|
|
|
![]() |
|
Strumenti |
![]() |
#3981 | |
Junior Member
Iscritto dal: Sep 2006
Città: provincia salerno
Messaggi: 26
|
Quote:
![]() ![]() vado con gmer???lo voglio pulito il mio pc...stò linkoptimizer è odioso! ![]() ti ritrovi schifezza dove meno te lo aspetti! grazie grazie grazie! break 6 1 tesoro! |
|
![]() |
![]() |
![]() |
#3982 | |
Senior Member
Iscritto dal: Jun 2003
Città: ..By The Sea..
Messaggi: 564
|
Quote:
Se vuoi fare le scansioni con gmer, a controllarle ci mettiamo poco. Per i complimenti ti ringrazio.. eeh.. lo so.. sono un uomo buono.. ![]() ![]() ![]() ![]()
__________________
Without Contraries is no Progression... |
|
![]() |
![]() |
![]() |
#3983 | |
Junior Member
Iscritto dal: Sep 2006
Città: provincia salerno
Messaggi: 26
|
Quote:
![]() verifichiamo la pazienza ![]() ecco il risultato autostart: GMER 1.0.12.11879 - http://www.gmer.net Autostart scan 2006-11-05 18:55:20 Windows 5.1.2600 Service Pack 2 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\SYSTEM32\Userinit.exe, HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier@DLLName = WRLogonNTF.dll /*file not found*/ HKLM\SYSTEM\CurrentControlSet\Services\ >>> EPSONStatusAgent2 /*EPSON Printer Status Agent2*/@ = C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe kavsvc /*kavsvc*/@ = "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe" MDM /*Machine Debug Manager*/@ = "C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE" SoundMAX Agent Service (default) /*SoundMAX Agent Service*/@ = C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>> @VIRIT LITE MONITORC:\VEXPLITE\MONLITE.EXE = C:\VEXPLITE\MONLITE.EXE @VTTraypVTtrayp.exe = VTtrayp.exe @VTTimerVTTimer.exe = VTTimer.exe @SoundMAXPnP"C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe" = "C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe" @SoundMAX"C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray = "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray @RemoteControlC:\Programmi\CyberLink\PowerDVD\PDVDServ.exe = C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe @RaidToolC:\Programmi\VIA\RAID\raid_tool.exe = C:\Programmi\VIA\RAID\raid_tool.exe @NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe @KAVPersonal50"C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize = "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize @EPSON Stylus C42 Series"C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42" HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run@ibmnet = "c:\windows\ibmnet.exe" /*file not found*/ HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>> @E06IXLRD_18733171"C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE" -m = "C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE" -m @ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe @MSMSGS"C:\Programmi\Messenger\msmsgs.exe" /background = "C:\Programmi\Messenger\msmsgs.exe" /background @E06IXLRD_9122828"C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE" -m = "C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE" -m @BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" = "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>> @{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/ @{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll @{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll @{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) = @{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll @{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL @{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL @{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL @{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll @{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0792.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0792.00.dll @{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll @{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL @{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL @{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL @{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL @{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Programmi\File comuni\Ahead\lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\lib\NeroDigitalExt.dll @{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Programmi\File comuni\Ahead\lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\lib\NeroDigitalExt.dll HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>> Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>> WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>> Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>> @{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll @{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\programmi\google\googletoolbar3.dll = c:\programmi\google\googletoolbar3.dll HKLM\Software\Microsoft\Internet Explorer\Main >>> @Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome @Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home @Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm HKCU\Software\Microsoft\Internet Explorer\Main >>> @Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome @Start Pagehttp://www.virgilio.it/ = http://www.virgilio.it/ @Local Page\blank.htm = \blank.htm HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL HKLM\Software\Classes\PROTOCOLS\Handler\ >>> dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll its@CLSID = C:\WINDOWS\system32\itss.dll livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll ms-its@CLSID = C:\WINDOWS\system32\itss.dll ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\msitss.dll msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL tv@CLSID = C:\WINDOWS\system32\msvidctl.dll HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\system32\wiascr.dll C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>> Adobe Gamma Loader.lnk = Adobe Gamma Loader.lnk Avvio veloce di Adobe Reader.lnk = Avvio veloce di Adobe Reader.lnk ---- EOF - GMER 1.0.12 ---- Ultima modifica di decoccio : 05-11-2006 alle 18:08. |
|
![]() |
![]() |
![]() |
#3984 | |
Member
Iscritto dal: Oct 2006
Messaggi: 151
|
Quote:
|
|
![]() |
![]() |
![]() |
#3985 | |
Senior Member
Iscritto dal: Jun 2003
Città: ..By The Sea..
Messaggi: 564
|
Quote:
Comunque quando posterai il log rootkit finiremo la diagnosi ![]() Ciao!
