|
|||||||
|
|
|
 |
|
|
Strumenti |
10-12-2006, 22:12
|
#4321 |
|
Senior Member
Iscritto dal: Oct 2004
Città: Milano
Messaggi: 2641
|
Li puoi eliminare tranquillamente
 Per quanto riguarda i cookie, la maggior parte sono innocui, se vuoi puoi installare spywareblaster http://www.javacoolsoftware.com/downloads.html serve anche per prevenire l'installazione dei cookie più spioni.
__________________
FOXYLADY è un MASCHIO!! Un amico è una persona che sa tutto di te e nonostante questo gli piaci |
|
|
|
12-12-2006, 00:40
|
#4322 |
|
Junior Member
Iscritto dal: Dec 2006
Messaggi: 9
|
ciao è tutto a posto o devo eliminare qualcosa?
Logfile of HijackThis v1.99.1 Scan saved at 0.45.41, on 12/12/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\Programmi 2\Alwil Software\Avast4\aswUpdSv.exe C:\Programmi 2\Alwil Software\Avast4\ashServ.exe C:\Programmi 2\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe C:\Programmi 2\Alwil Software\Avast4\ashMaiSv.exe C:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe C:\Programmi 2\Alwil Software\Avast4\ashWebSv.exe C:\Programmi 2\ewido anti-spyware 4.0\ewido.exe C:\Programmi\Softwin\BitDefender8\bdnagent.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe C:\Programmi\Casio\Photo Loader\Plauto.exe C:\Programmi\VIA\RAID\raid_tool.exe C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\wuauclt.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe c:\programmi\softwin\bitdefender8\bdmcon.exe C:\DOCUME~1\user\IMPOST~1\Temp\Directory temporanea 1 per hijackthis_199.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avast!] C:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MemoryCardManager] C:\Programmi\Lexmark\Lexmark Photo Center\MemoryCardManager.exe -startup O4 - HKLM\..\Run: [LXBLKsk] C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [!ewido] "C:\Programmi 2\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender8\bdmcon.exe" O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programmi\Softwin\BitDefender8\bdnagent.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Photo Loader residente.lnk = C:\Programmi\Casio\Photo Loader\Plauto.exe O4 - Global Startup: raid_tool.exe.lnk = C:\Programmi\VIA\RAID\raid_tool.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O13 - WWW. Prefix: http://ehttp.cc/? O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi 2\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi 2\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi 2\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi 2\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi 2\ewido anti-spyware 4.0\guard.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SecTmn - Unknown owner - \\?\C:\Programmi\File comuni\Services\com9.exe (file missing) O23 - Service: UpdYqv - Unknown owner - \\?\C:\Programmi\File comuni\System\lpt2.exe (file missing) O23 - Service: UpdZmf - Unknown owner - \\?\C:\Programmi\File comuni\System\com9.exe (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) |
|
|
|
|
12-12-2006, 09:42
|
#4323 |
|
Member
Iscritto dal: Apr 2006
Messaggi: 70
|
Pc infetto?
Ciao a tutti sonbo nuovo del forum, non so usare Hijack this ma ho il pc che continuamente mi trova degli exe che Blocca (uso kaspersky e Zone alarm) e non capisco perchè una volta eliminati tornano di nuovo.potreste dirmi come si posta il file log?Non ci riesco.
Un grazie sincero! |
|
|
|
|
12-12-2006, 10:00
|
#4324 |
|
Senior Member
Iscritto dal: Nov 2005
Messaggi: 358
|
ciao... oltre al pc con il gromozon (su cui non si riesce ad avviare hijackthis) sto tentando di curarne un altro... l'antivirus (symantec corporate) rileva un trojan.horst ma non riesce ad eliminarlo... questo è il log di hijackthis... che mi dite?
