|
|||||||
|
|
|
 |
|
|
Strumenti |
25-10-2006, 14:38
|
#3821 | |
|
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28978
|
Quote:
|
|
|
|
|
25-10-2006, 14:39
|
#3822 | |
|
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28978
|
Quote:
|
|
|
|
|
|
25-10-2006, 16:13
|
#3823 | |
|
Member
Iscritto dal: Oct 2006
Messaggi: 40
|
Quote:
|
|
|
|
|
|
25-10-2006, 16:32
|
#3824 |
|
Member
Iscritto dal: Oct 2006
Messaggi: 151
|
Come suggerito da juninho85 ho usato hijackThis.Ho selezionato quegli elementi e premuto su "add checked to ignorelist".Era questo che intendevi?Il problema sembra persistere,magari c'è qualcos'altro da elimare.Adesso riavvio il pc e vedo se risolvo.Ciao
|
|
|
|
|
25-10-2006, 16:49
|
#3825 | |
|
Member
Iscritto dal: Oct 2006
Messaggi: 40
|
Quote:
 adesso ho riavviato il computer vedo che succede! |
|
|
|
|
|
25-10-2006, 18:47
|
#3826 | |
|
Junior Member
Iscritto dal: Apr 2006
Messaggi: 12
|
Quote:
Nel log la stringa D:\programmi\ etc etc... scompare ma non scompare quella 023 - service: Raysta_3dsmax8 etc etc. provo a fixare solo questa ma quando rifaccio lo scan riappere e la cartella non si cancella..... 
|
|
|
|
|
|
25-10-2006, 20:17
|
#3827 |
|
Senior Member
Iscritto dal: Jan 2006
Messaggi: 433
|
Adware.BHO.AA: come lo elimino?
Come da titolo. All'avvio, NOD32 me lo segnala come virus residente in memoria, ma poi non visualizza alcuna opzione per fare pulizia...
C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programmi\Analog Devices\Core\smax4pnp.exe C:\Programmi\Analog Devices\SoundMAX\Smax4.exe C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\WINDOWS\system32\RUNDLL32.EXE E:\Internet\NOD32\nod32kui.exe E:\Ufficio\Omnipage Pro 15\Opware15.exe C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE E:\Internet\NOD32\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe E:\Cd Recording\Alcohol 120%\Alcohol 120\Alcohol.exe C:\Documents and Settings\Roby\Desktop\The_Godfather_DT_SkOssInO.exe C:\Documents and Settings\Roby\Desktop\sd4hide.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE F:\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tin.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Grafica\Adobe Acrobat 7.0 Profesisonal\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {6DDD8D71-EE1F-4CF3-A95E-C95F3D43EAB7} - C:\WINDOWS\system32\regsvc32.dll O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Grafica\Adobe Acrobat 7.0 Profesisonal\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Grafica\Adobe Acrobat 7.0 Profesisonal\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - E:\Ufficio\Canon Pixma IP4200\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [IAAnotif] C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nod32kui] "E:\Internet\NOD32\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Opware15] "E:\Ufficio\Omnipage Pro 15\Opware15.exe" O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://E:\Ufficio\Canon Pixma IP4200\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Anteprima Easy-WebPrint - res://E:\Ufficio\Canon Pixma IP4200\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\Grafica\Adobe Acrobat 7.0 Profesisonal\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://E:\Grafica\Adobe Acrobat 7.0 Profesisonal\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\Grafica\Adobe Acrobat 7.0 Profesisonal\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\Grafica\Adobe Acrobat 7.0 Profesisonal\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\Grafica\Adobe Acrobat 7.0 Profesisonal\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://E:\Grafica\Adobe Acrobat 7.0 Profesisonal\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Grafica\Adobe Acrobat 7.0 Profesisonal\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://E:\Grafica\Adobe Acrobat 7.0 Profesisonal\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&sporta in Microsoft Excel - res://E:\Ufficio\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://E:\Ufficio\Canon Pixma IP4200\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Stampa Easy-WebPrint - res://E:\Ufficio\Canon Pixma IP4200\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: Ricerche (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{668A4C16-3C95-4198-AB40-31F13BE3552B}: NameServer = 212.216.112.112,212.216.172.62 Secondo me la voce sospetta è questa: O2 - BHO: (no name) - {6DDD8D71-EE1F-4CF3-A95E-C95F3D43EAB7} - C:\WINDOWS\system32\regsvc32.dll però non vorrei fare fesserie fixandola con hijackthis... che ne dite? |