__________________
Without Contraries is no Progression... |
|
![]() |
![]() |
![]() |
#3986 |
Junior Member
Iscritto dal: Oct 2006
Messaggi: 4
|
rieccomi...........
stavolta il portatile si riavvia da solo improvvisamente è successo ieri per la prima volta,apro emule e se c'è anche msn aperto salta tutto. è trano perchè prima andava tutto perfetto e come al solito nn riesco a disinstallare agnitum anche perchè ogni volta che il pc riavvia da solo mi compare una finestra di errore agnitum ps:mi consigli un buon firewall? gli altri software di protezione che ho installato sono antivir,avg,prevx1 grazie! ![]() questo è il mio log Logfile of HijackThis v1.99.1 Scan saved at 1.25.32, on 06/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\AntiVir PersonalEdition Classic\sched.exe C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe C:\Programmi\Prevx1\PXAgent.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Programmi\Synaptics\SynTP\SynTPEnh.exe C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe C:\Programmi\iTunes\iTunesHelper.exe C:\Programmi\QuickTime\qttask.exe C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Programmi\iPod\bin\iPodService.exe C:\Programmi\DAEMON Tools\daemon.exe C:\Programmi\Winamp\winampa.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe C:\Programmi\HPQ\shared\hpqwmi.exe C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Programmi\Prevx1\PXConsole.exe C:\Programmi\File comuni\Real\Update_OB\realsched.exe C:\Programmi\IObit\Advanced WindowsCare V2 Pro\Awc.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Skype\Phone\Skype.exe C:\WINDOWS\NCLAUNCH.EXe C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe C:\Programmi\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe C:\PROGRA~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE C:\Programmi\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe C:\Programmi\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe C:\Programmi\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe C:\Programmi\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe C:\Programmi\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe C:\Programmi\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\MSN Messenger\msnmsgr.exe C:\Documents and Settings\MaNuEl\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ig?hl=it R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Programmi\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [OutpostFeedBack] C:\Programmi\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [PrevxOne] "C:\Programmi\Prevx1\PXConsole.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Advanced WindowsCare V2 Pro] "C:\Programmi\IObit\Advanced WindowsCare V2 Pro\Awc.exe" /startup O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [BitTorrent] "C:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe O4 - Startup: Yahoo! Widget Engine.lnk = C:\Programmi\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab50997.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab50997.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://osmosi.spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab50997.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab50997.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{3E127AB3-9E2F-4288-A2D4-56AE492FFB2C}: NameServer = 192.168.1.1 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\shared\hpqwmi.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Servizio iPod (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe O23 - Service: NMSAccess - Unknown owner - C:\Documents and Settings\MaNuEl\Desktop\NMSAccess.exe (file missing) O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Programmi\Prevx1\PXAgent.exe" -f (file missing) |
![]() |
![]() |
![]() |
#3987 |
Senior Member
Iscritto dal: Aug 2005
Città: Caserta
Messaggi: 3040
|
raga date un occhiata qui:
http://hjt.networktechs.com/parse.php?log=278055 non riesco a comprendere la riga 017 e 020
__________________
buoni con cashback (amazon, decathlon, ecc), registrati a questo link: https://www.sixthcontinent.com/citiz...ation/115891/1 Veloce e gratuito, no truffa, pubblicità in onda sulle reti mediaset! Contattami per info. |
![]() |
![]() |
![]() |
#3988 | |
Senior Member
Iscritto dal: Jun 2003
Città: ..By The Sea..
Messaggi: 564
|
Quote:
O17 sono i DNS di una delle connessioni internet. Appartengono a Telecom.
