC.EXE 216 N/D ATIPTAXX.EXE 256 N/D CTFMON.EXE 280 N/D CTDetect.exe 440 N/D SERVIC~1.EXE 612 N/D alg.exe 2864 ALG cmd.exe 2132 N/D NOTEPAD.EXE 3632 N/D tasklist.exe 3928 N/D wmiprvse.exe 3716 N/D 15/07/2004 problema di apertura cartella link su preferiti explorer attivato Proto Indirizzo locale Indirizzo esterno Stato PID TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1132 TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:1030 0.0.0.0:0 LISTENING 684 TCP 127.0.0.1:1034 0.0.0.0:0 LISTENING 2864 TCP 192.168.1.63:139 0.0.0.0:0 LISTENING 4 TCP 192.168.1.63:1632 66.249.91.104:80 ESTABLISHED 4028 TCP 192.168.1.63:1636 66.249.85.99:80 ESTABLISHED 4028 TCP 192.168.1.63:1637 38.99.76.17:80 TIME_WAIT 0 TCP 192.168.1.63:1647 38.99.76.77:80 TIME_WAIT 0 UDP 0.0.0.0:445 : 4 UDP 0.0.0.0:500 : 892 UDP 0.0.0.0:1025 : 1324 UDP 0.0.0.0:1060 : 1324 UDP 0.0.0.0:1138 : 1324 UDP 0.0.0.0:1216 : 1324 UDP 0.0.0.0:4500 : 892 UDP 127.0.0.1:123 : 1196 UDP 127.0.0.1:1627 : 4028 UDP 127.0.0.1:1900 : 1492 UDP 192.168.1.63:123 : 1196 UDP 192.168.1.63:137 : 4 UDP 192.168.1.63:138 : 4 UDP 192.168.1.63:1900 : 1492 UDP 192.168.1.63:2051 : 420 Nome immagine PID Servizi ========================= ====== ============================================= System Idle Process 0 N/D System 4 N/D SMSS.EXE 536 N/D CSRSS.EXE 808 N/D WINLOGON.EXE 832 N/D SERVICES.EXE 880 Eventlog, PlugPlay LSASS.EXE 892 PolicyAgent, ProtectedStorage, SamSs ATI2EVXX.EXE 1044 Ati HotKey Poller SVCHOST.EXE 1060 DcomLaunch, TermService SVCHOST.EXE 1132 RpcSs SVCHOST.EXE 1196 AudioSrv, Browser, CryptSvc, Dhcp, dmserver, ERSvc, EventSystem, FastUserSwitchingCompatibility, helpsvc, lanmanserver, lanmanworkstation, Netman, Nla, RasMan, Schedule, seclogon, SENS, SharedAccess, ShellHWDetection, srservice, TapiSrv, Themes, TrkWks, W32Time, winmgmt, wscsvc, wuauserv, WZCSVC SVCHOST.EXE 1324 Dnscache SVCHOST.EXE 1492 LmHosts, RemoteRegistry, SSDPSRV, WebClient EXPLORER.EXE 1516 N/D SPOOLSV.EXE 1812 Spooler AVGAMSVR.EXE 1948 Avg7Alrt AVGUPSVC.EXE 2024 Avg7UpdSvc SVCHOST.EXE 284 BthServ SAgent2.exe 420 EPSONStatusAgent2 INETINFO.EXE 684 IISADMIN SMAgent.exe 752 SoundMAX Agent Service (default) SVCHOST.EXE 1244 stisvc VSMON.EXE 1604 vsmon Liveupdate.exe 1644 N/D ZLCLIENT.EXE 1652 N/D Amoumain.exe 1696 N/D TRAYAP~1.EXE 1856 N/D GSICON.EXE 936 N/D DSLAGENT.EXE 164 N/D DATALA~1.EXE 188 N/D RUNDLL32.EXE 160 N/D AVGCC.EXE 216 N/D ATIPTAXX.EXE 256 N/D CTFMON.EXE 280 N/D CTDetect.exe 440 N/D SERVIC~1.EXE 612 N/D alg.exe 2864 ALG NOTEPAD.EXE 3632 N/D IEXPLORE.EXE 4028 N/D cmd.exe 800 N/D NOTEPAD.EXE 1348 N/D tasklist.exe 3352 N/D wmiprvse.exe 3788 N/D ------------------------------------------------ Saluti Nonno

Strumenti
Mostra una versione stampabile Invia questa pagina per email