Logfile of HijackThis v1.99.1 Scan saved at 10.37.50, on 13/12/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Programmi\NavNT\defwatch.exe C:\WINDOWS\system32\lkcitdl.exe C:\WINDOWS\system32\lkads.exe C:\WINDOWS\system32\lktsrv.exe C:\Programmi\National Instruments\MAX\nimxs.exe C:\Programmi\National Instruments\Shared\Security\nidmsrv.exe C:\WINDOWS\system32\nisvcloc.exe C:\Programmi\National Instruments\Shared\Tagger\tagsrv.exe C:\Programmi\NavNT\rtvscan.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\nipalsm.exe C:\WINDOWS\system32\MsgSys.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\atiptaxx.exe C:\PROGRA~1\EzButton\CPATR10.EXE C:\Programmi\NavNT\vptray.exe C:\Programmi\National Instruments\NI-DAQ\HWConfig\nidevmon.exe C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Messenger\msmsgs.exe C:\WINDOWS\system32\wuauclt.exe C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Programmi\OLYMPUS\OLYMPUS Studio\Os_Monitor.exe C:\WINDOWS\system32\svchost.exe C:\DOCUME~1\alex\IMPOST~1\Temp\Directory temporanea 1 per hijackthis_199.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [CPATR10] C:\PROGRA~1\EzButton\CPATR10.EXE O4 - HKLM\..\Run: [vptray] C:\Programmi\NavNT\vptray.exe O4 - HKLM\..\Run: [niDevMon] C:\Programmi\National Instruments\NI-DAQ\HWConfig\nidevmon.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: OLYMPUS Studio.lnk = C:\Programmi\OLYMPUS\OLYMPUS Studio\Os_Monitor.exe O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: DefWatch - Symantec Corporation - C:\Programmi\NavNT\defwatch.exe O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Programmi\MATLAB71\webserver\bin\win32\matlabserver.exe O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Programmi\National Instruments\MAX\nimxs.exe O23 - Service: nidevldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Programmi\National Instruments\Shared\Security\nidmsrv.exe O23 - Service: NILM License Manager - Macrovision Corporation - C:\Programmi\National Instruments\Shared\License Manager\Bin\lmgrd.exe O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Programmi\National Instruments\Shared\Tagger\tagsrv.exe O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Programmi\NavNT\rtvscan.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe |
|
|
|
|
12-12-2006, 10:05
|
#4325 |
|
Member
Iscritto dal: Apr 2006
Messaggi: 70
|
scusa mi puoi dire come fai a postare il log?penso di avere il tuo stesso problema
|
|
|
|
|
12-12-2006, 10:09
|
#4326 | |
|
Senior Member
Iscritto dal: Nov 2005
Messaggi: 358
|
Quote:
|
|
|
|
|
|
12-12-2006, 11:17
|
#4327 |
|
Senior Member
Iscritto dal: Nov 2005
Messaggi: 358
|
dopo gromozon
dopo una strenua lotta gromozon sembra debellato... vi posto il log di hijackthis per controllare se c'è qualcosa da fixare...
Logfile of HijackThis v1.99.1 Scan saved at 12.07.45, on 12/12/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programmi\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\WINDOWS\RTHDCPL.EXE C:\Programmi\ATI Technologies\ATI.ACE\cli.exe C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Programmi\Ahead\InCD\InCD.exe C:\Programmi\iTunes\iTunesHelper.exe C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Programmi\Prevx1\PXConsole.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Programmi\MSN Messenger\MsnMsgr.Exe C:\Programmi\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Programmi\File comuni\LightScribe\LSSrvc.exe C:\Programmi\Skype\Phone\Skype.exe C:\Programmi\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe C:\Programmi\Prevx1\PXAgent.exe C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Programmi\iPod\bin\iPodService.exe C:\Programmi\ATI Technologies\ATI.ACE\cli.exe C:\Programmi\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\alex\Desktop\pippo\cippirimerlo.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - Default URLSearchHook is missing F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,"c:\windows\maxtorpad.exe", O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {30648DC1-FE09-5279-1416-DB9788291569} - (no file) O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [IAAnotif] C:\Programmi\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Programmi\ASUS\Ai Booster\OverClk.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [RemoteControl] "C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [PrevxOne] "C:\Programmi\Prevx1\PXConsole.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Programmi\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Programmi\Prevx1\PXAgent.exe" -f (file missing) |
|
|
|
|
12-12-2006, 15:06
|
#4328 | |
|
Senior Member
Iscritto dal: Oct 2004
Città: Milano
Messaggi: 2641
|
Quote:
__________________
FOXYLADY è un MASCHIO!! Un amico è una persona che sa tutto di te e nonostante questo gli piaci |
|
|
|
|
|
12-12-2006, 15:39
|
#4329 | ||
|
Senior Member
Iscritto dal: Oct 2004
Città: Milano
Messaggi: 2641
|
Quote:
Quote:
su www.virustotal.com nel caso vada eliminato non devi fixare la voce in hijackthis, ma rimuoverla manualmente maxtorpad.exe, magari usando killbox.