__________________
Without Contraries is no Progression... |
|
![]() |
![]() |
![]() |
#3989 | |
Senior Member
Iscritto dal: Aug 2005
Città: Caserta
Messaggi: 3040
|
Quote:
Grazie
__________________
buoni con cashback (amazon, decathlon, ecc), registrati a questo link: https://www.sixthcontinent.com/citiz...ation/115891/1 Veloce e gratuito, no truffa, pubblicità in onda sulle reti mediaset! Contattami per info. |
|
![]() |
![]() |
![]() |
#3990 | ||
Member
Iscritto dal: Oct 2006
Messaggi: 151
|
Quote:
Quote:
|
||
![]() |
![]() |
![]() |
#3991 | |
Junior Member
Iscritto dal: Sep 2006
Città: provincia salerno
Messaggi: 26
|
Quote:
![]() ![]() ecco anche il rootkit(questo è venuto fuori,ma senza aver spuntato ADS,che nn sò cosa è.Se devo fare una scansione includendo anche questo ADS,la rifaccio)ciao e grazie per la tua disponibilità! il rootkit: GMER 1.0.12.11879 - http://www.gmer.net Rootkit scan 2006-11-06 23:14:13 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.12 ---- SSDT \SystemRoot\System32\drivers\klif.sys ZwClose SSDT \SystemRoot\System32\drivers\klif.sys ZwCreateProcess SSDT \SystemRoot\System32\drivers\klif.sys ZwCreateProcessEx SSDT \SystemRoot\System32\drivers\klif.sys ZwCreateSection SSDT \SystemRoot\System32\drivers\klif.sys ZwCreateThread SSDT kl1.sys ZwOpenFile SSDT \SystemRoot\System32\drivers\klif.sys ZwOpenProcess SSDT \SystemRoot\System32\drivers\klif.sys ZwQueryInformationFile SSDT \SystemRoot\System32\drivers\klif.sys ZwQuerySystemInformation SSDT \SystemRoot\System32\drivers\klif.sys ZwResumeThread SSDT \SystemRoot\System32\drivers\klif.sys ZwSetInformationProcess SSDT \SystemRoot\System32\drivers\klif.sys ZwSuspendThread SSDT \SystemRoot\System32\drivers\klif.sys ZwTerminateProcess SSDT \SystemRoot\System32\drivers\klif.sys SSDT[284] SSDT \SystemRoot\System32\drivers\klif.sys SSDT[285] SSDT \SystemRoot\System32\drivers\klif.sys SSDT[286] SSDT \SystemRoot\System32\drivers\klif.sys SSDT[287] SSDT \SystemRoot\System32\drivers\klif.sys SSDT[288] SSDT \SystemRoot\System32\drivers\klif.sys SSDT[289] SSDT \SystemRoot\System32\drivers\klif.sys SSDT[290] SSDT \SystemRoot\System32\drivers\klif.sys SSDT[291] SSDT \SystemRoot\System32\drivers\klif.sys SSDT[292] SSDT \SystemRoot\System32\drivers\klif.sys SSDT[293] SSDT \SystemRoot\System32\drivers\klif.sys SSDT[294] SSDT \SystemRoot\System32\drivers\klif.sys SSDT[295] SSDT \SystemRoot\System32\drivers\klif.sys SSDT[296] ---- Kernel code sections - GMER 1.0.12 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 9468 80501200 4 Bytes .text ntkrnlpa.exe!ZwCallbackReturn + 9916 805013C0 4 Bytes .text ntkrnlpa.exe!KiDispatchInterrupt + 186 80540ABA 7 Bytes JMP F5ACF310 \SystemRoot\System32\drivers\klif.sys ---- Devices - GMER 1.0.12 ---- Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F7A67BF6] klmc.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7A67BF6] klmc.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7A67BF6] klmc.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7A67BF6] klmc.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F7A67BF6] klmc.sys ---- Threads - GMER 1.0.12 ---- Thread 4:116 84223950 Thread 4:120 84203C60 Thread 4:124 84203C60 Thread 4:140 83AE5560 ---- EOF - GMER 1.0.12 ---- |
|
![]() |
![]() |
![]() |
#3992 | |
Senior Member
Iscritto dal: Jun 2003
Città: ..By The Sea..
Messaggi: 564
|
Quote:
![]() Ciao!
__________________
Without Contraries is no Progression... |
|
![]() |
![]() |
![]() |
#3993 | |
Junior Member
Iscritto dal: Sep 2006
Città: provincia salerno
Messaggi: 26
|
Quote:
grazie...per risposta e per il"in gamba". ma son decoccio sul serio ![]() per quella connessione-account:.\qeFBogJeVarZakSXY,l'ho disabilitata..ma posso anche cancellarla tranquillamente col prompt come mi hai cosigliato ? un grosso grazie ![]() |
|
![]() |
![]() |
![]() |
#3994 | |
Senior Member
Iscritto dal: Oct 2004
Città: Milano
Messaggi: 2641
|
Quote:
Da un controllo che avevo fatto risultavano appartenere ad un server Ukraino, aspettiamo comunque delucidazioni da bReAkDoWn. Per il momento, se dopo aver inserito 208.67.220.220 ti funziona tutto, lascerei così. Ciao
__________________
FOXYLADY è un MASCHIO!! Un amico è una persona che sa tutto di te e nonostante questo gli piaci Ultima modifica di FOXYLADY : 07-11-2006 alle 00:49. |
|
![]() |
![]() |
![]() |
#3995 | |
Senior Member
Iscritto dal: Jun 2003
Città: ..By The Sea..
Messaggi: 564
|
Quote:
Comunque con Alice 4MB adesso ho questi: 85.37.17.55 85.38.28.93. Vedo che 208 ecc. è un dns gratuito aperto a tutti, se non è lento tienilo pure, altrimenti mettine qualcuno di Telecom. Ciao!