|
|
|
|
25-10-2006, 22:17
|
#3828 | |
|
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28978
|
Quote:
|
|
|
|
|
|
25-10-2006, 22:21
|
#3829 | |
|
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28978
|
Quote:
1)start/esegui--->cmd 2)sc stop RaySat_3dsmax8 Server 3)sc delete RaySat_3dsmax8 Server ora vai sulla cartella ed eliminala manualmente ora vai su start/esegui/msconfig/avvio e controlla che non ci sia nessuna spunta che faccia avviare questo programma riavvia il pc in modalità normale |
|
|
|
|
|
25-10-2006, 22:23
|
#3830 | |
|
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28978
|
Quote:
|
|
|
|
|
|
25-10-2006, 22:57
|
#3831 |
|
Member
Iscritto dal: Oct 2006
Messaggi: 151
|
ops....adesso ke li trovo solo in backup come faccio?Fix checked items è inutilizzabile.....grazie,ciao
|
|
|
|
|
25-10-2006, 23:17
|
#3832 | |
|
Junior Member
Iscritto dal: Apr 2006
Messaggi: 12
|
Quote:
[SC] OpenService FAILED 1060: Il servizio specificato non esiste come servizio installato. Su ms config Raysat_3dsmax8 Server rimane in servizi e non in avvio... Ti dice niente tutto ciò.... se disinstallo 3dsmax8 risolvo qualcosa Ps. con avg antispyware se uso lo strumento Shredder x eliminare l'ultima cartella del percorso mi dice "il seguente file è bloccato o utillizzato da un'altra applicazione.Chiudere l'applicazione che sta utilizzano il file,quindi riprovare. |
|
|
|
|
|
26-10-2006, 00:29
|
#3833 |
|
Member
Iscritto dal: Oct 2006
Messaggi: 40
|
potete controllarmi questo log?
ciao. ho risolto il problema con l'altro computer, ma vorrei sapere se anche l'altro ha problemi. potete dare un'occhiata a questo log di hijackthis? con l'altro comp ho risolto, grazie a tutti
Logfile of HijackThis v1.99.1 Scan saved at 1.25.47, on 26/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Intel\Wireless\Bin\EvtEng.exe C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe C:\Programmi\File comuni\Symantec Shared\ccProxy.exe C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programmi\ATI Technologies\ATI.ACE\cli.exe C:\Programmi\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\AGRSMMSG.exe C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe C:\WINDOWS\system32\TPSMain.exe C:\Programmi\Synaptics\SynTP\Toshiba.exe C:\Programmi\TOSHIBA\ConfigFree\NDSTray.exe C:\Programmi\TOSHIBA\Tvs\TvsTray.exe C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Programmi\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\system32\TDispVol.exe C:\WINDOWS\system32\TPSBattM.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Programmi\File comuni\Symantec Shared\ccApp.exe C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Programmi\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Programmi\WinZip\WZQKPICK.EXE C:\Programmi\ATI Technologies\ATI.ACE\cli.exe C:\Programmi\ATI Technologies\ATI.ACE\cli.exe C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE C:\PROGRA~1\WINZIP\winzip32.exe C:\Documents and Settings\La Rovere\Impostazioni locali\Temp\wze6ab\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [THotkey] C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [Tvs] C:\Programmi\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [SmoothView] C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [TDispVol] TDispVol.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\Norton Internet Security\comHost.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe |
|
|
|
|
26-10-2006, 07:08
|
#3834 |
|
Member
Iscritto dal: Dec 2000
Città: emilia
Messaggi: 255
|
si chiude hijackthis !!!