__________________
FOXYLADY è un MASCHIO!! Un amico è una persona che sa tutto di te e nonostante questo gli piaci Ultima modifica di FOXYLADY : 12-12-2006 alle 15:42. |
||
|
|
|
|
13-12-2006, 11:02
|
#4330 |
|
Senior Member
Iscritto dal: Jan 2003
Città: Prov. Bergamo
Messaggi: 371
|
salve..Salvatori
qualcuno mi dice se è pulito questo?Logfile of HijackThis v1.99.1 Scan saved at 11.50.51, on 13/12/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\VIRITEXP\viritsvc.exe C:\Programmi\Classic PhoneTools\CapFax.EXE C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\Mixer.exe C:\VIRITEXP\MONITOR.EXE C:\VIRITEXP\VSMAIL.EXE C:\VIRITEXP\viritfw.EXE C:\WINDOWS\system32\RunDLL32.exe C:\Programmi\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe C:\Documents and Settings\BILLY1\Desktop\hijackthisNuovo\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice.it/oggi/indexbb.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll O4 - HKLM\..\Run: [SmartGuardian] C:\Programmi\ITE\Smart Guardian\ITESmart.exe O4 - HKLM\..\Run: [FaxCenterServer] "C:\Programmi\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [CapFax] C:\Programmi\Classic PhoneTools\CapFax.EXE O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [VIRITMONITOR] C:\VIRITEXP\MONITOR.EXE O4 - HKLM\..\Run: [VirIT Scan Mail] C:\VIRITEXP\VSMAIL.EXE O4 - HKLM\..\Run: [VirIT Firewall PRO] C:\VIRITEXP\viritfw.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROPROJ.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\viritexp\viritxfl.dll O10 - Unknown file in Winsock LSP: c:\viritexp\viritxfl.dll O10 - Unknown file in Winsock LSP: c:\viritexp\viritxfl.dll O10 - Unknown file in Winsock LSP: c:\viritexp\viritxfl.dll O10 - Unknown file in Winsock LSP: c:\viritexp\viritxfl.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1127384366203 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Virit eXplorer Pro (viritsvcpro) - TG Soft Sas www.tgsoft.it - C:\VIRITEXP\viritsvc.exe grazie 
__________________
ASUS M2N32 SLI De Luxe WIFI AMD 6400+ @3400Mhz 2x 8800Gts 320Mb @ 560/1250/900 3.5 Gb ADATA Vitesta 800Mhz raffreddamento Liquido Ybris K11+2k7 ALI Enermax 600W |
|
|
|
|
13-12-2006, 13:14
|
#4331 |
|
Senior Member
Iscritto dal: Dec 2001
Città: forli'
Messaggi: 340
|
mi ci date un occhio...la mia domanda e' i dns sono giusti? ho alice come faccio a sapere quali sono ok..se per caso li fixo e poi andavano bene come faccio a riportarli..indietro?