__________________
Without Contraries is no Progression... |
|
![]() |
![]() |
![]() |
#3996 |
Senior Member
Iscritto dal: Oct 2004
Città: Milano
Messaggi: 2641
|
Ciao bReAkDoWn
lui aveva questi 85.255.114.98,85.255.112.214 che non conosco anche se mi è già capitato di vederli in altri log.
__________________
FOXYLADY è un MASCHIO!! Un amico è una persona che sa tutto di te e nonostante questo gli piaci |
![]() |
![]() |
![]() |
#3997 | |
Senior Member
Iscritto dal: Jun 2003
Città: ..By The Sea..
Messaggi: 564
|
Quote:
inetnum: 85.255.112.0 - 85.255.127.255 netname: inhoster descr: Inhoster hosting company descr: OOO Inhoster, Poltavskij Shliax 24, Kharkiv, 61000, Ukraine quelli andavano assolutamente fixati. Ciao!
__________________
Without Contraries is no Progression... |
|
![]() |
![]() |
![]() |
#3998 |
Senior Member
Iscritto dal: Nov 2004
Città: Napoli
Messaggi: 999
|
sto cercando di risolvere il problema già esposto qui http://www.hwupgrade.it/forum/showth...6#post14585806
praticamente mi si creano delle cartelle : windows nt in programmi e nomestrano in documenti e settings elimino da mod provvisoria ma al riavvio compaiono sempre !! conseguenze: un casino di processi attivi e rallentamento del browser... ecco il log: Logfile of HijackThis v1.99.1 Scan saved at 17.18.31, on 07/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\hot_plug.exe C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe C:\Programmi\Analog Devices\SoundMAX\Smax4.exe C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Messenger\msmsgs.exe C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Programmi\SpamWeed\spamweed.exe C:\Programmi\SpamWeed\swengine.exe C:\Programmi\AntiVir PersonalEdition Classic\sched.exe C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Programmi\Outlook Express\msimn.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Documents and Settings\Fabio\Desktop\setup_2006\hijackthis1991\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - Default URLSearchHook is missing O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Class - {6AA384A1-36C4-F292-31F9-373C37567374} - C:\WINDOWS\ensby1.dll O4 - HKLM\..\Run: [Hotplug] C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\hot_plug.exe O4 - HKLM\..\Run: [SiSRaid] C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Windows Services] "C:\Programmi\svchosts.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: SpamWeed.lnk = C:\Programmi\SpamWeed\spamweed.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe grazie ![]()
__________________
Intel Pentium IV 3,0 GHz, Asus P5SD2-X , 1.0 Gb ddr2, Radeon X550 , Maxtor 160Gb sata, Hitachi 100 gb pata,Piooner Dvr-109 ,Microsoft Windows XP Professional Service Pack 2 |
![]() |
![]() |
![]() |
#3999 | |
Senior Member
Iscritto dal: Jun 2003
Città: ..By The Sea..
Messaggi: 564
|
Quote:
Allora devi fixare, in modalità provvisoria: O2 - BHO: Class - {6AA384A1-36C4-F292-31F9-373C37567374} - C:\WINDOWS\ensby1.dll O4 - HKLM\..\Run: [Windows Services] "C:\Programmi\svchosts.exe" O20 - AppInit_DLLs: Inoltre da start menu esegui -> services.msc Quindi prendi nota di tutti i servizi che nella colonna connessione hanno dei nomi chiaramenta casuali, guarda le loro proprietà e per ognuno di essi vai a cercare il file eseguibile. Come conferma, assicurati che questi file siano tutti in sottocartelle di c:\programmi\file comuni\ Prova a cancellarli manualmente. Se qualche file non si cancella, rinominalo e prova a cancellarlo dopo aver riavviato. Per adesso esegui questi passaggi, poi dopo i vari riavvii controlla che non siano comparsi nuovi servizi con nomi casuali, e fai di nuovo un log con hijackthis. Non è finita qua, ma per continuare dobbiamo prima completare questi primi passaggi e verificarne l'esito.
__________________
Without Contraries is no Progression... Ultima modifica di bReAkDoWn : 07-11-2006 alle 17:44. |
|
![]() |
![]() |
![]() |
#4000 | ||
Senior Member
Iscritto dal: Nov 2004
Città: Napoli
Messaggi: 999
|
Quote:
The Trojan.Gromozon rootkit component was not found on the system. Do you wish to continue anyway ? quindi io dico no...ho provato anche ad andare avanti quindi mi fa riavviare e poi nn succede nulla.... Quote:
__________________
Intel Pentium IV 3,0 GHz, Asus P5SD2-X , 1.0 Gb ddr2, Radeon X550 , Maxtor 160Gb sata, Hitachi 100 gb pata,Piooner Dvr-109 ,Microsoft Windows XP Professional Service Pack 2 |
||
![]() |
![]() |
![]() |
Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 18:21.