... da ieri ho notato un comportamento strano del pc , ho' provato a lanciare hijackthis , questo si chiude immediatamente in pratica mi appare la schermata iniziale e poi si chiude , andando in gestione risorse ed aprendo la cartella con hijackthis mi si chiude gestione risorse !! (solo con questa cartella succede ) ed inoltre la stessa cosa mi succede navigando , se tento di accedere a hardware upgrade forum , si chide sia internet explorer che mozilla.
cosa mi suggerite ???? grazie |
|
|
|
|
26-10-2006, 07:42
|
#3836 | |||
|
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28978
|
Quote:
Quote:
 Quote:
|
|||
|
|
|
|
26-10-2006, 07:46
|
#3837 | |
|
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28978
|
Quote:
|
|
|
|
|
|
26-10-2006, 08:59
|
#3838 | |
|
Senior Member
Iscritto dal: Jan 2003
Città: PuzzaCity
Messaggi: 4682
|
Quote:
Scan saved at 9.58.48, on 26/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programmi\Trend Micro\OfficeScan Client\ntrtscan.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\Trend Micro\OfficeScan Client\tmlisten.exe C:\Programmi\Trend Micro\OfficeScan Client\OfcPfwSvc.exe C:\WINDOWS\TEMP\FM56E4.EXE C:\WINDOWS\Explorer.EXE C:\Programmi\Trend Micro\OfficeScan Client\pccntmon.exe C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Programmi\Google\Google Talk\googletalk.exe C:\Programmi\Mozilla Firefox\firefox.exe C:\Programmi\Microsoft Office\OFFICE11\MSACCESS.EXE C:\Documents and Settings\lavoro1\Desktop\Gu1d0 D0cum3nt1\Omg ViruZ\hijackthis_199\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.provincia.padova.it/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = webproxy.intra.ppd:3128 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programmi\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - Global Startup: Gestione Posti Lavoro e Server.lnk = C:\GPLS\Allinea.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://mail.italialavoro.it/iNotes6W.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = intra.ppd O17 - HKLM\Software\..\Telephony: DomainName = intra.ppd O17 - HKLM\System\CCS\Services\Tcpip\..\{E581ED72-0B5F-4008-8274-15A56F144524}: NameServer = 151.99.125.2,151.99.250.2 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = intra.ppd O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programmi\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Programmi\Trend Micro\OfficeScan Client\OfcPfwSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Programmi\Trend Micro\OfficeScan Client\tmlisten.exe Eccolo qui.  Eventualmente poteri postare anche l'elenco dei DLL che mi sono stati indicati da Spybot come necessari per l'avvio del file sospetto in questione.
__________________
from"Good Morning Vietnam!":"Con tutte le stronzate che ha fatto, ci avremmo potuto concimare il Sinai!" 
Ultima modifica di Guidooo : 26-10-2006 alle 09:02. |
|
|
|
|
|
26-10-2006, 09:14
|
#3839 | |
|
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28978
|
Quote:
|
|
|
|
|
|
26-10-2006, 09:31
|
#3840 | |
|
Senior Member
Iscritto dal: Jan 2003
Città: PuzzaCity
Messaggi: 4682
|
Quote:
Le restrizioni al pannello di controllo potrebbero essere dovute al fatto che non mi loggo come amministratore?Questi sono i dll (moduli caricati) di quello stramaledetto file che oggi si chiama FM56E4.EXE: ntdll.dll, kernel32.dll, WSOCK32.dll, WS2_32.dll, msvcrt.dll, WS2HELP.dll, ADVAPI32.dll, RPCRT4.dll, USERS32.dll, GDI32.dll, WINSPOOL.dll, COMCTL32.dll, uxtheme.dll, imm32.dll, PSAPI.dll
__________________
from"Good Morning Vietnam!":"Con tutte le stronzate che ha fatto, ci avremmo potuto concimare il Sinai!"
|
|
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 10:09.