da qualche settimana il mio pc va molto lento a caricare le pagine ed e' per questo che mi e' venuto qualche dubbio. (sono passato ai 2 mega di alice ma da una prova mi da che sono ancora a 700 in dowload.. forse il modem 302t ..boh..) se qualcuno mi sa dire qualcosa ..grazie. Logfile of HijackThis v1.99.1 Scan saved at 14.05.39, on 13/12/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe C:\Programmi\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe C:\Programmi\Analog Devices\SoundMAX\Smtray.exe C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programmi\Logitech\iTouch\iTouch.exe C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE C:\Programmi\Logitech\MouseWare\system\em_exec.exe C:\Programmi\eMulesuper\eMule.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\Programmi\Outlook Express\msimn.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\tos\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe" O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\WINDOWS\system32\shdocvw.dll O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7507BF4A-519C-455D-B0FD-DE397379D6DA}: NameServer = 85.37.17.47 85.38.28.82 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
__________________
effettuato vendite perfette con pellegrin-tone8-crashland-smoke81- serbring e altri |
|
|
|
|
13-12-2006, 14:17
|
#4332 |
|
Senior Member
Iscritto dal: Feb 2005
Messaggi: 351
|
Auito!!!
Sto convivendo con dei residui di win32:small-ckx [try] Era in c:\windows\ctfmon32.dll Ho gia' combinato un casino per rimuoverlo ma mi sa che ho rimosso qualcosa di troppo. Ora se provo a installare per esempio I.E.7 il pc si resetta.  Ho ancora le voci 15 che non riesco a rimuovere.  ecco il log: Logfile of HijackThis v1.99.1 Scan saved at 14.35.25, on 13/12/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe C:\Programmi\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe C:\Programmi\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe C:\Programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe C:\Programmi\Free Download Manager\fdm.exe C:\Programmi\Messenger\msmsgs.exe C:\WINDOWS\eHome\ehmsas.exe C:\Programmi\Digisoft AntiDialer\AntiDialer.exe C:\Programmi\CountDown\CountDown.exe C:\WINDOWS\system32\slrundll.exe C:\WINDOWS\regedit.exe E:\X-HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programmi\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [OpwareSE4] "C:\Programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AnyDVD] C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe O4 - HKCU\..\Run: [Free Download Manager] C:\Programmi\Free Download Manager\fdm.exe -autorun O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - Startup: CountDown.lnk = C:\Programmi\CountDown\CountDown.exe O4 - Global Startup: Digisoft AntiDialer.lnk = C:\Programmi\Digisoft AntiDialer\AntiDialer.exe O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Scarica con Free Download Manager - file://C:\Programmi\Free Download Manager\dllink.htm O8 - Extra context menu item: Scarica selezionati con Free Download Manager - file://C:\Programmi\Free Download Manager\dlselected.htm O8 - Extra context menu item: Scarica tutto con Free Download Manager - file://C:\Programmi\Free Download Manager\dlall.htm O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROPROJ.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone (HKLM) O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone (HKLM) O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone (HKLM) O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM) O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone (HKLM) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
|
|
|
|
13-12-2006, 14:18
|
#4333 |
|
Senior Member
Iscritto dal: May 2004
Città: roma
Messaggi: 445
|
E_FATIAHE.exe
è apparso ieri dopo una istallazione diciamo sospetta.... che roba è? su google non si trova nulla... 
__________________
Desk: Barton M 2500+@3400+ CPU vcore 1.844 /SP97+49CFMfan /Abit AN7 /3x512 A-Data DDR400 chipA-5B @ 6 3 3 2 /Gigabyte9700pro@FireGL X1 +zalman vf700cu /2x 7200RPM maxtor 120GB SATA /pioneer120S /asus DRW 1604P /5fan case /Thermaltake ATX420W-E dual fan - Notebook: Asus A6Ja Q039H |
|
|
|
|
13-12-2006, 14:23
|
#4334 |
|
Senior Member
Iscritto dal: May 2004
Città: roma
Messaggi: 445
|
trovato..... epson status monitor.... è il nome che mi ha tratto in inganno..
 infatti anche il path coincide... C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE
__________________
Desk: Barton M 2500+@3400+ CPU vcore 1.844 /SP97+49CFMfan /Abit AN7 /3x512 A-Data DDR400 chipA-5B @ 6 3 3 2 /Gigabyte9700pro@FireGL X1 +zalman vf700cu /2x 7200RPM maxtor 120GB SATA /pioneer120S /asus DRW 1604P /5fan case /Thermaltake ATX420W-E dual fan - Notebook: Asus A6Ja Q039H |
|
|
|
|
13-12-2006, 15:04
|
#4335 |
|
Member
Iscritto dal: Oct 2006
Città: MESSINA
Messaggi: 76
|
cosa fixo ad un amico?
Abbiamo già eliminato una marea di pocherie ma vorrei il vs parere perchè secondo me c'è ancora tanto da togliere...grazie!!!!
Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\cisvc.exe C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\IPM\Adsl\DataWay\dslstat.exe C:\WINDOWS\system32\dslagent.exe C:\Programmi\Macrogaming\SweetIM\SweetIM.exe C:\Programmi\MessengerPlus! 3\MsgPlus.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe C:\WINDOWS\system32\cidaemon.exe C:\Programmi\Skype\Phone\Skype.exe C:\Documents and Settings\Andrea\Desktop\cde.exe C:\Programmi\Internet Explorer\iexplore.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - Default URLSearchHook is missing F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,"c:\windows\macromediahelper.exe", O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Class - {E32EF60D-E603-8D0A-0D1D-F979B0923CED} - C:\WINDOWS\gnxmt1.dll (file missing) O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [DSLSTATEXE] C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [QuickTime Task] "D:\Andrea\qttask.exe" -atboottime O4 - HKLM\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB003" /M "Stylus DX3800" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Programmi\Trend Micro\Tmasy\Tmasy.exe O4 - Global Startup: LG SyncManager.lnk = ? O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/game.../y/mjst4_x.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9BD19138-51FD-44FB-ACAE-AEE272DC24A4}: NameServer = 85.37.17.50 85.38.28.76 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
__________________
Mobo: asus p4s800 Cpu:intel pentium 2,8GHz Memory: Hd:1)maxtor 160 2)maxtor 320; Scheda video:Nvidia geforce mx; Dvd:1)hl-dt-st dvdramgsa4040b,2)hl-dt-strw/dvdgcc4521b |
|
|
|
|
13-12-2006, 15:13
|
#4336 | |
|
Senior Member
Iscritto dal: Oct 2004
Città: Milano
Messaggi: 2641
|
Quote:
__________________
FOXYLADY è un MASCHIO!! Un amico è una persona che sa tutto di te e nonostante questo gli piaci |
|
|
|
|
|
13-12-2006, 15:19
|
#4337 | |
|
Senior Member
Iscritto dal: Oct 2004
Città: Milano
Messaggi: 2641
|
Quote:
http://www.hwupgrade.it/forum/showthread.php?t=1356271 leggi tutta la discussione.
__________________
FOXYLADY è un MASCHIO!! Un amico è una persona che sa tutto di te e nonostante questo gli piaci |
|
|
|
|
|
13-12-2006, 15:27
|
#4338 | |
|
Senior Member
Iscritto dal: Jan 2003
Città: Prov. Bergamo
Messaggi: 371
|
Quote:
 Grazie sei un TESORO
__________________
ASUS M2N32 SLI De Luxe WIFI AMD 6400+ @3400Mhz 2x 8800Gts 320Mb @ 560/1250/900 3.5 Gb ADATA Vitesta 800Mhz raffreddamento Liquido Ybris K11+2k7 ALI Enermax 600W |
|
|
|
|
|
13-12-2006, 15:33
|
#4339 | |
|
Senior Member
Iscritto dal: Oct 2004
Città: Milano
Messaggi: 2641
|
Quote:
Fai anche uno scan antispyware. Per IE sinceramente non saprei che consigliarti Aspetta magari altri pareri, oppure apri una discussione specifica nel forum.
__________________
FOXYLADY è un MASCHIO!! Un amico è una persona che sa tutto di te e nonostante questo gli piaci |
|
|
|
|
|
13-12-2006, 15:34
|
#4340 | |
|
Senior Member
Iscritto dal: Oct 2004
Città: Milano
Messaggi: 2641
|
Quote:
__________________
FOXYLADY è un MASCHIO!! Un amico è una persona che sa tutto di te e nonostante questo gli piaci |
|
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 17:51.
